X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet.c;h=75838e00c11fce4196d90c9c884cfbb64b7a45c3;hb=1cf2b56fcc57073d952928da2338bdaff2cb7889;hp=097a79c0a42747c24f4bea1fed1b12f047a7b7b7;hpb=f6e87ab476a0faf8b124ecaaa27f967d825e6457;p=tinc

diff --git a/src/net.c b/src/net.c
index 097a79c0..75838e00 100644
--- a/src/net.c
+++ b/src/net.c
@@ -92,6 +92,22 @@ void purge(void) {
 	}
 }
 
+/* Put a misbehaving connection in the tarpit */
+void tarpit(int fd) {
+	static int pits[10] = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1};
+	static unsigned int next_pit = 0;
+
+	if(pits[next_pit] != -1) {
+		closesocket(pits[next_pit]);
+	}
+
+	pits[next_pit++] = fd;
+
+	if(next_pit >= sizeof pits / sizeof pits[0]) {
+		next_pit = 0;
+	}
+}
+
 /*
   Terminate a connection:
   - Mark it as inactive
@@ -218,6 +234,7 @@ static void timeout_handler(void *data) {
 				logger(DEBUG_CONNECTIONS, LOG_WARNING, "Timeout while connecting to %s (%s)", c->name, c->hostname);
 			} else {
 				logger(DEBUG_CONNECTIONS, LOG_WARNING, "Timeout from %s (%s) during authentication", c->name, c->hostname);
+				c->status.tarpit = true;
 			}
 
 			terminate_connection(c, c->edge);
@@ -285,6 +302,10 @@ static void periodic_handler(void *data) {
 
 void handle_meta_connection_data(connection_t *c) {
 	if(!receive_meta(c)) {
+		if(!c->status.control) {
+			c->status.tarpit = true;
+		}
+
 		terminate_connection(c, c->edge);
 		return;
 	}
@@ -327,7 +348,7 @@ int reload_configuration(void) {
 	read_config_options(config_tree, NULL);
 
 	snprintf(fname, sizeof(fname), "%s" SLASH "hosts" SLASH "%s", confbase, myself->name);
-	read_config_file(config_tree, fname);
+	read_config_file(config_tree, fname, true);
 
 	/* Parse some options that are allowed to be changed while tinc is running */