Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Starting from version 5.12.0 FIXEdge can prevent one of possible consequences of abnormal user behavior - exhaustion of system resources.

As an example, consider the case when client establishes connection, doesn't send logon message and repeats the steps nubmer of times. 

In this case, as for Linux, all file descriptors will be reserved so that new connections will be rejected with the following reason:

Code Block
themeConfluence
languagebash
[ERROR] 20160706-08:04:23.778 [140149185935104] [Engine] - Incoming TCP connection was exception : Cannot accept connection on port 9105. Please check settings ulimits in OS. Too many open files. (Error code = 24)

As for Windows, the dispatcher will hang because of increasing number of connections which need to be handled.

The case can be handled by configuring specific properties in FIXEdge.properties file which are responsible for TCP protection.

  • ProtectionTCP.Enabled = true 

    The property enables TCP protection. Valid values: true/false. Default value: ProtectionTCP.Enabled = true.

  • ProtectionTCP.WaitLogon = 30000 

    The property to specify connection timeout (in milliseconds) of waiting for logon. When the time comes out, the connection is closed with corresponding reason:

    Code Block
    themeConfluence
    languagebash
    [INFO]  20160706-07:40:53.032 [1274500] [Engine] - Logon message wasn't received in a given time interval(1000 ms) from 127.0.0.1:60376
    [INFO]  20160706-07:40:53.032 [1274500] [Engine] - Incoming TCP connection was closed (from 127.0.0.1:60376).

    Disable when equal to 0. Default value: ProtectionTCP.WaitLogon = 10000

    Note

    The property will be enabled only if ProtectionTCP.Enabled = true

 

  • ProtectionTCP.SizeWaitHostMax = 3

    The property to specify maximum of connections waiting for logon from one host. When the number of connections from the same host exceeds specified value of the property, new connections will be rejected with corresponding reason. 

    Code Block
    themeConfluence
    languagebash
    [INFO]  20160706-07:30:21.566 [1271868] [Engine] - Incoming TCP connection was rejected (from 127.0.0.1:60300). Excedeed limit of connections (3) from a single host.

    Disable when equal to 0. Default value: ProtectionTCP.SizeWaitHostMax = 5

    Note

    The property will be enabled only if ProtectionTCP.Enabled = true

 

ProtectionTCP.SizeBufferMax = 262144

Specifies the maximum size (in bytes) of the buffer to be able to avoid the situation when user sends high-loaded garbage. It is specified in FIXEdge.properties file:

Code Block
languagexml
ProtectionTCP.SizeBufferMax = 10000000

When the limit is exceeded, connection will be closed and corresponding reason will be written to the log.

Code Block
languagexml
[INFO] 20160706-07:21:19.809 [1271256] [Engine] - Incoming TCP connection was detected (from 127.0.0.1:60258).
[INFO] 20160706-07:21:19.965 [1271896] [Engine] - Exceeded buffer received limited(1000000 ) from 127.0.0.1:60258
[INFO] 20160706-07:21:19.966 [1271896] [Engine] - Incoming TCP connection was closed (from 127.0.0.1:60258).
Note

When connection is re-established after closure, Client will send Logon message with MsgSeqNum = <last outgoing sequence number> + 1. As a result, FIXEdge will send ResendRequest and will receive the same message which caused disconnection. Thus, connection will be closed again.

The minimum size of the property which can be specified is 262144. If a lower value is specified in the property, it will be replaced with 262144 on the start of the FIXEdge.

If 0 is specified, there is no limit for the size of the buffer.

Default value: ProtectionTCP.SizeBufferMax = 0.

...

Please see the article  How to configure TCP protection.