Counting the number of connections per user
Julien ÉLIE
julien at trigofacile.com
Fri Apr 7 15:23:51 UTC 2023
Hi all,
There's a suggestion in the news.admin.peering newsgroup to facilitate
the count of the number of active nnrpd connections a given
authenticated user has.
Message-ID: <jjVXL.4378630$vSy3.384664 at fx04.ams4>
%%%
>> Another question, is it possible to limit the maximum number of
>> connections per authenticated user? I know this is possible for
>> peers, but can this also be set up for authenticated users? Maybe a
>> setting in readers.conf or nnrpd that I'm overlooking?
>
> Unfortunately, the response is no. There's no native way of
> limiting users' connections.
> You may want to write a custom authentication hook (perl_auth or
> python_auth in readers.conf) that would do the job by accounting how
> many connections are open by a given user, and deny access if it
> exceeds the limit. I am not aware of existing scripts to do that :-(
>
> It could be worthwhile having though, as you're not the first one to
> ask (but nobody wrote or shared what he came up with).
The nnrpd manual states:
"As each command is received, nnrpd tries to change its "argv" array so
that ps(1) will print out the command being executed."
This will then look like this:
nnrpd: <xxx.xxx.xxx.xxx> GROUP
nnrpd: <xxx.xxx.xxx.xxx> XOVER
Is it perhaps also possible to add the authenticated user to this?
Something like:
nnrpd: <xxx.xxx.xxx.xxx> Eli GROUP
nnrpd: <xxx.xxx.xxx.xxx> Eli XOVER
This would make it possible to limit the number of connections per user
via a perl script.
%%%
That sounds interesting, and easy to do.
As we have addcanlockuser, addinjectionpostingaccount, and a few other
add* parameters in access groups of readers.conf, would you be OK for a
new addargvuser boolean parameter? (or any other better name?)
It would naturally be off by default owing to privacy concerns.
--
Julien ÉLIE
« Quand on demande aux gens d'observer le silence, au lieu de l'observer
comme on observe une éclipse de lune, ils l'écoutent ! » (Raymond
Devos)
More information about the inn-workers
mailing list