C++ Broker: Add limits to connections from users/hosts.
Review Request #4857 - Created April 24, 2012 and updated
One user can consume all connections to the broker as a denial of service attack. This patch provides command line limits to the number of connections made by an individual user or by a host computer. The user is tracked by the connection user name and hosts are tracked by the client computer's IP address as seen in the connection's management ID. This code uses the broker::ConnectionObserver facility. This patch does NOT time out lower level socket connections such as when a user telnets in to the qpid broker socket and then transfers no data. To effect this function requires the addition of a transport/socket observer facility similar to the ConnectionObserver or to have those functions built into the lower layers. This code is added as part of the ACL plugin. If the ACL plugin is not loaded then the functions are unavaliable and there is zero performance impact. Individual tracking limits may be disabled by setting their AclOptions values to 0.
in the works - to be tested as part of acl.py suite.