Hi,
While digging around LVS code, I saw this is_overloaded() function, that
is present in many schedulers (dh, sh, lblc, lblcr) :
static inline int is_overloaded(struct ip_vs_dest *dest)
{
if (atomic_read(&dest->activeconns) >
atomic_read(&dest->weight)*2) {
return 1;
}
return 0;
}
This code seems to prevent scheduling to a real server if it has
more than twice its weight of active connections.
I see two problems here :
- it is an implicit limitation of connections (ok it's why
the function is here). There is no information about that in man...
Moreover an attacker could open a lot of connections and disable a
real server.
- there is a comparison of two values that I think are not
equivalent and can't be compared.
Is this function really needed ?
If ratz per real server limitation threshold get to LVS (and I hope
so...), this function will be redondant.
Regards,
Ben.
--
Unix IS user friendly, it is just selective about who his friends are.
Anonymous
|