"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Omar Polo <op@omarpolo.com>
Subject:
Re: gotd per-uid connection limit
To:
Stefan Sperling <stsp@stsp.name>
Cc:
gameoftrees@openbsd.org
Date:
Fri, 30 Dec 2022 19:36:54 +0100

Download raw body.

Thread
On 2022/12/30 18:47:50 +0100, Stefan Sperling <stsp@stsp.name> wrote:
> gotd should enforce a limit on the number of connections per user.
> 
> This patch adds such a limit. The limit is hard-coded for now.
> Developers will only run fetch/send commands occasionally, which
> means a fairly low default limit can be used.
> 
> I have tested this patch manually and it seems to work as expected.
> Connections beyond the limit are dropped, and new connections become
> possible once active connections have terminated.
> 
> The limit will need to be made configurable via gotd.conf later.
> Ideally, it should be possible to configure connection limits per user/UID.
> Servers offering anonymous fetches we will want to use a relatively high
> limit for the anonymous user, because most clients will then appear with
> the same anonymous UID.
> 
> Something else we could build on top of this is rate-limiting of new
> connections on a per-UID basis. With low limits this doesn't matter very
> much, but it could matter for the anonymous case with a higher limit.
> 
> ok?

reads fine; ok op@

providing a knob to eventually relax this limit will be needed to run
an anonssh gotd instance, but can be added later.