erlang R17带来了新的socket选项{active,N} ,与{active,once}一起为应用层提供流量控制。为什么要多了这个选项,{active,once}不是可以有效抑制大量socket消息吗?
我们知道,{active,once}在每次接收到包都要重新设置active选项,才能继续接收erlang的消息通知。实际上,每次设定{active,once}都意味着调用一次epoll_ctl, 如果请求过于频繁,就会有大量的epoll_ctl调用。erlang目前只有一个线程会收割epoll_wait事件,epoll_wait要轮询已经就绪的ctl队列,如果大量的ctl事件将会阻塞了epoll_wait的操作,造成网络处理能力的下降。
那么,我们能不能设定接收N个的socket消息后再执行一次epoll_ctl,这样可以有效减少epoll_ctl的调用,{active,N}就是这样出现的。
下面来看一下{active,N}的说明
Add the {active,N} socket option for TCP, UDP, and SCTP,where N is an integer in the range -32768..32767, to allow a caller to specify the number of data messages to be delivered to the controlling process. Once the
socket‘s delivered message count either reaches 0 or is explicitly set to 0 with inet:setopts/2 or by including {active,0} as an option when the socket is created, the socket transitions to passive({active, false}) mode and the socket‘s controlling process receives
a message to inform it of the transition. TCP sockets receive {tcp_passive,Socket}, UDP sockets receive {udp_passive,Socket} and SCTP sockets receive {sctp_passive,Socket}.
The socket‘s delivered message counter defaults to 0, but it can be set using {active,N} via any gen_tcp, gen_udp, or gen_sctp function that takes socket options as arguments, or via inet:setopts/2. New N values are added to the socket‘s current counter value,
and negative numbers can be used to reduce the counter value. Specifying a number that would cause the socket‘s counter value to go above 32767 causes an einval error. If a negative number is specified such that the counter value would become negative, the
socket‘s counter value is set to 0 and the socket transitions to passive mode. If the counter value is already 0 and inet:setopts(Socket, [{active,0}]) is specified, the counter value remains at 0 but the appropriate passive mode transition message is generated
for the socket.
设定了{active,N}选项后,进程在接收了N个包后,会收到{tcp_passive, Socket}消息,意味着这个Socket进入被动模式,需要重新设置active选项。
接下来,在实际的例子中测试这个参数:
-module(server).
-export([start/0]).
-export([continue/1]).
-define( PORT, 8888).
start() ->
{ok, LSock} = gen_tcp:listen(?PORT, [binary, {packet, 0},{active, false}]),
io:format("socket listen: ~p on ~p ~n",[LSock, ?PORT]),
accept(LSock).
accept(LSock) ->
{ok, ASock} = gen_tcp:accept(LSock),
Pid = spawn(fun() -> do_loop(ASock) end),
gen_tcp:controlling_process(ASock, Pid),
inet:setopts(ASock, [{active, 3}]),
accept(LSock).
do_loop(ASock) ->
receive
{tcp, Socket, Data} ->
io:format("socket ~p recv: ~p ~n",[Socket, Data]);
{tcp_closed, Socket} ->
io:format("socket ~p close ~n",[Socket]);
{tcp_passive,Socket} ->
io:format("socket ~p is passive, please call continue/1 ~p ~n",[Socket, self()]);
release_passive ->
inet:setopts(ASock, [{active, 3}]);
Err ->
io:format("socket may error: ~p ~n",[Err])
end,
do_loop(ASock).
continue(Pid) ->
Pid ! release_passive,
ok.
编译启动这个模块后,我们创建一个客户端来请求这个服务端:
1> f(S), {ok,S} = gen_tcp:connect({127,0,0,1},8888,[{packet,0}]).
{ok,#Port<0.526>}
2> gen_tcp:send(S,<<"hello">>).
ok
3> gen_tcp:send(S,<<"hello">>).
ok
4> gen_tcp:send(S,<<"hello">>).
ok
5> gen_tcp:send(S,<<"hello">>).
ok
服务端控制台打印了这样的信息:
D:\tmp>erl -s server socket listen: #Port<0.422> on 8888 Eshell V6.0 (abort with ^G) 1> socket #Port<0.479> recv: <<"hello">> 1> socket #Port<0.479> recv: <<"hello">> 1> socket #Port<0.479> recv: <<"hello">> 1> socket #Port<0.479> is passive, please call continue/1 <0.33.0> 1> server:continue(pid(0,33,0)). socket #Port<0.479> recv: <<"hello">> ok 2>
在上面的例子中,我们设定了{active,3}的选项,在接收到客户端3次数据后,socket进入了passive状态,在重新设置{active,N}后继续接收tcp消息。
那么,如何在实际项目中运用{active,N}选项?
inet:setopts(Socket, [{active, 300}]),
erlang:send_after(30 * 1000, self(), release_passive);
大概思路是,在30秒内最多接收300个包,超过就不接收,等待这30秒完成后继续接收,如此反复。
利用这点还可以加多一个计数器,如果超过10次进入passive状态,说明这个Socket存在问题,有攻击的行为。
参考:
http://blog.csdn.net/mycwq/article/details/24814843
http://www.erlang.org/download/otp_src_17.0.readme
http://blog.yufeng.info/archives/2970
erlang R17新socket选项{active,N}