setsockopt(c->socket, SOL_TCP, TCP_NODELAY, (void *)&option, sizeof(option));
#endif
-#if defined(SOL_IP) && defined(IP_TOS) && defined(IPTOS_LOWDELAY)
+#if defined(IP_TOS) && defined(IPTOS_LOWDELAY)
option = IPTOS_LOWDELAY;
- setsockopt(c->socket, SOL_IP, IP_TOS, (void *)&option, sizeof(option));
+ setsockopt(c->socket, IPPROTO_IP, IP_TOS, (void *)&option, sizeof(option));
#endif
-#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
+#if defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
option = IPTOS_LOWDELAY;
setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
#endif
option = 1;
setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option));
-#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
+#if defined(IPV6_V6ONLY)
if(sa->sa.sa_family == AF_INET6) {
- setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
+ setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
}
+#else
+#warning IPV6_V6ONLY not defined
#endif
if(get_config_string(lookup_config(config_tree, "BindToInterface"), &iface)) {
logger(LOG_WARNING, "Can't set UDP SO_SNDBUF to %i: %s", udp_sndbuf, strerror(errno));
}
-#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
+#if defined(IPV6_V6ONLY)
if(sa->sa.sa_family == AF_INET6) {
setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
#define IP_DONTFRAGMENT IP_DONTFRAG
#endif
-#if defined(SOL_IP) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
if(myself->options & OPTION_PMTU_DISCOVERY) {
option = IP_PMTUDISC_DO;
- setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
+ setsockopt(nfd, IPPROTO_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option));
}
-#elif defined(IPPROTO_IP) && defined(IP_DONTFRAGMENT)
+#elif defined(IP_DONTFRAGMENT)
if(myself->options & OPTION_PMTU_DISCOVERY) {
option = 1;
#endif
-#if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
+#if defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
if(myself->options & OPTION_PMTU_DISCOVERY) {
option = IPV6_PMTUDISC_DO;
- setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option));
+ setsockopt(nfd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option));
}
-#elif defined(IPPROTO_IPV6) && defined(IPV6_DONTFRAG)
+#elif defined(IPV6_DONTFRAG)
if(myself->options & OPTION_PMTU_DISCOVERY) {
option = 1;
#endif
if(proxytype != PROXY_EXEC) {
-#if defined(SOL_IPV6) && defined(IPV6_V6ONLY)
+#if defined(IPV6_V6ONLY)
int option = 1;
if(c->address.sa.sa_family == AF_INET6) {
- setsockopt(c->socket, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
+ setsockopt(c->socket, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option));
}
#endif
new connection
*/
bool handle_new_meta_connection(int sock) {
+ static const int max_accept_burst = 10;
+ static int last_accept_burst;
+ static int last_accept_time;
connection_t *c;
sockaddr_t sa;
int fd;
return false;
}
+ if(last_accept_time == now) {
+ last_accept_burst++;
+
+ if(last_accept_burst >= max_accept_burst) {
+ if(last_accept_burst == max_accept_burst) {
+ ifdebug(CONNECTIONS) logger(LOG_WARNING, "Throttling incoming connections");
+ }
+
+ tarpit(fd);
+ return false;
+ }
+ } else {
+ last_accept_burst = 0;
+ last_accept_time = now;
+ }
+
sockaddrunmap(&sa);
c = new_connection();
connection_add(c);
c->allow_request = ID;
- send_id(c);
return true;
}