--RE3pQJLXZi4fr8Xo
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 18, 2003 at 09:06:31PM +0000, dieter wrote:
  | I have written some patches to ftpd for making it possible to limit
  | the number of connections per host. This is because some people
  | make 5, 10 or even 30(!) connections to speed up their download,
  | not caring about other ftp users. Before I send-pr this or patch
  | my server, I'd like to hear all possible comments one could have.
  |=20
  | The patches are at
  | 	http://gaosu.rave.org/~dieter/NetBSD/ftpd/
  | or in one tar.gz:
  | 	http://gaosu.rave.org/~dieter/NetBSD/ftpd-lph.tar.gz
  |=20
  | This code replaces the /var/run/ftpd.pids<class> files with a db
  | file which stores pid-remotehost pairs. I then check if the number
  | of connections from a host is higher than a limitperhost directive
  | and if so deny the login.

It's a good start, but I think the functionality needs to be more flexible.
At a minimum, we should be able to specify an optional "prefixlen",
which for IPv4 defaults to 32 (single host):
	limitpernet	<class>	<number> [<prefix>]
For example,
	limitpernet guest 41 24
would mean that a maximum of 41 simultaneous connections could occur
for any given /24 (i.e, 256 IP addresses).  Your code would need to be
reworked to store a 4 byte IPv4 address and 1 byte prefix or 4 byte
mask, instead of the existing hostname.  The code should support IPv6
too, so we'd need 16 bytes for address and 1 byte for the prefix length.

Have you researched how other ftp servers allow this sort of
functionality to be configured?


Luke.

--RE3pQJLXZi4fr8Xo
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQE/45XQpBhtmn8zJHIRAvusAKCTWYgSiR3fNnBTozLGAzhY/EXjvwCbBdIr
l/2LR7dopCuVLSVLINtyIVk=
=GAnd
-----END PGP SIGNATURE-----

--RE3pQJLXZi4fr8Xo--