Allow refusing all client connections with max_conns: -1

Signed-off-by: Neil Twigg <neil@nats.io>

Author: neilalexander

server/mqtt.go

@@ -585,7 +585,7 @@ func (s *Server) createMQTTClient(conn net.Conn, ws *websocket) *client {
 		return c
 	}
 
-	if opts.MaxConn > 0 && len(s.clients) >= opts.MaxConn {
+	if opts.MaxConn < 0 || (opts.MaxConn > 0 && len(s.clients) >= opts.MaxConn) {
 		s.mu.Unlock()
 		c.maxConnExceeded()
 		return nil

server/reload.go

@@ -575,10 +575,10 @@ func (m *maxConnOption) Apply(server *Server) {
 	}
 	server.mu.Unlock()
 
-	if m.newValue > 0 && len(clients) > m.newValue {
+	if newc := max(0, m.newValue); len(clients) > newc {
 		// Close connections til we are within the limit.
 		var (
-			numClose = len(clients) - m.newValue
+			numClose = len(clients) - newc
 			closed   = 0
 		)
 		for _, client := range clients {

server/reload_test.go

@@ -2025,6 +2025,59 @@ func TestConfigReloadMaxConnections(t *testing.T) {
 	}
 }
 
+// Ensure Reload supports refusing all connections. Test this by starting a
+// server with no max connections, connecting two clients, reloading with a
+// max connections of one, and ensuring one client is disconnected.
+func TestConfigReloadMaxConnectionsPreventAll(t *testing.T) {
+	server, opts, config := runReloadServerWithConfig(t, "./configs/reload/basic.conf")
+	defer server.Shutdown()
+
+	// Make two connections.
+	addr := fmt.Sprintf("nats://%s:%d", opts.Host, server.Addr().(*net.TCPAddr).Port)
+	nc1, err := nats.Connect(addr)
+	if err != nil {
+		t.Fatalf("Error creating client: %v", err)
+	}
+	defer nc1.Close()
+	closed := make(chan struct{}, 1)
+	nc1.SetDisconnectHandler(func(*nats.Conn) {
+		closed <- struct{}{}
+	})
+	nc2, err := nats.Connect(addr)
+	if err != nil {
+		t.Fatalf("Error creating client: %v", err)
+	}
+	defer nc2.Close()
+	nc2.SetDisconnectHandler(func(*nats.Conn) {
+		closed <- struct{}{}
+	})
+
+	if numClients := server.NumClients(); numClients != 2 {
+		t.Fatalf("Expected 2 clients, got %d", numClients)
+	}
+
+	// Set max connections to one.
+	changeCurrentConfigContent(t, config, "./configs/reload/max_connections_refuse_all.conf")
+	if err := server.Reload(); err != nil {
+		t.Fatalf("Error reloading config: %v", err)
+	}
+
+	// Ensure one connection was closed.
+	select {
+	case <-closed:
+	case <-time.After(5 * time.Second):
+		t.Fatal("Expected to be disconnected")
+	}
+
+	checkClientsCount(t, server, 0)
+
+	// Ensure new connections fail.
+	_, err = nats.Connect(addr)
+	if err == nil {
+		t.Fatal("Expected error on connect")
+	}
+}
+
 // Ensure reload supports changing the max payload size. Test this by starting
 // a server with the default size limit, ensuring publishes work, reloading
 // with a restrictive limit, and ensuring publishing an oversized message fails

server/server.go

@@ -3377,7 +3377,7 @@ func (s *Server) createClientEx(conn net.Conn, inProcess bool) *client {
 
 	// If there is a max connections specified, check that adding
 	// this new client would not push us over the max
-	if opts.MaxConn > 0 && len(s.clients) >= opts.MaxConn {
+	if opts.MaxConn < 0 || (opts.MaxConn > 0 && len(s.clients) >= opts.MaxConn) {
 		s.mu.Unlock()
 		c.maxConnExceeded()
 		return nil

server/server_test.go

@@ -588,6 +588,17 @@ func TestMaxConnections(t *testing.T) {
 	}
 }
 
+func TestMaxConnectionsPreventsAll(t *testing.T) {
+	opts := DefaultOptions()
+	opts.MaxConn = -1
+	s := RunServer(opts)
+	defer s.Shutdown()
+
+	addr := fmt.Sprintf("nats://%s:%d", opts.Host, opts.Port)
+	_, err := nats.Connect(addr)
+	require_Error(t, err)
+}
+
 func TestMaxSubscriptions(t *testing.T) {
 	opts := DefaultOptions()
 	opts.MaxSubs = 10

server/websocket.go

@@ -1324,7 +1324,7 @@ func (s *Server) createWSClient(conn net.Conn, ws *websocket) *client {
 		return c
 	}
 
-	if opts.MaxConn > 0 && len(s.clients) >= opts.MaxConn {
+	if opts.MaxConn < 0 || (opts.MaxConn > 0 && len(s.clients) >= opts.MaxConn) {
 		s.mu.Unlock()
 		c.maxConnExceeded()
 		return nil