emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

httpd: add comment about faster rejection of denied IPs

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2021-05-05 15:31:18 +02:00
parent ad16f89547
commit ac4a0b3be7
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
networking/httpd.c
View File

@ -2632,6 +2632,13 @@ static void mini_httpd(int server_socket)
n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len); n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len);
if (n < 0) if (n < 0)
continue; continue;
//TODO: we can reject connects from denied IPs right away;
//also, we might want to do one MSG_DONTWAIT'ed recv() here
//to detect immediate EOF,
//to avoid forking a whole new process for attackers
//who open and close lots of connections.
//(OTOH, the real mitigtion for this sort of thing is
//to ratelimit connects in iptables)
/* set the KEEPALIVE option to cull dead connections */ /* set the KEEPALIVE option to cull dead connections */
setsockopt_keepalive(n); setsockopt_keepalive(n);