diff options
| author | Kozlov Dmitry <xeb@mail.ru> | 2012-01-18 18:29:52 +0400 |
|---|---|---|
| committer | Kozlov Dmitry <xeb@mail.ru> | 2012-01-18 18:29:52 +0400 |
| commit | b463f4f2559a6f0180ba09fb1cb43d51144e95f0 (patch) | |
| tree | 10a01cbfeb1893219d4f98a8f33fb14e9421892a /accel-pppd/ctrl | |
| parent | 010a21c48d1a9cc560e7d46e02acab80c79eae10 (diff) | |
| download | accel-ppp-xebd-b463f4f2559a6f0180ba09fb1cb43d51144e95f0.tar.gz accel-ppp-xebd-b463f4f2559a6f0180ba09fb1cb43d51144e95f0.zip | |
implemented connlimit module which can be used to reduce system overload due to flood of connections
Diffstat (limited to 'accel-pppd/ctrl')
| -rw-r--r-- | accel-pppd/ctrl/l2tp/l2tp.c | 5 | ||||
| -rw-r--r-- | accel-pppd/ctrl/pppoe/pppoe.c | 8 | ||||
| -rw-r--r-- | accel-pppd/ctrl/pptp/pptp.c | 7 |
3 files changed, 19 insertions, 1 deletions
diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c index af617ba..9cde03e 100644 --- a/accel-pppd/ctrl/l2tp/l2tp.c +++ b/accel-pppd/ctrl/l2tp/l2tp.c @@ -24,6 +24,8 @@ #include "iprange.h" #include "cli.h" +#include "connlimit.h" + #include "memdebug.h" #include "l2tp.h" @@ -622,6 +624,9 @@ static int l2tp_recv_SCCRQ(struct l2tp_serv_t *serv, struct l2tp_packet_t *pack, if (ppp_shutdown) return 0; + + if (triton_module_loaded("connlimit") && connlimit_check(cl_key_from_ipv4(pack->addr.sin_addr.s_addr))) + return 0; list_for_each_entry(attr, &pack->attrs, entry) { switch (attr->attr->id) { diff --git a/accel-pppd/ctrl/pppoe/pppoe.c b/accel-pppd/ctrl/pppoe/pppoe.c index 3742c87..a5a8eb6 100644 --- a/accel-pppd/ctrl/pppoe/pppoe.c +++ b/accel-pppd/ctrl/pppoe/pppoe.c @@ -26,6 +26,8 @@ #include "radius.h" #endif +#include "connlimit.h" + #include "pppoe.h" #include "memdebug.h" @@ -712,7 +714,7 @@ static int check_padi_limit(struct pppoe_serv_t *serv, uint8_t *addr) struct timespec ts; if (serv->padi_limit == 0) - return 0; + goto connlimit_check; clock_gettime(CLOCK_MONOTONIC, &ts); @@ -748,6 +750,10 @@ static int check_padi_limit(struct pppoe_serv_t *serv, uint8_t *addr) __sync_add_and_fetch(&total_padi_cnt, 1); +connlimit_check: + if (triton_module_loaded("connlimit") && connlimit_check(cl_key_from_mac(addr))) + return -1; + return 0; } diff --git a/accel-pppd/ctrl/pptp/pptp.c b/accel-pppd/ctrl/pptp/pptp.c index b9930f3..b785b1f 100644 --- a/accel-pppd/ctrl/pptp/pptp.c +++ b/accel-pppd/ctrl/pptp/pptp.c @@ -23,6 +23,8 @@ #include "utils.h" #include "cli.h" +#include "connlimit.h" + #include "memdebug.h" #define STATE_IDLE 0 @@ -629,6 +631,11 @@ static int pptp_connect(struct triton_md_handler_t *h) continue; } + if (triton_module_loaded("connlimit") && connlimit_check(cl_key_from_ipv4(addr.sin_addr.s_addr))) { + close(sock); + return 0; + } + log_info2("pptp: new connection from %s\n", inet_ntoa(addr.sin_addr)); if (iprange_client_check(addr.sin_addr.s_addr)) { |