diff --git a/hbase-common/src/main/resources/hbase-default.xml b/hbase-common/src/main/resources/hbase-default.xml index 7ff4cc2..67ef84b 100644 --- a/hbase-common/src/main/resources/hbase-default.xml +++ b/hbase-common/src/main/resources/hbase-default.xml @@ -953,6 +953,25 @@ possible configurations would overwhelm and obscure the important. + hbase.regionserver.thrift.framed + true + Use Thrift TFramedTransport on the server side. + This is the recommended transport for thrift servers and requires a similar setting + on the client side. Changing this to false will select the default transport, + vulnerable to DoS when malformed requests are issued due to THRIFT-601. + + + + hbase.regionserver.thrift.framed.max_frame_size_in_mb + 2 + Default frame size when using framed transport + + + hbase.regionserver.thrift.compact + true + Use Thrift TCompactProtocol binary serialization protocol. + + hbase.offheapcache.percentage 0 The percentage of the off heap space (-XX:MaxDirectMemorySize) to be diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java index 67fda02..4ddb6f8 100644 --- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java +++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java @@ -118,6 +118,7 @@ public class ThriftServerRunner implements Runnable { static final String BIND_CONF_KEY = "hbase.regionserver.thrift.ipaddress"; static final String COMPACT_CONF_KEY = "hbase.regionserver.thrift.compact"; static final String FRAMED_CONF_KEY = "hbase.regionserver.thrift.framed"; + static final String MAX_FRAME_SIZE_CONF_KEY = "hbase.regionserver.thrift.framed.max_frame_size_in_mb"; static final String PORT_CONF_KEY = "hbase.regionserver.thrift.port"; static final String COALESCE_INC_KEY = "hbase.regionserver.thrift.coalesceIncrement"; @@ -283,7 +284,8 @@ public class ThriftServerRunner implements Runnable { // Construct correct TransportFactory TTransportFactory transportFactory; if (conf.getBoolean(FRAMED_CONF_KEY, false) || implType.isAlwaysFramed) { - transportFactory = new TFramedTransport.Factory(); + transportFactory = new TFramedTransport.Factory( + conf.getInt(MAX_FRAME_SIZE_CONF_KEY, 2) * 1024 * 1024); LOG.debug("Using framed transport"); } else { transportFactory = new TTransportFactory(); diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java index cbd636c..c2fed8f 100644 --- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java +++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java @@ -125,10 +125,10 @@ public class ThriftServer { } } - private static TTransportFactory getTTransportFactory(boolean framed) { + private static TTransportFactory getTTransportFactory(boolean framed, int frameSize) { if (framed) { log.debug("Using framed transport"); - return new TFramedTransport.Factory(); + return new TFramedTransport.Factory(frameSize); } else { return new TTransportFactory(); } @@ -274,7 +274,8 @@ public class ThriftServer { boolean framed = cmd.hasOption("framed") || conf.getBoolean("hbase.regionserver.thrift.framed", false) || nonblocking || hsha; - TTransportFactory transportFactory = getTTransportFactory(framed); + TTransportFactory transportFactory = getTTransportFactory(framed, + conf.getInt("hbase.regionserver.thrift.framed.max_frame_size_in_mb", 2) * 1024 * 1024); InetSocketAddress inetSocketAddress = bindToPort(cmd.getOptionValue("bind"), listenPort); conf.setBoolean("hbase.regionserver.thrift.framed", framed);