Replies: 6 comments 11 replies
-
| The user is responsible to call cleanup in the loop and you an add a middleware to limit client count. Look at the examples and doc. | 
Beta Was this translation helpful? Give feedback.
-
| It's also worth noting that the underlying LwIP TCP stack has a hard cap on the number of active connections set by  | 
Beta Was this translation helpful? Give feedback.
-
| Maybe unrelated with this specific case, but since almost every crash related to the use of this library has something to do with memory allocation, why not use new with disabled exceptions (nothrow) and test if the allocation was successful? | 
Beta Was this translation helpful? Give feedback.
-
| @gnalbandian memory allocations may also occur elsewhere in application code, so exhausting resources may randomly deny allocations external to ESPAsyncWebserver code. So basically every other piece of code would have to be aware of the web server exhausting resources. | 
Beta Was this translation helpful? Give feedback.
-
| Maybe the webserver could use its own allocator, based on a predefined static buffer. This way it may deny requests nicely by failing allocation, without compromising whole system stability. If too many clients connect, or too many responses are in-flight or whatever, a single or more connections would error out and close, but server and firmware will continue to run and accept connections in the future as the connection load drops. | 
Beta Was this translation helpful? Give feedback.
-
| @dronus you might wanna take a look at new websocket implementation here #312 | 
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
The WebSocket server seem not to limit connections per-se, so on overuse becoming unsafe denial-of-service attacks with unlimited memory usage and thus crash potential.
For example, serving some UI using WebSockets, would allow users to open unlimited instances of the UI, using one websocket client each. On some point, methods like
textAll()or similliar would crash, not able to allocate needed memory anymore.So while there is the possibility to prune the connection list by calling ws.cleanupClients() "frequently", as proposed, there is no guarantee what is frequently enough to limit connections and thus used memory to any hard limit.
So the WebSocket server should prune connections on clients connecting and hard limit connections there. Otherwise there is no chance to get a guaranteed crash-save application - we cannot limit the browsers trying to connect.
Beta Was this translation helpful? Give feedback.
All reactions