diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2021-05-05 15:31:18 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2021-05-05 15:31:18 +0200 |
| commit | ac4a0b3be77f2b4280fd95849a0259e1351eeb43 (patch) | |
| tree | b48712ef5b178a7bf696aaa1362c0192183e7214 | |
| parent | ad16f89547a5e335f3c45506eb5b43bcc1bf505e (diff) | |
| download | busybox-w32-ac4a0b3be77f2b4280fd95849a0259e1351eeb43.tar.gz busybox-w32-ac4a0b3be77f2b4280fd95849a0259e1351eeb43.tar.bz2 busybox-w32-ac4a0b3be77f2b4280fd95849a0259e1351eeb43.zip | |
httpd: add comment about faster rejection of denied IPs
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/httpd.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/networking/httpd.c b/networking/httpd.c index fb6ffe542..56ab85b82 100644 --- a/networking/httpd.c +++ b/networking/httpd.c | |||
| @@ -2632,6 +2632,13 @@ static void mini_httpd(int server_socket) | |||
| 2632 | n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len); | 2632 | n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len); |
| 2633 | if (n < 0) | 2633 | if (n < 0) |
| 2634 | continue; | 2634 | continue; |
| 2635 | //TODO: we can reject connects from denied IPs right away; | ||
| 2636 | //also, we might want to do one MSG_DONTWAIT'ed recv() here | ||
| 2637 | //to detect immediate EOF, | ||
| 2638 | //to avoid forking a whole new process for attackers | ||
| 2639 | //who open and close lots of connections. | ||
| 2640 | //(OTOH, the real mitigtion for this sort of thing is | ||
| 2641 | //to ratelimit connects in iptables) | ||
| 2635 | 2642 | ||
| 2636 | /* set the KEEPALIVE option to cull dead connections */ | 2643 | /* set the KEEPALIVE option to cull dead connections */ |
| 2637 | setsockopt_keepalive(n); | 2644 | setsockopt_keepalive(n); |