Allow setting a rate limit on the number of connections.

NEWS

@@ -7,7 +7,7 @@
 - Added configuration options 'user-profile' and 'always-require-cert' to 
   enable non-openconnect clients to connect. They are enabled with
   the configure option --enable-anyconnect-compat.
-
+- Allow setting a rate limit on the number of connections.
 
 * Version 0.0.1 (released 2013-02-20)
 

src/config.c

@@ -142,6 +142,7 @@ unsigned j;
 	READ_NUMERIC("udp-port", config->udp_port, 0);
 	READ_NUMERIC("keepalive", config->keepalive, 0);
 	READ_NUMERIC("dpd", config->dpd, 0);
+	READ_NUMERIC("rate-limit-ms", config->rate_limit_ms, 10);
 
 	READ_STRING("server-cert", config->cert, 1);
 	READ_STRING("server-key", config->key, 1);

src/main.c

@@ -53,6 +53,16 @@ static unsigned int reload_conf = 0;
 unsigned int need_maintainance = 0;
 static unsigned int need_children_cleanup = 0;
 
+static void ms_sleep(unsigned ms)
+{
+  struct timespec tv;
+  
+  tv.tv_sec = 0;
+  tv.tv_nsec = ms * 1000 * 1000;
+  
+  nanosleep(&tv, NULL);
+}
+
 static 
 int _listen_ports(struct cfg_st* config, struct addrinfo *res, struct listen_list_st *list)
 {
@@ -746,12 +756,18 @@ fork_failed:
 				}
 				close(cmd_fd[1]);
 				close(fd);
+
+				if (config.rate_limit_ms > 0)
+					ms_sleep(config.rate_limit_ms);
 			} else if (set && ltmp->socktype == SOCK_DGRAM) {
 				/* connection on UDP port */
 				ret = forward_udp_to_owner(&s, ltmp);
 				if (ret < 0) {
 					mslog(&s, NULL, LOG_INFO, "Could not determine the owner of received UDP packet");
 				}
+
+				if (config.rate_limit_ms > 0)
+					ms_sleep(config.rate_limit_ms);
 			}
 		}
 

src/ocserv-args.c

@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.c)
  *  
- *  It has been AutoGen-ed  March  2, 2013 at 03:35:07 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  March  4, 2013 at 06:18:05 AM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *

src/ocserv-args.def

@@ -89,6 +89,10 @@ auth = "pam"
 #max-clients = 1024
 max-clients = 16
 
+# Limit the number of client connections to one every X milliseconds (X is the provided
+# value). Set to zero for no limit.
+#rate-limit-ms = 100
+
 # Limit the number of identical clients (i.e., users connecting multiple times)
 # Unset or set to zero for unlimited.
 max-same-clients = 2

src/ocserv-args.h

@@ -2,7 +2,7 @@
  *  
  *  DO NOT EDIT THIS FILE   (ocserv-args.h)
  *  
- *  It has been AutoGen-ed  March  2, 2013 at 03:35:07 PM by AutoGen 5.16
+ *  It has been AutoGen-ed  March  4, 2013 at 06:18:05 AM by AutoGen 5.16
  *  From the definitions    ocserv-args.def
  *  and the template file   options
  *

src/vpn.h

@@ -83,6 +83,7 @@ struct cfg_st {
 	unsigned use_utmp;
 	unsigned try_mtu; /* MTU discovery enabled */
 	unsigned force_cert_auth; /* always require client certificate */
+	unsigned rate_limit_ms; /* if non zero force a connection every rate_limit milliseconds */
 
 	/* if gdbm is there */
 	char* cookie_db_name;