From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36980) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XePvN-0003il-KW for qemu-devel@nongnu.org; Wed, 15 Oct 2014 10:51:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XePvH-0006BV-Q0 for qemu-devel@nongnu.org; Wed, 15 Oct 2014 10:51:37 -0400 Received: from mx1.redhat.com ([209.132.183.28]:13534) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XePvH-0006B7-5p for qemu-devel@nongnu.org; Wed, 15 Oct 2014 10:51:31 -0400 Message-ID: <543E89F0.6000504@redhat.com> Date: Wed, 15 Oct 2014 08:51:28 -0600 From: Eric Blake MIME-Version: 1.0 References: <1413375585-20301-1-git-send-email-kraxel@redhat.com> <1413375585-20301-7-git-send-email-kraxel@redhat.com> In-Reply-To: <1413375585-20301-7-git-send-email-kraxel@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ioAjKLQoLBXc23498akhktkrRs0x8Bse9" Subject: Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Gerd Hoffmann , qemu-devel@nongnu.org Cc: "Dr. David Alan Gilbert" , Anthony Liguori This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ioAjKLQoLBXc23498akhktkrRs0x8Bse9 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 10/15/2014 06:19 AM, Gerd Hoffmann wrote: > Also track the number of connections in "connecting" and "shared" state= > (additionally to "exclusive" state). Apply a configurable limit to s/additionally to/in addition to the/ > these connections. >=20 > The logic to apply the limit to connections in "shared" state is pretty= > simple: When the limit is reached no new connections are allowed. >=20 > The logic to apply the limit to connections in "connecting" state (this= > is the state you are in *before* successfull authentication) is s/successfull/successful/ > slightly different: A new connect kicks out the oldest client which is= > still in "connecting" state. This avoids a easy DoS by unauthenticated= > users by simply opening connections until the limit is reached. >=20 > Cc: Dr. David Alan Gilbert > Signed-off-by: Gerd Hoffmann > --- > ui/vnc.c | 46 +++++++++++++++++++++++++++++++++++++++++++--- > ui/vnc.h | 3 +++ > 2 files changed, 46 insertions(+), 3 deletions(-) >=20 --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --ioAjKLQoLBXc23498akhktkrRs0x8Bse9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg iQEcBAEBCAAGBQJUPonwAAoJEKeha0olJ0NqZMEH/jTngHHSb79Rsqmvh/ZdyKSj eYpSGe31+EntC2QwchBWuujffikC72R0TWb42msbc6q5NQesXXNTk4lrWbE+Hgx/ D1rTrO2RxSQ0kivHov1Bqu9gKmWA+ULqSOqx0vQTKcT7hIjkawiTalLomqxTHNJu k3nEQ+c49tNiAdna2d6hoXLQiTHm8hUvLkL7p7l986nn+al4gDLNg1X0XJ28FUoB HVu/fT8nYaXxAp/ObcqsPHPEOAIUM/yAmGH/tVp/KVlpk2AlfuMlvsG37Kz6OVMv IDhBLKUollwKMN9ZrOx3ej9yOJxZEVDqKW/ijg782EK3Fy2NMNl0kQdiyxZFLLE= =H96N -----END PGP SIGNATURE----- --ioAjKLQoLBXc23498akhktkrRs0x8Bse9--