From 488d4a7290c1d3a12275c33e62acc576f81980cb Mon Sep 17 00:00:00 2001 From: Mark Craig <mark.craig@forgerock.com> Date: Fri, 08 Aug 2014 10:20:57 +0000 Subject: [PATCH] CR-4216 Fix for OPENDJ-1513: SDK xxxrate tools port exhaustion when using re-binded connections --- src/main/docbkx/dev-guide/man-searchrate.xml | 5 ++ src/main/docbkx/shared/informalexample-net-tweaks.xml | 83 +++++++++++++++++++++++++++++++++++++++++ src/main/docbkx/dev-guide/man-authrate.xml | 5 ++ src/main/docbkx/dev-guide/man-modrate.xml | 5 ++ 4 files changed, 95 insertions(+), 3 deletions(-) diff --git a/src/main/docbkx/dev-guide/man-authrate.xml b/src/main/docbkx/dev-guide/man-authrate.xml index 5ab634f..90bcfca 100644 --- a/src/main/docbkx/dev-guide/man-authrate.xml +++ b/src/main/docbkx/dev-guide/man-authrate.xml @@ -28,7 +28,8 @@ version='5.0' xml:lang='en' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://docbook.org/ns/docbook - http://docbook.org/xml/5.0/xsd/docbook.xsd'> + http://docbook.org/xml/5.0/xsd/docbook.xsd' + xmlns:xinclude='http://www.w3.org/2001/XInclude'> <info><copyright><year>2011-2014</year><holder>ForgeRock AS</holder></copyright></info> <refmeta> <refentrytitle>authrate</refentrytitle><manvolnum>1</manvolnum> @@ -57,6 +58,8 @@ bind DN by specifying the base DN and a filter. The retrieved entry DN will be appended as the last argument in the argument list when evaluating format strings.</para> + + <xinclude:include href="../shared/informalexample-net-tweaks.xml" /> </refsect1> <refsect1> <title>Options</title> diff --git a/src/main/docbkx/dev-guide/man-modrate.xml b/src/main/docbkx/dev-guide/man-modrate.xml index e4d8ac3..5f886ff 100644 --- a/src/main/docbkx/dev-guide/man-modrate.xml +++ b/src/main/docbkx/dev-guide/man-modrate.xml @@ -28,7 +28,8 @@ version='5.0' xml:lang='en' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://docbook.org/ns/docbook - http://docbook.org/xml/5.0/xsd/docbook.xsd'> + http://docbook.org/xml/5.0/xsd/docbook.xsd' + xmlns:xinclude='http://www.w3.org/2001/XInclude'> <info><copyright><year>2011-2014</year><holder>ForgeRock AS</holder></copyright></info> <refmeta> <refentrytitle>modrate</refentrytitle><manvolnum>1</manvolnum> @@ -54,6 +55,8 @@ <title>Description</title> <para>This utility can be used to measure modify throughput and response time of a directory service using user-defined modifications.</para> + + <xinclude:include href="../shared/informalexample-net-tweaks.xml" /> </refsect1> <refsect1> <title>Options</title> diff --git a/src/main/docbkx/dev-guide/man-searchrate.xml b/src/main/docbkx/dev-guide/man-searchrate.xml index 37d1cbc..5cffaf2 100644 --- a/src/main/docbkx/dev-guide/man-searchrate.xml +++ b/src/main/docbkx/dev-guide/man-searchrate.xml @@ -28,7 +28,8 @@ version='5.0' xml:lang='en' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://docbook.org/ns/docbook - http://docbook.org/xml/5.0/xsd/docbook.xsd'> + http://docbook.org/xml/5.0/xsd/docbook.xsd' + xmlns:xinclude='http://www.w3.org/2001/XInclude'> <info><copyright><year>2011-2014</year><holder>ForgeRock AS</holder></copyright></info> <refmeta> <refentrytitle>searchrate</refentrytitle><manvolnum>1</manvolnum> @@ -51,6 +52,8 @@ <title>Description</title> <para>This utility can be used to measure search throughput and response time of a directory service using user-defined searches.</para> + + <xinclude:include href="../shared/informalexample-net-tweaks.xml" /> </refsect1> <refsect1> <title>Options</title> diff --git a/src/main/docbkx/shared/informalexample-net-tweaks.xml b/src/main/docbkx/shared/informalexample-net-tweaks.xml new file mode 100644 index 0000000..93a1792 --- /dev/null +++ b/src/main/docbkx/shared/informalexample-net-tweaks.xml @@ -0,0 +1,83 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ! CCPL HEADER START + ! + ! This work is licensed under the Creative Commons + ! Attribution-NonCommercial-NoDerivs 3.0 Unported License. + ! To view a copy of this license, visit + ! http://creativecommons.org/licenses/by-nc-nd/3.0/ + ! or send a letter to Creative Commons, 444 Castro Street, + ! Suite 900, Mountain View, California, 94041, USA. + ! + ! You can also obtain a copy of the license at + ! trunk/opendj3/legal-notices/CC-BY-NC-ND.txt. + ! See the License for the specific language governing permissions + ! and limitations under the License. + ! + ! If applicable, add the following below this CCPL HEADER, with the fields + ! enclosed by brackets "[]" replaced with your own identifying information: + ! Portions Copyright [yyyy] [name of copyright owner] + ! + ! CCPL HEADER END + ! + ! Copyright 2014 ForgeRock AS + ! +--> +<informalexample xmlns='http://docbook.org/ns/docbook' version='5.0' xml:lang='en' + xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' + xsi:schemaLocation='http://docbook.org/ns/docbook + http://docbook.org/xml/5.0/xsd/docbook.xsd'> + + <para> + When you do not use the <option>-f</option> option + to keep connections open and rebinds on the connection, + the tool can exhaust the available ports and crash. + You can work around this problem on test systems + by changing TCP settings on the system. + </para> + + <para> + For example on Linux systems, set the following parameters + in the <filename>/etc/sysctl.conf</filename> file. + </para> + + <programlisting language="ini"> +net.ipv4.tcp_fin_timeout = 30 +net.ipv4.tcp_tw_recycle = 1 +net.ipv4.tcp_tw_reuse = 1 + </programlisting> + + <para> + The parameter <literal>net.ipv4.tcp_fin_timeout</literal> + sets how long to wait in seconds for a final FIN packet + before forcing a close of the socket. + The default is 60 (seconds). + </para> + + <para> + The parameter <literal>net.ipv4.tcp_tw_recycle</literal> + enables fast recycling of TIME_WAIT sockets. + The default is 0 (false). + Enabling this can cause Network Address Translation (NAT) issues. + </para> + + <para> + The parameter <literal>net.ipv4.tcp_tw_reuse</literal> + enables reuse of TIME_WAIT sockets for new connections. + The default is 0 (false). + </para> + + <para> + These settings are recommended only for testing, + and <emphasis>not for production systems</emphasis>. + </para> + + <para> + After making the changes to <filename>/etc/sysctl.conf</filename>, + reload the configuration with the <command>sysctl</command> command. + </para> + + <screen> +# sysctl -p + </screen> +</informalexample> -- Gitblit v1.10.0