Last active
May 12, 2017 04:17
-
-
Save yoppi/4929bfd85851d77b30d18110bd5898e7 to your computer and use it in GitHub Desktop.
DoS for TCP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| "flag" | |
| "fmt" | |
| "net" | |
| "runtime" | |
| "strconv" | |
| "sync" | |
| "time" | |
| ) | |
| var workerNum int | |
| var host string | |
| var port string | |
| var wg sync.WaitGroup | |
| const maxConn = 10000 | |
| func init() { | |
| flag.IntVar(&workerNum, "worker", 8, "Number of worker") | |
| flag.StringVar(&host, "host", "127.0.0.1", "Host for server") | |
| flag.StringVar(&port, "port", "6379", "Port for server") | |
| flag.Parse() | |
| } | |
| func getGoroutineID() uint64 { | |
| b := make([]byte, 64) | |
| b = b[:runtime.Stack(b, false)] | |
| b = bytes.TrimPrefix(b, []byte("goroutine ")) | |
| b = b[:bytes.IndexByte(b, ' ')] | |
| n, _ := strconv.ParseUint(string(b), 10, 64) | |
| return n | |
| } | |
| func tcpDos() { | |
| var connSize int | |
| var connErr int | |
| //var conns map[int]net.Conn // fd : net.Conn | |
| startAt := time.Now().UnixNano() | |
| connCh := make(chan net.Conn) | |
| ticker := time.Tick(100 * time.Microsecond) | |
| for { | |
| if connSize >= maxConn { | |
| fmt.Printf("[%d] TIME:%f CONN:%d ERR:%d\n", getGoroutineID(), (float32)(time.Now().UnixNano()-startAt)/1000000000.0, connSize, connErr) | |
| wg.Done() | |
| break | |
| } | |
| select { | |
| case <-connCh: | |
| connSize++ | |
| case <-ticker: | |
| go func() { | |
| conn, err := net.Dial("tcp", host+":"+port) | |
| if err != nil { | |
| connErr++ | |
| // do we close connection? | |
| } else { | |
| connCh <- conn | |
| } | |
| }() | |
| } | |
| } | |
| } | |
| func main() { | |
| for i := 0; i < workerNum; i++ { | |
| wg.Add(1) | |
| go tcpDos() | |
| } | |
| wg.Wait() | |
| } |
memcachedで -c オプションを付け忘れてしまっていた。
$ ./main -port 11211 # memcached -t 1 -c 10000 -d
[10] TIME:6.396081 CONN:10000 ERR:0
[12] TIME:6.398925 CONN:10000 ERR:0
[5] TIME:6.425556 CONN:10000 ERR:0
[8] TIME:6.439693 CONN:10000 ERR:0
[6] TIME:6.448411 CONN:10000 ERR:0
[11] TIME:6.448479 CONN:10000 ERR:0
[9] TIME:6.453142 CONN:10000 ERR:0
[7] TIME:6.456842 CONN:10000 ERR:0
うーん。やっぱりmemcached速い。
Redisのsrc/networking.cのMAX_ACCEPTS_PER_CALLを1000から10000にすると若干パフォーマンスを上げられる。
$ ./main
[12] TIME:24.675478 CONN:10000 ERR:0
[6] TIME:24.675638 CONN:10000 ERR:0
[5] TIME:24.680416 CONN:10000 ERR:0
[10] TIME:24.680794 CONN:10000 ERR:0
[11] TIME:24.686491 CONN:10000 ERR:0
[7] TIME:24.686701 CONN:10000 ERR:0
[9] TIME:24.686735 CONN:10000 ERR:0
[8] TIME:24.702139 CONN:10000 ERR:0
redis遅いのなんとなくわかってきた、気がする。コネクションのたびにclientをfreeするが、コネクションをdouble linked listで管理していてそこの計算に毎回O(n)かかってしまうので、同時接続数が増えるとここのコストで圧迫される感じがする。
memdは特に何もしてなくてコネクションの状態が変わったらclose、みたいな感じでシンプル。
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dockerのコンテナは
net.core.somaxconnのデフォルト値が128ということを把握していなかった。 --sysctlオプションで65535に増やして再度ベンチするとRedis優位という結果に。Redis
memcached