ftp server socket listen backlog is limited - "listen backlog limit Vs kernel maxfile limit"

Anil Kumar thotamalla

New Member


Messages: 3

From ftp server code, we are limiting the connections to1024 (s.listen (1024) call), but when I do the sockstress tool test it overflowing the listen backlog limit to 12000+ connection. So my system reaching the kern.maxfile limit.
Overflow scenario is Vulnerable to the system with sockstress tool.

Now I want to limit the ftp connections to 1024 only, after 1024 connections it has REJECT the new connection how can I do that implementation ?

sysctl of my kernel info:
kern.ipc.soacceptqueue: 8192
kern.maxfilesperproc: 16000
kern.maxfiles: 16384

Could you please provide your inputs on why the connections are accepting after 1024, and is there any limit and relation between listen backlog limit and kern.maxfilesperproc limit?

what was the wrong in the below code implementation?


From project shrapnel, under directory old/ftpd, in source file ftp_server.py.

Code:
def _run (self):
       """Listens on the FTP port accepting connections and spawning sessions."""
        self.thread_id = coro.current().thread_id()
        s = coro.make_socket (socket.AF_INET, socket.SOCK_STREAM)
        try:
            s.set_reuse_addr()
            done = 0
            while not done:
                for x in xrange (5):
                    try:
                        was_eaddrinuse = 0
                        s.bind ((self.ip, self.port))
                    except OSError, why:
                        if why[0] == errno.EACCES:
                            coro.print_stderr(
                                'Access denied binding to %s:%i.  Are you running as root?\n' % (self.ip, self.port))
                            return
                        elif why[0] == errno.EADDRINUSE:
                            was_eaddrinuse = 1
                        elif why[0] != errno.EADDRNOTAVAIL:
                            raise
                    else:
                        done = 1
                        break
                    coro.sleep_relative (1)
                else:
                    coro.print_stderr ("cannot bind to %s:%d after 5 attempts\n" % (self.ip, self.port))
                    if was_eaddrinuse:
                        qlog.write('FTPD.PORT_IN_USE',
                                   self.ip, str(self.port))
                    coro.sleep_relative (15)
            s.listen (1024)
            while 1:
                conn_list = s.accept_many()
                for conn, addr in conn_list:
                    qlog.write('FTPD.CONNECTION', self.session_id, addr[0], self.ip)
                    session = self.channel (self, conn, addr, self.session_id)
                    self.session_id += 1
                    thread = coro.spawn (session.run)
                    thread.set_name (
                        "%s_%d" % (
[DEL][/DEL]                            session.__class__.__name__,
                            thread.thread_id()
                        )
                    )
                    self.clients.append(session)
        finally:
            s.close()

Ref :
http://www.programcreek.com/python/example/16604/errno.EADDRNOTAVAIL
Thanks & Regards,
 
Top