From: Omar Polo Subject: Re: gotd per-uid connection limit To: Stefan Sperling Cc: gameoftrees@openbsd.org Date: Fri, 30 Dec 2022 19:36:54 +0100 On 2022/12/30 18:47:50 +0100, Stefan Sperling wrote: > gotd should enforce a limit on the number of connections per user. > > This patch adds such a limit. The limit is hard-coded for now. > Developers will only run fetch/send commands occasionally, which > means a fairly low default limit can be used. > > I have tested this patch manually and it seems to work as expected. > Connections beyond the limit are dropped, and new connections become > possible once active connections have terminated. > > The limit will need to be made configurable via gotd.conf later. > Ideally, it should be possible to configure connection limits per user/UID. > Servers offering anonymous fetches we will want to use a relatively high > limit for the anonymous user, because most clients will then appear with > the same anonymous UID. > > Something else we could build on top of this is rate-limiting of new > connections on a per-UID basis. With low limits this doesn't matter very > much, but it could matter for the anonymous case with a higher limit. > > ok? reads fine; ok op@ providing a knob to eventually relax this limit will be needed to run an anonssh gotd instance, but can be added later.