diff options
Diffstat (limited to 'networking')
| -rw-r--r-- | networking/httpd.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/networking/httpd.c b/networking/httpd.c index fb6ffe5..56ab85b 100644 --- a/networking/httpd.c +++ b/networking/httpd.c @@ -2632,6 +2632,13 @@ static void mini_httpd(int server_socket) n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len); if (n < 0) continue; +//TODO: we can reject connects from denied IPs right away; +//also, we might want to do one MSG_DONTWAIT'ed recv() here +//to detect immediate EOF, +//to avoid forking a whole new process for attackers +//who open and close lots of connections. +//(OTOH, the real mitigtion for this sort of thing is +//to ratelimit connects in iptables) /* set the KEEPALIVE option to cull dead connections */ setsockopt_keepalive(n); |