Import Upstream version 1.1~pre8

2019-08-26 13:44:51 +02:00 · 2019-08-26 13:44:51 +02:00 · f5c641f5cc
commit f5c641f5cc
parent 2ebbac3278
151 changed files with 11360 additions and 4420 deletions
--- a/src/net_socket.c
+++ b/src/net_socket.c
@ -45,6 +45,7 @@ int maxtimeout = 900;
 int seconds_till_retry = 5;
 int udp_rcvbuf = 0;
 int udp_sndbuf = 0;
+int max_connection_burst = 100;

 listen_socket_t listen_socket[MAXSOCKETS];
 int listen_sockets;
@ -561,6 +562,47 @@ void handle_new_meta_connection(void *data, int flags) {

 	sockaddrunmap(&sa);

+	// Check if we get many connections from the same host
+
+	static sockaddr_t prev_sa;
+	static time_t prev_time;
+	static int tarpit = -1;
+
+	if(tarpit >= 0) {
+		closesocket(tarpit);
+		tarpit = -1;
+	}
+
+	if(prev_time == now.tv_sec && !sockaddrcmp_noport(&sa, &prev_sa)) {
+		// if so, keep the connection open but ignore it completely.
+		tarpit = fd;
+		return;
+	}
+
+	memcpy(&prev_sa, &sa, sizeof sa);
+	prev_time = now.tv_sec;
+
+	// Check if we get many connections from different hosts
+
+	static int connection_burst;
+	static int connection_burst_time;
+
+	if(now.tv_sec - connection_burst_time > connection_burst)
+		connection_burst = 0;
+	else
+		connection_burst -= now.tv_sec - connection_burst_time;
+
+	connection_burst_time = now.tv_sec;
+	connection_burst++;
+
+	if(connection_burst >= max_connection_burst) {
+		connection_burst = max_connection_burst;
+		tarpit = fd;
+		return;
+	}
+
+	// Accept the new connection
+
 	c = new_connection();
 	c->name = xstrdup("<unknown>");
 	c->outcipher = myself->connection->outcipher;
@ -674,7 +716,7 @@ void try_outgoing_connections(void) {
 		}

 		if(!found) {
-			outgoing_t *outgoing = xmalloc_and_zero(sizeof *outgoing);
+			outgoing_t *outgoing = xzalloc(sizeof *outgoing);
 			outgoing->name = name;
 			list_insert_tail(outgoing_list, outgoing);
 			setup_outgoing_connection(outgoing);