summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorGravatar Sergey Mironov <grrwlf@gmail.com>2014-09-02 17:42:10 +0000
committerGravatar Sergey Mironov <grrwlf@gmail.com>2014-09-02 17:42:10 +0000
commit4e2c3a1424a9b8f242953cd74c47bf641e84504d (patch)
tree13e8fbf5838ee3e47348b296620a8c148cc2c7dc /src
parenta0b96f52c6a9e5b01a74c2879d1d2e8cd95eef77 (diff)
Introduce recv timeout controlled by '-T' option in http.c
This should prevent a DDoS attack where attacker and keeps the connection open but send no data.
Diffstat (limited to 'src')
-rw-r--r--src/c/http.c29
1 files changed, 25 insertions, 4 deletions
diff --git a/src/c/http.c b/src/c/http.c
index 2a8b7e94..9651a216 100644
--- a/src/c/http.c
+++ b/src/c/http.c
@@ -116,7 +116,7 @@ static void *worker(void *data) {
r = recv(sock, back, buf_size - 1 - (back - buf), 0);
if (r < 0) {
- qfprintf(stderr, "Recv failed while receiving header\n");
+ qfprintf(stderr, "Recv failed while receiving header, retcode %d errno %m\n", r);
close(sock);
sock = 0;
break;
@@ -173,7 +173,7 @@ static void *worker(void *data) {
r = recv(sock, back, buf_size - 1 - (back - buf), 0);
if (r < 0) {
- qfprintf(stderr, "Recv failed\n");
+ qfprintf(stderr, "Recv failed while receiving content, retcode %d errno %m\n", r);
close(sock);
sock = 0;
goto done;
@@ -312,7 +312,7 @@ static void *worker(void *data) {
}
static void help(char *cmd) {
- printf("Usage: %s [-p <port>] [-a <IP address>] [-t <thread count>] [-k] [-q]\nThe '-k' option turns on HTTP keepalive.\nThe '-q' option turns off some chatter on stdout.\n", cmd);
+ printf("Usage: %s [-p <port>] [-a <IP address>] [-t <thread count>] [-k] [-q] [-T SEC]\nThe '-k' option turns on HTTP keepalive.\nThe '-q' option turns off some chatter on stdout.\nThe -T option sets socket recv timeout (0 disables timeout, default is 5 sec)", cmd);
}
static void sigint(int signum) {
@@ -327,6 +327,7 @@ int main(int argc, char *argv[]) {
struct sockaddr_in their_addr; // connector's address information
socklen_t sin_size;
int yes = 1, uw_port = 8080, nthreads = 1, i, *names, opt;
+ int recv_timeout_sec = 5;
signal(SIGINT, sigint);
signal(SIGPIPE, SIG_IGN);
@@ -334,7 +335,7 @@ int main(int argc, char *argv[]) {
my_addr.sin_addr.s_addr = INADDR_ANY; // auto-fill with my IP
memset(my_addr.sin_zero, '\0', sizeof my_addr.sin_zero);
- while ((opt = getopt(argc, argv, "hp:a:t:kq")) != -1) {
+ while ((opt = getopt(argc, argv, "hp:a:t:kqT:")) != -1) {
switch (opt) {
case '?':
fprintf(stderr, "Unknown command-line option\n");
@@ -375,6 +376,15 @@ int main(int argc, char *argv[]) {
keepalive = 1;
break;
+ case 'T':
+ recv_timeout_sec = atoi(optarg);
+ if (recv_timeout_sec < 0) {
+ fprintf(stderr, "Invalid recv timeout\n");
+ help(argv[0]);
+ return 1;
+ }
+ break;
+
case 'q':
quiet = 1;
break;
@@ -453,6 +463,17 @@ int main(int argc, char *argv[]) {
setsockopt(new_fd, IPPROTO_TCP, TCP_NODELAY, (char *) &flag, sizeof(int));
}
+ if(recv_timeout_sec>0) {
+ int ret;
+ struct timeval tv;
+ memset(&tv, 0, sizeof(struct timeval));
+ tv.tv_sec = recv_timeout_sec;
+ ret = setsockopt(new_fd, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval));
+ if(ret != 0) {
+ qfprintf(stderr, "Timeout setting failed, errcode %d errno '%m'\n", ret);
+ }
+ }
+
uw_enqueue(new_fd);
}
}