Académique Documents
Professionnel Documents
Culture Documents
88 package (see
http://cr.yp.to/ucspi-tcp.html) to modify its behavior if some environment
variables are present.
The variables can be preset before starting tcpserver (thus acting as
default for all connections), or, if you use 'tcpserver -x xxx.cdb', they
can be set (or overridden) from xxx.cdb. If none of the variables are set,
tcpserver behaves same as non patched version (except for negligible
performance loss). Any or all variables can be set, as soon as first limit
is reached the connection is dropped. I'd recommend using .cdb files
exclusively though, as you can then modify configuration without killing
tcpserver.
The variables are:
(1) MAXLOAD
maximum 1-minute load average * 100. For example, if you have line
:allow,MAXLOAD="350"
in your rules file from which you created .cdb, the connection will be
accepted only if load average is below 3.50
See COMPILING instructions above for info on supported systems.
(2) MAXCONNIP
maximum connections from one IP address. tcpserver's -c flag defines
maximum number of allowed connections, but it can be abused if
just one host goes wild and eats all the connections - no other host
would be able to connect then. If you created your .cdb with:
:allow,MAXCONNIP="5"
and run tcpserver -c 50, then each IP address would be able to have at
most 5 concurrent connections, while there still could connect 50
clients total.
0 is valid value and means 'always reject'
(3) MAXCONNC
maximum connections from whole C-class (256 addresses). Extension of
MAXCONNIP, as sometimes the problematic client has a whole farm of
client machines with different IP addresses instead of just one IP
address, and they all try to connect. It might have been more useful to
be able to specify CIDR block than C-class, but I've decided to KISS.
for example tcpserver -c 200, and .cdb with:
:allow,MAXCONNC="15"
will allow at most 15 host from any x.y.z.0/24 address block, while
still allowing up to 200 total connections.
0 is valid value and means 'always reject'
(4) DIEMSG
if set and one of the above limits is exceeded, this is the message
to be sent to client (CRLF is always added to the text) before terminating
connection. If unset, the connection simply terminates (after 1 sec delay)
if limit is exceeded.
For example:
DIEMSG="421 example.com Service temporarily not available, closing
transmission channel"
(5) DIEMSG_MAXLOAD