mirror of
https://codeberg.org/anoncontributorxmr/monero.git
synced 2024-11-27 05:13:25 +01:00
abstract_tcp_server2: improve DoS resistance
This commit is contained in:
parent
1387549e90
commit
bc09766bf9
@ -54,6 +54,9 @@
|
|||||||
#undef MONERO_DEFAULT_LOG_CATEGORY
|
#undef MONERO_DEFAULT_LOG_CATEGORY
|
||||||
#define MONERO_DEFAULT_LOG_CATEGORY "net"
|
#define MONERO_DEFAULT_LOG_CATEGORY "net"
|
||||||
|
|
||||||
|
#define AGGRESSIVE_TIMEOUT_THRESHOLD 120 // sockets
|
||||||
|
#define NEW_CONNECTION_TIMEOUT_LOCAL 1200000 // 2 minutes
|
||||||
|
#define NEW_CONNECTION_TIMEOUT_REMOTE 10000 // 10 seconds
|
||||||
#define DEFAULT_TIMEOUT_MS_LOCAL 1800000 // 30 minutes
|
#define DEFAULT_TIMEOUT_MS_LOCAL 1800000 // 30 minutes
|
||||||
#define DEFAULT_TIMEOUT_MS_REMOTE 300000 // 5 minutes
|
#define DEFAULT_TIMEOUT_MS_REMOTE 300000 // 5 minutes
|
||||||
#define TIMEOUT_EXTRA_MS_PER_BYTE 0.2
|
#define TIMEOUT_EXTRA_MS_PER_BYTE 0.2
|
||||||
@ -189,7 +192,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
|
|||||||
|
|
||||||
m_protocol_handler.after_init_connection();
|
m_protocol_handler.after_init_connection();
|
||||||
|
|
||||||
reset_timer(get_default_timeout(), false);
|
reset_timer(boost::posix_time::milliseconds(m_local ? NEW_CONNECTION_TIMEOUT_LOCAL : NEW_CONNECTION_TIMEOUT_REMOTE), false);
|
||||||
|
|
||||||
// first read on the raw socket to detect SSL for the server
|
// first read on the raw socket to detect SSL for the server
|
||||||
buffer_ssl_init_fill = 0;
|
buffer_ssl_init_fill = 0;
|
||||||
@ -691,7 +694,7 @@ PRAGMA_WARNING_DISABLE_VS(4355)
|
|||||||
{
|
{
|
||||||
unsigned count;
|
unsigned count;
|
||||||
try { count = host_count(m_host); } catch (...) { count = 0; }
|
try { count = host_count(m_host); } catch (...) { count = 0; }
|
||||||
const unsigned shift = std::min(std::max(count, 1u) - 1, 8u);
|
const unsigned shift = get_state().sock_count > AGGRESSIVE_TIMEOUT_THRESHOLD ? std::min(std::max(count, 1u) - 1, 8u) : 0;
|
||||||
boost::posix_time::milliseconds timeout(0);
|
boost::posix_time::milliseconds timeout(0);
|
||||||
if (m_local)
|
if (m_local)
|
||||||
timeout = boost::posix_time::milliseconds(DEFAULT_TIMEOUT_MS_LOCAL >> shift);
|
timeout = boost::posix_time::milliseconds(DEFAULT_TIMEOUT_MS_LOCAL >> shift);
|
||||||
@ -730,8 +733,6 @@ PRAGMA_WARNING_DISABLE_VS(4355)
|
|||||||
template<class t_protocol_handler>
|
template<class t_protocol_handler>
|
||||||
void connection<t_protocol_handler>::reset_timer(boost::posix_time::milliseconds ms, bool add)
|
void connection<t_protocol_handler>::reset_timer(boost::posix_time::milliseconds ms, bool add)
|
||||||
{
|
{
|
||||||
if (m_connection_type != e_connection_type_RPC)
|
|
||||||
return;
|
|
||||||
MTRACE("Setting " << ms << " expiry");
|
MTRACE("Setting " << ms << " expiry");
|
||||||
auto self = safe_shared_from_this();
|
auto self = safe_shared_from_this();
|
||||||
if(!self)
|
if(!self)
|
||||||
|
Loading…
Reference in New Issue
Block a user