-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Frang limit: connection_burst does not work #1649
Comments
The burst of connections is taken into account in the 125 ms quantum. Curl is quite heavy for this, so it doesn't seem to work. I made tests based on ab. |
When the Warning for 3 connection and config
Expected: |
The pcap log contains encrypted data, so it's hard to say where is which HTTP requests and responses. I also can't locate the test: github shows https://github.com/tempesta-tech/tempesta-test/blob/f90df946f8d9394fd60c75e75ccfebc12124e015/t_frang/test_connection_rate_burst.py#L114 as in a nonexistent branch. So I couldn't test the test. Was the test removed from I doubt that deproxy is a reliable tool to test bursts. Burst limits work within 125ms frames, i.e. the test needs to send 2 requests consequently within 125ms and Tempesta FW must also process them within the time frame. I think There is a misconception in the configuration:
1.5s is probably the consequence of the |
I created #1749 to finally solve the problem with overwhelming log messages. |
@RomanBelozerov BTW keep #1664 in mind - this might affect some of the tests from #265. |
This is
135, 137, 141 - 3 clients send requests. I also didn't see the RST flag in TCP packages. |
Moved from tempesta-tech/tempesta-test#240 by @KonsKo
Frang limit
connection_burst
does not work properly.Client: curl
backend: nginx
Curl request:
'-Ikf -v <url> -H "Host: tempesta-tech.com:8765" -H "Connection: close"'
Tempesta:
docs https://github.com/tempesta-tech/tempesta/wiki/HTTP-security#connection-level-limits
connection_rate
- I checked with 5 requests delayed with 0.125 sec between them (for purpose to not reachconnection_burst
limit) and everything works as expected. I checkedjournalctl
and got expected warningconnection_burst
- I checked with 3 requests NOT delayed with 0.125 sec between them. I checkedjournalctl
and DID NOT get expected warningconnection_burst
- I checked with 5 requests NOT delayed with 0.125 sec between them. I checkedjournalctl
and got warning related toconnection_rate
I use same approach for
request_rate
andrequest_burst
- everything works as expected.The text was updated successfully, but these errors were encountered: