Date: Sun, 16 Jun 2002 15:51:31 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Hajimu UMEMOTO <ume@mahoroba.org> Cc: arch@FreeBSD.org, hackers@FreeBSD.org Subject: Re: [CFR] max-child-per-ip restriction for inetd Message-ID: <3D0D1673.632F2386@mindspring.com> References: <ygey9dftiiw.wl@piano.mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hajimu UMEMOTO wrote: > I wish to add max-child-per-ip option to inetd. This enables us to > restrict maximum number of simultaneous invocations of each service > from a single IP address. The proposed patch can be found from: > > http://www.imasy.or.jp/~ume/FreeBSD/inetd-perip-5c.diff (for 5-CURRENT) > http://www.imasy.or.jp/~ume/FreeBSD/inetd-perip-4s.diff (for 4-STABLE) > > If there is no objection, I'll commit it at next weekend. Your search_ip() function is a linear list traversal, which makes a lookup O(N). Is there any change you could use a hash or a btree or a skiplist or a trie or some other data structure *other* than a linear list traversal? It seems to me that this will make things incredibly slow for everyone, if you have one IP address that's abusive enough that it approaches the limit you set. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D0D1673.632F2386>