httpd: add comment about faster rejection of denied IPs

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2021-05-05 15:31:18 +02:00
parent ad16f89547
commit ac4a0b3be7

View File

@ -2632,6 +2632,13 @@ static void mini_httpd(int server_socket)
n = accept(server_socket, &fromAddr.u.sa, &fromAddr.len);
if (n < 0)
continue;
//TODO: we can reject connects from denied IPs right away;
//also, we might want to do one MSG_DONTWAIT'ed recv() here
//to detect immediate EOF,
//to avoid forking a whole new process for attackers
//who open and close lots of connections.
//(OTOH, the real mitigtion for this sort of thing is
//to ratelimit connects in iptables)
/* set the KEEPALIVE option to cull dead connections */
setsockopt_keepalive(n);