summaryrefslogtreecommitdiff
path: root/networking/httpd.c
diff options
context:
space:
mode:
Diffstat (limited to 'networking/httpd.c')
-rw-r--r--networking/httpd.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index fb6ffe5..56ab85b 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2632,6 +2632,13 @@ static void mini_httpd(int server_socket)
n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len);
if (n < 0)
continue;
+//TODO: we can reject connects from denied IPs right away;
+//also, we might want to do one MSG_DONTWAIT'ed recv() here
+//to detect immediate EOF,
+//to avoid forking a whole new process for attackers
+//who open and close lots of connections.
+//(OTOH, the real mitigtion for this sort of thing is
+//to ratelimit connects in iptables)
/* set the KEEPALIVE option to cull dead connections */
setsockopt_keepalive(n);