服务器问答

ab的原理是?能否造成DoS攻击?
0
2021-05-18 16:52:24
idczone
今天刚接触服务器压力测试,尝试了一下apache的ab。

想问下各位大神,ab的原理是怎么样的啊?

是不是发一个get请求然后大带宽服务器等待对方返回200就算完成了一次?

那如果不停的对一个url进行ab测试,是否会带来服务器资源过载?造成小型的DoS?
一般做压力测试要内网环境,就是访问的瓶颈不应该在网络状况而应该在应用本身。
所以ab去做dos话意义不大,你就那么点带宽嘛

而且nginx里面稍微设置一下就可以拒绝同一个IP地址对同一个url的并发请求

在实现技术上,它是使用APR(Apache portable Run-time libraries)来进行异步网络收发。
参数-c 控制并发连接数,每个连接可以简单认为就是一个GET,对于回复2xx的请求表示成功。使用keep-alive的会保持连接否则重连~
主要就这些了。
DoS... 你D你的虚拟机或许行。



谢谢,懂鸟!

可以看一下ab.c的源代码:
http://svn.apache.org/repos/asf/httpd/httpd/trunk/support/ab.c
重点是static void test(void)函数的实现,其中这几句是关键:
for (i = 0; i < concurrency; i++) {
con[i].socknum = i;
start_connect(&con[i]);
}
do {
apr_int32_t n;
const apr_pollfd_t *pollresults, *pollfd;
n = concurrency;
do {
status = apr_pollset_poll(readbits, aprtimeout, &n, &pollresults);
} while (APR_STATUS_IS_EINTR(status));
if (status != APR_SUCCESS)
apr_err("apr_pollset_poll", status);
for (i = 0, pollfd = pollresults; i < n; i++, pollfd++) {
struct connection *c;
c = pollfd->client_data;
/*
* If the connection isn't connected how can we check it?
*/
if (c->state == STATE_UNCONNECTED)
continue;
rtnev = pollfd->rtnevents;
USE_SSL
if (c->state == STATE_CONNECTED && c->ssl && SSL_in_init(c->ssl)) {
ssl_proceed_handshake(c);
continue;
}
/*
* Notes: APR_POLLHUP is set after FIN is received on some
* systems, so treat that like APR_POLLIN so that we try to read
* again.
*
* Some systems return APR_POLLERR with APR_POLLHUP. We need to
* call read_connection() for APR_POLLHUP, so check for
* APR_POLLHUP first so that a closed connection isn't treated
* like an I/O error. If it is, we never figure out that the
* connection is done and we loop here endlessly calling
* apr_poll().
*/
if ((rtnev & APR_POLLIN) || (rtnev & APR_POLLPRI) || (rtnev & APR_POLLHUP))
read_connection(c);
if ((rtnev & APR_POLLERR) || (rtnev & APR_POLLNVAL)) {
bad++;
err_except++;
/* avoid apr_poll/EINPROGRESS loop on HP-UX, let recv discover ECONNREFUSED */
if (c->state == STATE_CONNECTING) {
read_connection(c);
}
else {
start_connect(c);
}
continue;
}
if (rtnev & APR_POLLOUT) {
if (c->state == STATE_CONNECTING) {
rv = apr_socket_connect(c->aprsock, destsa);
if (rv != APR_SUCCESS) {
set_conn_state(c, STATE_UNCONNECTED);
apr_socket_close(c->aprsock);
err_conn++;
if (bad++ > 10) {
fprintf(stderr,
"\nTest aborted after 10 failures\n\n");
apr_err("apr_socket_connect()", rv);
}
start_connect(c);
continue;
}
else {
set_conn_state(c, STATE_CONNECTED);
USE_SSL
if (c->ssl)
ssl_proceed_handshake(c);
else
/> write_request(c);
}
}
else {
write_request(c);
}
}
}
} while (lasttime < stoptime && done < requests);
也就是说:
ab在执行时会先“同时”建立-c条TCP连接,然后这-c条连接一直发送请求,在响应时间大于等于-t的超时时间或者所有的-n条请求数已经被发送完毕时,停止发送。

webbench可以造成ddos。。我d过几个站,被d站出站流量瞬间1g。

数据地带为您的网站提供全球顶级IDC资源
在线咨询
专属客服