DISPATCH-311: change default connection count values from 0 to 65535.
Stop treating 0 as magic 'connection counting disabled' value.
diff --git a/python/qpid_dispatch/management/qdrouter.json b/python/qpid_dispatch/management/qdrouter.json
index 9c17241..a465550 100644
--- a/python/qpid_dispatch/management/qdrouter.json
+++ b/python/qpid_dispatch/management/qdrouter.json
@@ -1348,7 +1348,7 @@
"attributes": {
"maxConnections": {
"type": "integer",
- "default": 0,
+ "default": 65535,
"description": "Global maximum number of concurrent client connections allowed. This limit is always enforced even if no other policy settings have been defined.",
"required": false,
"create": true
@@ -1356,7 +1356,7 @@
"enableVhostPolicy": {
"type": "boolean",
"default": false,
- "description": "Enable vhost policy connection denial, and resource limit enforcement",
+ "description": "Enable vhost policy user groups, connection denial, and resource limit enforcement",
"required": false,
"create": true
},
@@ -1392,22 +1392,22 @@
},
"maxConnections": {
"type": "integer",
- "default": 0,
- "description": "Maximum number of concurrent client connections allowed. Zero implies no limit.",
+ "default": 65535,
+ "description": "Maximum number of concurrent client connections allowed.",
"required": false,
"create": true
},
"maxConnectionsPerUser": {
"type": "integer",
- "default": 0,
- "description": "Maximum number of concurrent client connections allowed for any single user. Zero implies no limit.",
+ "default": 65535,
+ "description": "Maximum number of concurrent client connections allowed for any single user.",
"required": false,
"create": true
},
"maxConnectionsPerHost": {
"type": "integer",
- "default": 0,
- "description": "Maximum number of concurrent client connections allowed for any remote host. Zero implies no limit.",
+ "default": 65535,
+ "description": "Maximum number of concurrent client connections allowed for any remote host.",
"required": false,
"create": true
},
diff --git a/python/qpid_dispatch_internal/policy/policy_local.py b/python/qpid_dispatch_internal/policy/policy_local.py
index d9af6a1..9b34f0f 100644
--- a/python/qpid_dispatch_internal/policy/policy_local.py
+++ b/python/qpid_dispatch_internal/policy/policy_local.py
@@ -273,9 +273,9 @@
"""
cerror = []
# rulesets may not come through standard config so make nice defaults
- policy_out[PolicyKeys.KW_MAXCONN] = 0
- policy_out[PolicyKeys.KW_MAXCONNPERHOST] = 0
- policy_out[PolicyKeys.KW_MAXCONNPERUSER] = 0
+ policy_out[PolicyKeys.KW_MAXCONN] = 65535
+ policy_out[PolicyKeys.KW_MAXCONNPERHOST] = 65535
+ policy_out[PolicyKeys.KW_MAXCONNPERUSER] = 65535
policy_out[PolicyKeys.KW_USER_GROUPS] = {}
policy_out[PolicyKeys.KW_INGRESS_HOST_GROUPS] = {}
policy_out[PolicyKeys.KW_INGRESS_POLICIES] = {}
diff --git a/python/qpid_dispatch_internal/policy/policy_util.py b/python/qpid_dispatch_internal/policy/policy_util.py
index 1cb09d3..bacd078 100644
--- a/python/qpid_dispatch_internal/policy/policy_util.py
+++ b/python/qpid_dispatch_internal/policy/policy_util.py
@@ -293,9 +293,9 @@
if host in self.per_host_state:
n_host = len(self.per_host_state[host])
- allowbytotal = self.max_total == 0 or self.connections_active < self.max_total
- allowbyuser = self.max_per_user == 0 or n_user < self.max_per_user
- allowbyhost = self.max_per_host == 0 or n_host < self.max_per_host
+ allowbytotal = self.connections_active < self.max_total
+ allowbyuser = n_user < self.max_per_user
+ allowbyhost = n_host < self.max_per_host
if allowbytotal and allowbyuser and allowbyhost:
if not user in self.per_user_state:
diff --git a/src/policy.c b/src/policy.c
index aa67964..4786446 100644
--- a/src/policy.c
+++ b/src/policy.c
@@ -82,7 +82,7 @@
policy->qd = qd;
policy->log_source = qd_log_source("POLICY");
- policy->max_connection_limit = 0;
+ policy->max_connection_limit = 65535;
policy->policyDir = 0;
policy->enableVhostPolicy = false;
policy->connections_processed= 0;
@@ -110,7 +110,7 @@
qd_error_t qd_entity_configure_policy(qd_policy_t *policy, qd_entity_t *entity)
{
- policy->max_connection_limit = qd_entity_opt_long(entity, "maxConnections", 0); CHECK();
+ policy->max_connection_limit = qd_entity_opt_long(entity, "maxConnections", 65535); CHECK();
if (policy->max_connection_limit < 0)
return qd_error(QD_ERROR_CONFIG, "maxConnections must be >= 0");
policy->policyDir =
@@ -192,22 +192,15 @@
{
qd_policy_t *policy = (qd_policy_t *)context;
bool result = true;
-
- if (policy->max_connection_limit == 0) {
- // Policy not in force; connection counted and allowed
+ if (n_connections < policy->max_connection_limit) {
+ // connection counted and allowed
n_connections += 1;
+ qd_log(policy->log_source, QD_LOG_TRACE, "ALLOW Connection '%s' based on global connection count. N= %d", hostname, n_connections);
} else {
- // Policy in force
- if (n_connections < policy->max_connection_limit) {
- // connection counted and allowed
- n_connections += 1;
- qd_log(policy->log_source, QD_LOG_TRACE, "ALLOW Connection '%s' based on global connection count. N= %d", hostname, n_connections);
- } else {
- // connection denied
- result = false;
- n_denied += 1;
- qd_log(policy->log_source, QD_LOG_INFO, "DENY Connection '%s' based on global connection count. N= %d", hostname, n_connections);
- }
+ // connection denied
+ result = false;
+ n_denied += 1;
+ qd_log(policy->log_source, QD_LOG_INFO, "DENY Connection '%s' based on global connection count. N= %d", hostname, n_connections);
}
n_processed += 1;
return result;
@@ -247,11 +240,9 @@
}
qd_python_unlock(lock_state);
}
- if (policy->max_connection_limit > 0) {
- const char *hostname = qdpn_connector_name(conn->pn_cxtr);
- qd_log(policy->log_source, QD_LOG_DEBUG, "Connection '%s' closed with resources n_sessions=%d, n_senders=%d, n_receivers=%d. N= %d.",
- hostname, conn->n_sessions, conn->n_senders, conn->n_receivers, n_connections);
- }
+ const char *hostname = qdpn_connector_name(conn->pn_cxtr);
+ qd_log(policy->log_source, QD_LOG_DEBUG, "Connection '%s' closed with resources n_sessions=%d, n_senders=%d, n_receivers=%d. nConnections= %d.",
+ hostname, conn->n_sessions, conn->n_senders, conn->n_receivers, n_connections);
}
