nnrpd/perm.c and innd/rc.c

Bettina Fink laura at hydrophil.de
Wed Oct 17 11:59:28 UTC 2001



Hi,

two small annotations:

1). nnrpd/perm.c:

	syslog(L_TRACE, "%s auth authenticator succesful, user %s", ClientHost, ubuf);
                                               ^^^^^^^^^

"successful"


2). innd/rc.c:

    ** L = per host incoming connects per X seconds allowed
    ** T = total incoming connects per X seconds allowed
    ** X = number of seconds to remember a successful connect

[...]

    ** Third, if the number of entries now in the table which match
    ** the incoming connection's host address is equal to the ``L''
    ** parameter, reject the connection with the ``505'' error code.

Isn't it "H" instead of "L"?

$ ctlinnd mode
[...]
Parameters c 10 i 100 (33) l 1000000 o 1011 t 300 H 2 T 60 X 0 normal specified


INND(8):

       -H -T -X
[...]

       The ``-H'' flag limits the number of times a host is allowed to
       connect to the server per ``-X'' seconds.  The default is 2.

Regarding "-H -T -X":

In theory, these parameters are a nice way to prevent readers from
flooding the server with connects. In practice, these parameters
are two edged, because they do not only affect reader connects, they
do also affect feed connections from peers. That's an undesirable side
effect, because I don't want to restrict my peers, only my readers.

Is there any way to distinguish between reader and peer? innd could
know it (because peers are listed in hosts.nntp/incoming.conf), so
it could except everything listed in hosts.nntp/incoming.conf from
the "-H -T -X" checks.

Oh, and with nnrpd in stand-alone mode, "-H -T -X" does not work,
maybe there should be a note in the man page. Is there any way to
get the "-H -T -X" functionality with nnrpd in stand-alone mode?
Without "-H -T -X", nnrpd is defenceless against connection floods.
Or am I missing a magic switch/parameter/tool? ;-)

Bye,
Bettina



More information about the inn-bugs mailing list