mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
Allow setting a rate limit on the number of connections.
This commit is contained in:
Nikos Mavrogiannopoulos
2
NEWS
2
NEWS
@@ -7,7 +7,7 @@
|
|||||||
- Added configuration options 'user-profile' and 'always-require-cert' to
|
- Added configuration options 'user-profile' and 'always-require-cert' to
|
||||||
enable non-openconnect clients to connect. They are enabled with
|
enable non-openconnect clients to connect. They are enabled with
|
||||||
the configure option --enable-anyconnect-compat.
|
the configure option --enable-anyconnect-compat.
|
||||||
|
- Allow setting a rate limit on the number of connections.
|
||||||
|
|
||||||
* Version 0.0.1 (released 2013-02-20)
|
* Version 0.0.1 (released 2013-02-20)
|
||||||
|
|
||||||
|
|||||||
@@ -142,6 +142,7 @@ unsigned j;
|
|||||||
READ_NUMERIC("udp-port", config->udp_port, 0);
|
READ_NUMERIC("udp-port", config->udp_port, 0);
|
||||||
READ_NUMERIC("keepalive", config->keepalive, 0);
|
READ_NUMERIC("keepalive", config->keepalive, 0);
|
||||||
READ_NUMERIC("dpd", config->dpd, 0);
|
READ_NUMERIC("dpd", config->dpd, 0);
|
||||||
|
READ_NUMERIC("rate-limit-ms", config->rate_limit_ms, 10);
|
||||||
|
|
||||||
READ_STRING("server-cert", config->cert, 1);
|
READ_STRING("server-cert", config->cert, 1);
|
||||||
READ_STRING("server-key", config->key, 1);
|
READ_STRING("server-key", config->key, 1);
|
||||||
|
|||||||
16
src/main.c
16
src/main.c
@@ -53,6 +53,16 @@ static unsigned int reload_conf = 0;
|
|||||||
unsigned int need_maintainance = 0;
|
unsigned int need_maintainance = 0;
|
||||||
static unsigned int need_children_cleanup = 0;
|
static unsigned int need_children_cleanup = 0;
|
||||||
|
|
||||||
|
static void ms_sleep(unsigned ms)
|
||||||
|
{
|
||||||
|
struct timespec tv;
|
||||||
|
|
||||||
|
tv.tv_sec = 0;
|
||||||
|
tv.tv_nsec = ms * 1000 * 1000;
|
||||||
|
|
||||||
|
nanosleep(&tv, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
static
|
static
|
||||||
int _listen_ports(struct cfg_st* config, struct addrinfo *res, struct listen_list_st *list)
|
int _listen_ports(struct cfg_st* config, struct addrinfo *res, struct listen_list_st *list)
|
||||||
{
|
{
|
||||||
@@ -746,12 +756,18 @@ fork_failed:
|
|||||||
}
|
}
|
||||||
close(cmd_fd[1]);
|
close(cmd_fd[1]);
|
||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
|
if (config.rate_limit_ms > 0)
|
||||||
|
ms_sleep(config.rate_limit_ms);
|
||||||
} else if (set && ltmp->socktype == SOCK_DGRAM) {
|
} else if (set && ltmp->socktype == SOCK_DGRAM) {
|
||||||
/* connection on UDP port */
|
/* connection on UDP port */
|
||||||
ret = forward_udp_to_owner(&s, ltmp);
|
ret = forward_udp_to_owner(&s, ltmp);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
mslog(&s, NULL, LOG_INFO, "Could not determine the owner of received UDP packet");
|
mslog(&s, NULL, LOG_INFO, "Could not determine the owner of received UDP packet");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (config.rate_limit_ms > 0)
|
||||||
|
ms_sleep(config.rate_limit_ms);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
*
|
*
|
||||||
* DO NOT EDIT THIS FILE (ocserv-args.c)
|
* DO NOT EDIT THIS FILE (ocserv-args.c)
|
||||||
*
|
*
|
||||||
* It has been AutoGen-ed March 2, 2013 at 03:35:07 PM by AutoGen 5.16
|
* It has been AutoGen-ed March 4, 2013 at 06:18:05 AM by AutoGen 5.16
|
||||||
* From the definitions ocserv-args.def
|
* From the definitions ocserv-args.def
|
||||||
* and the template file options
|
* and the template file options
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -89,6 +89,10 @@ auth = "pam"
|
|||||||
#max-clients = 1024
|
#max-clients = 1024
|
||||||
max-clients = 16
|
max-clients = 16
|
||||||
|
|
||||||
|
# Limit the number of client connections to one every X milliseconds (X is the provided
|
||||||
|
# value). Set to zero for no limit.
|
||||||
|
#rate-limit-ms = 100
|
||||||
|
|
||||||
# Limit the number of identical clients (i.e., users connecting multiple times)
|
# Limit the number of identical clients (i.e., users connecting multiple times)
|
||||||
# Unset or set to zero for unlimited.
|
# Unset or set to zero for unlimited.
|
||||||
max-same-clients = 2
|
max-same-clients = 2
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
*
|
*
|
||||||
* DO NOT EDIT THIS FILE (ocserv-args.h)
|
* DO NOT EDIT THIS FILE (ocserv-args.h)
|
||||||
*
|
*
|
||||||
* It has been AutoGen-ed March 2, 2013 at 03:35:07 PM by AutoGen 5.16
|
* It has been AutoGen-ed March 4, 2013 at 06:18:05 AM by AutoGen 5.16
|
||||||
* From the definitions ocserv-args.def
|
* From the definitions ocserv-args.def
|
||||||
* and the template file options
|
* and the template file options
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -83,6 +83,7 @@ struct cfg_st {
|
|||||||
unsigned use_utmp;
|
unsigned use_utmp;
|
||||||
unsigned try_mtu; /* MTU discovery enabled */
|
unsigned try_mtu; /* MTU discovery enabled */
|
||||||
unsigned force_cert_auth; /* always require client certificate */
|
unsigned force_cert_auth; /* always require client certificate */
|
||||||
|
unsigned rate_limit_ms; /* if non zero force a connection every rate_limit milliseconds */
|
||||||
|
|
||||||
/* if gdbm is there */
|
/* if gdbm is there */
|
||||||
char* cookie_db_name;
|
char* cookie_db_name;
|
||||||
|
|||||||
Reference in New Issue
Block a user