Ticket #179 (assigned enhancement)

Opened 12 months ago

Last modified 10 months ago

New throttling options

Reported by: smoku Owned by: smoku
Priority: major Component: General
Version: 2.1.19 Keywords:
Cc: Tracforge_linkmap:
Blocking: Blocked By:

Description

We need to add more throttling on incoming connections to better cope with DOS attempts:

  • option to specify maximum incoming stanza size on input buffer
  • option to specify packet based rate limitting

First is to protect from gigantic stanza flooding to fill the buffers/memory, second to protect from flooding with many small packets (presence-subscription).

Change History

Changed 12 months ago by smoku

  • status changed from new to assigned

Byte counters and packet counters are already in place, so it should be easy to implement.

Changed 11 months ago by smoku

(In [481]) Implemented SX_MAX_STANZA_SIZE limit to stanza size. Refs #179

Changed 11 months ago by smoku

(In [482]) Implemented SX_MAX_STANZA_SIZE limit to stanza size. Refs #179

Changed 11 months ago by smoku

(In [483]) Implemented SX_MAX_STANZA_SIZE limit to stanza size. Refs #179

Changed 11 months ago by smoku

(In [484]) Implemented SX_MAX_STANZA_SIZE limit to stanza size. Refs #179

Changed 11 months ago by smoku

(In [485]) Reordered SX_MAX_STANZA_SIZE to check right after parsing. Refs #179

Changed 10 months ago by smoku

Packet counters are implemented on different layer than throttling. It's not that easy :-(

Note: See TracTickets for help on using tickets.