From owner-freebsd-hackers Sun Jun 16 15:54:53 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from avocet.mail.pas.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50]) by hub.freebsd.org (Postfix) with ESMTP id 4A49737B436; Sun, 16 Jun 2002 15:54:48 -0700 (PDT) Received: from pool0202.cvx40-bradley.dialup.earthlink.net ([216.244.42.202] helo=mindspring.com) by avocet.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 17JisT-0000mp-00; Sun, 16 Jun 2002 15:52:09 -0700 Message-ID: <3D0D1673.632F2386@mindspring.com> Date: Sun, 16 Jun 2002 15:51:31 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Hajimu UMEMOTO Cc: arch@FreeBSD.org, hackers@FreeBSD.org Subject: Re: [CFR] max-child-per-ip restriction for inetd References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hajimu UMEMOTO wrote: > I wish to add max-child-per-ip option to inetd. This enables us to > restrict maximum number of simultaneous invocations of each service > from a single IP address. The proposed patch can be found from: > > http://www.imasy.or.jp/~ume/FreeBSD/inetd-perip-5c.diff (for 5-CURRENT) > http://www.imasy.or.jp/~ume/FreeBSD/inetd-perip-4s.diff (for 4-STABLE) > > If there is no objection, I'll commit it at next weekend. Your search_ip() function is a linear list traversal, which makes a lookup O(N). Is there any change you could use a hash or a btree or a skiplist or a trie or some other data structure *other* than a linear list traversal? It seems to me that this will make things incredibly slow for everyone, if you have one IP address that's abusive enough that it approaches the limit you set. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message