Subject: Re: ftpd per host connection limit
To: dieter <>
From: Luke Mewburn <>
List: netbsd-users
Date: 12/20/2003 11:20:32
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 18, 2003 at 09:06:31PM +0000, dieter wrote:
  | I have written some patches to ftpd for making it possible to limit
  | the number of connections per host. This is because some people
  | make 5, 10 or even 30(!) connections to speed up their download,
  | not caring about other ftp users. Before I send-pr this or patch
  | my server, I'd like to hear all possible comments one could have.
  | The patches are at
  | or in one tar.gz:
  | This code replaces the /var/run/ftpd.pids<class> files with a db
  | file which stores pid-remotehost pairs. I then check if the number
  | of connections from a host is higher than a limitperhost directive
  | and if so deny the login.

It's a good start, but I think the functionality needs to be more flexible.
At a minimum, we should be able to specify an optional "prefixlen",
which for IPv4 defaults to 32 (single host):
	limitpernet	<class>	<number> [<prefix>]
For example,
	limitpernet guest 41 24
would mean that a maximum of 41 simultaneous connections could occur
for any given /24 (i.e, 256 IP addresses).  Your code would need to be
reworked to store a 4 byte IPv4 address and 1 byte prefix or 4 byte
mask, instead of the existing hostname.  The code should support IPv6
too, so we'd need 16 bytes for address and 1 byte for the prefix length.

Have you researched how other ftp servers allow this sort of
functionality to be configured?


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)