diff options
| author | Jacek Masiulaniec <jacekm@cvs.openbsd.org> | 2009-05-27 13:09:08 +0000 |
|---|---|---|
| committer | Jacek Masiulaniec <jacekm@cvs.openbsd.org> | 2009-05-27 13:09:08 +0000 |
| commit | 864dce2bc80e7c0ba01cabe9f8f53e7bbfdb85e3 (patch) | |
| tree | 208c92dbab2a633fcf317a17dc286cc3c1649649 /usr.sbin/smtpd/smtpd.h | |
| parent | bc74c06e354abc8aa1fda72cd517b1cb48c394e9 (diff) | |
request flood mitigation:
1) each state may have 2 responses sent quickly;
2) more responses are delayed exponentially, up to a defined limit.
Delay count is user visible (smtp.errors.delays).
ok gilles@
Diffstat (limited to 'usr.sbin/smtpd/smtpd.h')
| -rw-r--r-- | usr.sbin/smtpd/smtpd.h | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h index 5b20d08ba09..70f539f8eca 100644 --- a/usr.sbin/smtpd/smtpd.h +++ b/usr.sbin/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.116 2009/05/25 14:00:36 jacekm Exp $ */ +/* $OpenBSD: smtpd.h,v 1.117 2009/05/27 13:09:07 jacekm Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -67,7 +67,13 @@ #define PATH_OFFLINE "/offline" /* number of MX records to lookup */ -#define MAX_MX_COUNT 10 +#define MAX_MX_COUNT 10 + +/* max response delay under flood conditions */ +#define MAX_RESPONSE_DELAY 60 + +/* how many responses per state are undelayed */ +#define FAST_RESPONSES 2 /* rfc5321 limits */ #define SMTP_TEXTLINE_MAX 1000 @@ -563,6 +569,7 @@ enum session_state { S_DONE, S_QUIT }; +#define STATE_COUNT 18 struct ssl { SPLAY_ENTRY(ssl) ssl_nodes; @@ -623,6 +630,7 @@ struct session { int s_buflen; struct timeval s_tv; struct message s_msg; + short s_nresp[STATE_COUNT]; size_t rcptcount; struct auth s_auth; @@ -706,6 +714,7 @@ struct s_session { size_t toofast; size_t tempfail; size_t linetoolong; + size_t delays; }; struct stats { |