diff --git a/hbase-common/src/main/resources/hbase-default.xml b/hbase-common/src/main/resources/hbase-default.xml
index 7ff4cc2..da9ca00 100644
--- a/hbase-common/src/main/resources/hbase-default.xml
+++ b/hbase-common/src/main/resources/hbase-default.xml
@@ -953,6 +953,25 @@ possible configurations would overwhelm and obscure the important.
+ hbase.regionserver.thrift.framed
+ false
+ Use Thrift TFramedTransport on the server side.
+ This is the recommended transport for thrift servers and requires a similar setting
+ on the client side. Changing this to false will select the default transport,
+ vulnerable to DoS when malformed requests are issued due to THRIFT-601.
+
+
+
+ hbase.regionserver.thrift.framed.max_frame_size_in_mb
+ 2
+ Default frame size when using framed transport
+
+
+ hbase.regionserver.thrift.compact
+ false
+ Use Thrift TCompactProtocol binary serialization protocol.
+
+
hbase.offheapcache.percentage
0
The percentage of the off heap space (-XX:MaxDirectMemorySize) to be
diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
index 67fda02..4ddb6f8 100644
--- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
+++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
@@ -118,6 +118,7 @@ public class ThriftServerRunner implements Runnable {
static final String BIND_CONF_KEY = "hbase.regionserver.thrift.ipaddress";
static final String COMPACT_CONF_KEY = "hbase.regionserver.thrift.compact";
static final String FRAMED_CONF_KEY = "hbase.regionserver.thrift.framed";
+ static final String MAX_FRAME_SIZE_CONF_KEY = "hbase.regionserver.thrift.framed.max_frame_size_in_mb";
static final String PORT_CONF_KEY = "hbase.regionserver.thrift.port";
static final String COALESCE_INC_KEY = "hbase.regionserver.thrift.coalesceIncrement";
@@ -283,7 +284,8 @@ public class ThriftServerRunner implements Runnable {
// Construct correct TransportFactory
TTransportFactory transportFactory;
if (conf.getBoolean(FRAMED_CONF_KEY, false) || implType.isAlwaysFramed) {
- transportFactory = new TFramedTransport.Factory();
+ transportFactory = new TFramedTransport.Factory(
+ conf.getInt(MAX_FRAME_SIZE_CONF_KEY, 2) * 1024 * 1024);
LOG.debug("Using framed transport");
} else {
transportFactory = new TTransportFactory();
diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java
index cbd636c..c2fed8f 100644
--- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java
+++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java
@@ -125,10 +125,10 @@ public class ThriftServer {
}
}
- private static TTransportFactory getTTransportFactory(boolean framed) {
+ private static TTransportFactory getTTransportFactory(boolean framed, int frameSize) {
if (framed) {
log.debug("Using framed transport");
- return new TFramedTransport.Factory();
+ return new TFramedTransport.Factory(frameSize);
} else {
return new TTransportFactory();
}
@@ -274,7 +274,8 @@ public class ThriftServer {
boolean framed = cmd.hasOption("framed") ||
conf.getBoolean("hbase.regionserver.thrift.framed", false) || nonblocking || hsha;
- TTransportFactory transportFactory = getTTransportFactory(framed);
+ TTransportFactory transportFactory = getTTransportFactory(framed,
+ conf.getInt("hbase.regionserver.thrift.framed.max_frame_size_in_mb", 2) * 1024 * 1024);
InetSocketAddress inetSocketAddress = bindToPort(cmd.getOptionValue("bind"), listenPort);
conf.setBoolean("hbase.regionserver.thrift.framed", framed);