Subject: Re: ftpd per host connection limit
To: dieter <dieter.R@pandora.be>
From: Luke Mewburn <lukem@NetBSD.org>
Date: 12/20/2003 11:20:32
Content-Type: text/plain; charset=us-ascii
On Thu, Dec 18, 2003 at 09:06:31PM +0000, dieter wrote:
| I have written some patches to ftpd for making it possible to limit
| the number of connections per host. This is because some people
| make 5, 10 or even 30(!) connections to speed up their download,
| not caring about other ftp users. Before I send-pr this or patch
| my server, I'd like to hear all possible comments one could have.
| The patches are at
| or in one tar.gz:
| This code replaces the /var/run/ftpd.pids<class> files with a db
| file which stores pid-remotehost pairs. I then check if the number
| of connections from a host is higher than a limitperhost directive
| and if so deny the login.
It's a good start, but I think the functionality needs to be more flexible.
At a minimum, we should be able to specify an optional "prefixlen",
which for IPv4 defaults to 32 (single host):
limitpernet <class> <number> [<prefix>]
limitpernet guest 41 24
would mean that a maximum of 41 simultaneous connections could occur
for any given /24 (i.e, 256 IP addresses). Your code would need to be
reworked to store a 4 byte IPv4 address and 1 byte prefix or 4 byte
mask, instead of the existing hostname. The code should support IPv6
too, so we'd need 16 bytes for address and 1 byte for the prefix length.
Have you researched how other ftp servers allow this sort of
functionality to be configured?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----