From ftp server code, we are limiting the connections to1024 (s.listen (1024) call), but when I do the sockstress tool test it overflowing the listen backlog limit to 12000+ connection. So my system reaching the kern.maxfile limit.
Overflow scenario is Vulnerable to the system with sockstress tool.
Now I want to limit the ftp connections to 1024 only, after 1024 connections it has REJECT the new connection how can I do that implementation ?
sysctl of my kernel info:
kern.ipc.soacceptqueue: 8192
kern.maxfilesperproc: 16000
kern.maxfiles: 16384
Could you please provide your inputs on why the connections are accepting after 1024, and is there any limit and relation between listen backlog limit and kern.maxfilesperproc limit?
what was the wrong in the below code implementation?
From project shrapnel, under directory old/ftpd, in source file ftp_server.py.
Thanks & Regards,
Overflow scenario is Vulnerable to the system with sockstress tool.
Now I want to limit the ftp connections to 1024 only, after 1024 connections it has REJECT the new connection how can I do that implementation ?
sysctl of my kernel info:
kern.ipc.soacceptqueue: 8192
kern.maxfilesperproc: 16000
kern.maxfiles: 16384
Could you please provide your inputs on why the connections are accepting after 1024, and is there any limit and relation between listen backlog limit and kern.maxfilesperproc limit?
what was the wrong in the below code implementation?
From project shrapnel, under directory old/ftpd, in source file ftp_server.py.
Code:
def _run (self):
"""Listens on the FTP port accepting connections and spawning sessions."""
self.thread_id = coro.current().thread_id()
s = coro.make_socket (socket.AF_INET, socket.SOCK_STREAM)
try:
s.set_reuse_addr()
done = 0
while not done:
for x in xrange (5):
try:
was_eaddrinuse = 0
s.bind ((self.ip, self.port))
except OSError, why:
if why[0] == errno.EACCES:
coro.print_stderr(
'Access denied binding to %s:%i. Are you running as root?\n' % (self.ip, self.port))
return
elif why[0] == errno.EADDRINUSE:
was_eaddrinuse = 1
elif why[0] != errno.EADDRNOTAVAIL:
raise
else:
done = 1
break
coro.sleep_relative (1)
else:
coro.print_stderr ("cannot bind to %s:%d after 5 attempts\n" % (self.ip, self.port))
if was_eaddrinuse:
qlog.write('FTPD.PORT_IN_USE',
self.ip, str(self.port))
coro.sleep_relative (15)
s.listen (1024)
while 1:
conn_list = s.accept_many()
for conn, addr in conn_list:
qlog.write('FTPD.CONNECTION', self.session_id, addr[0], self.ip)
session = self.channel (self, conn, addr, self.session_id)
self.session_id += 1
thread = coro.spawn (session.run)
thread.set_name (
"%s_%d" % (
[DEL][/DEL] session.__class__.__name__,
thread.thread_id()
)
)
self.clients.append(session)
finally:
s.close()
Ref :
http://www.programcreek.com/python/example/16604/errno.EADDRNOTAVAILThanks & Regards,