ring

查看网络丢包 $ sudo tcpdump -i eth0 port 22 and "tcp[tcpflags] & (tcp-syn) != 0" 网络丢包的原因 防火墙拦截 查看iptables filter表，确认是否有相应规则会导致此丢包行为： $ sudo iptables-save -t filter 连接跟踪表溢出 通过dmesg可以确认是否有该情况发生： $ dmesg |grep nf_conntrack 如果输出值中有“nf_conntrack: table full, dropping packet”，说 明服务器nf_conntrack表已经被打满。 通过/proc文件系统查看nf_conntrack表实时状态： # 查看nf_conntrack表最大连接数 $ cat /proc/sys/net/netfilter/nf_conntrack_max 65536 # 查看nf_conntrack表当前连接数 $ cat /proc/sys/net/netfilter/nf_conntrack_count 7611 如何解决 如果确认服务器因连接跟踪表溢出而开始丢包，首先需要查看具体连接判断是否正遭受DOS攻击，如果是正常的业务流量造成，可以考虑调整nf_conntrack的参数： nf_conntrack_max决定连接跟踪表的大小，默认值是65535

序 本文主要研究一下rocketmq的AllocateMessageQueueConsistentHash AllocateMessageQueueStrategy rocketmq-client-4.5.2-sources.jar!/org/apache/rocketmq/client/consumer/AllocateMessageQueueStrategy.java public interface AllocateMessageQueueStrategy { /** * Allocating by consumer id * * @param consumerGroup current consumer group * @param currentCID current consumer id * @param mqAll message queue set in current topic * @param cidAll consumer set in current consumer group * @return The allocate result of given strategy */ List<MessageQueue> allocate( final String consumerGroup, final String currentCID, final

I'm attempting to implement the Ring-Anti-Forgery library via setting the X-CSRF-Token in the header. Since I am using static html files I found the built-in hiccup helper, which sets the token in the form, to be useless. This is my first stab at using Clojure for web development so I'm guessing that I am completely missing what should be obvious to someone with experience. The instructions from the README state: The middleware also looks for the token in the X-CSRF-Token and X-XSRF-Token header fields. This behavior can be customized further using the :read-token option: (defn get-custom

I want to use post to update a database and don't want people doing it manually, i.e., it should only be possible through AJAX in a client. Is there some well known cryptographic trick to use in this scenario? Say I'm issuing a GET request to insert a new user into my database at site.com/adduser/<userid> . Someone could overpopulate my database by issuing fake requests. There is no way to avoid forged requests in this case, as the client browser already has everything necessary to make the request; it is only a matter of some debugging for a malicious user to figure out how to make arbitrary