From ecd90b533ea3440d8e4ed1094984d4681bae3613 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 4 Mar 2013 06:23:58 +0100 Subject: [PATCH] Allow setting a rate limit on the number of connections. --- NEWS | 2 +- src/config.c | 1 + src/main.c | 16 ++++++++++++++++ src/ocserv-args.c | 2 +- src/ocserv-args.def | 4 ++++ src/ocserv-args.h | 2 +- src/vpn.h | 1 + 7 files changed, 25 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index e416f964..1383eef4 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,7 @@ - Added configuration options 'user-profile' and 'always-require-cert' to enable non-openconnect clients to connect. They are enabled with the configure option --enable-anyconnect-compat. - +- Allow setting a rate limit on the number of connections. * Version 0.0.1 (released 2013-02-20) diff --git a/src/config.c b/src/config.c index 4729a722..9f5e0f25 100644 --- a/src/config.c +++ b/src/config.c @@ -142,6 +142,7 @@ unsigned j; READ_NUMERIC("udp-port", config->udp_port, 0); READ_NUMERIC("keepalive", config->keepalive, 0); READ_NUMERIC("dpd", config->dpd, 0); + READ_NUMERIC("rate-limit-ms", config->rate_limit_ms, 10); READ_STRING("server-cert", config->cert, 1); READ_STRING("server-key", config->key, 1); diff --git a/src/main.c b/src/main.c index 2aa29a28..715ad1e8 100644 --- a/src/main.c +++ b/src/main.c @@ -53,6 +53,16 @@ static unsigned int reload_conf = 0; unsigned int need_maintainance = 0; static unsigned int need_children_cleanup = 0; +static void ms_sleep(unsigned ms) +{ + struct timespec tv; + + tv.tv_sec = 0; + tv.tv_nsec = ms * 1000 * 1000; + + nanosleep(&tv, NULL); +} + static int _listen_ports(struct cfg_st* config, struct addrinfo *res, struct listen_list_st *list) { @@ -746,12 +756,18 @@ fork_failed: } close(cmd_fd[1]); close(fd); + + if (config.rate_limit_ms > 0) + ms_sleep(config.rate_limit_ms); } else if (set && ltmp->socktype == SOCK_DGRAM) { /* connection on UDP port */ ret = forward_udp_to_owner(&s, ltmp); if (ret < 0) { mslog(&s, NULL, LOG_INFO, "Could not determine the owner of received UDP packet"); } + + if (config.rate_limit_ms > 0) + ms_sleep(config.rate_limit_ms); } } diff --git a/src/ocserv-args.c b/src/ocserv-args.c index ae2f1b04..45273ebe 100644 --- a/src/ocserv-args.c +++ b/src/ocserv-args.c @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (ocserv-args.c) * - * It has been AutoGen-ed March 2, 2013 at 03:35:07 PM by AutoGen 5.16 + * It has been AutoGen-ed March 4, 2013 at 06:18:05 AM by AutoGen 5.16 * From the definitions ocserv-args.def * and the template file options * diff --git a/src/ocserv-args.def b/src/ocserv-args.def index 6fede321..2ab3d54f 100644 --- a/src/ocserv-args.def +++ b/src/ocserv-args.def @@ -89,6 +89,10 @@ auth = "pam" #max-clients = 1024 max-clients = 16 +# Limit the number of client connections to one every X milliseconds (X is the provided +# value). Set to zero for no limit. +#rate-limit-ms = 100 + # Limit the number of identical clients (i.e., users connecting multiple times) # Unset or set to zero for unlimited. max-same-clients = 2 diff --git a/src/ocserv-args.h b/src/ocserv-args.h index 77c36586..c21ecd1b 100644 --- a/src/ocserv-args.h +++ b/src/ocserv-args.h @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (ocserv-args.h) * - * It has been AutoGen-ed March 2, 2013 at 03:35:07 PM by AutoGen 5.16 + * It has been AutoGen-ed March 4, 2013 at 06:18:05 AM by AutoGen 5.16 * From the definitions ocserv-args.def * and the template file options * diff --git a/src/vpn.h b/src/vpn.h index 86b263ee..7b7bea0b 100644 --- a/src/vpn.h +++ b/src/vpn.h @@ -83,6 +83,7 @@ struct cfg_st { unsigned use_utmp; unsigned try_mtu; /* MTU discovery enabled */ unsigned force_cert_auth; /* always require client certificate */ + unsigned rate_limit_ms; /* if non zero force a connection every rate_limit milliseconds */ /* if gdbm is there */ char* cookie_db_name;