Set socket TCP keepalive option on incoming connections
If a connected host disappears without our knowledge, as can happen over wireless or a hibernating machine, we continue to hold the port open waiting for messages. Because we never try to send anything down this now-broken pipe, the connection will sit idle taking up a slot in our allowed incoming connections list. If enough of these happen, an unintended Denial of Service takes place, where all connection slots are filled with now-broken, never ending connections. Setting the TCP keepalive option at least allows these to time out after the default two hours, which is sufficient in the non-malicious case. Signed-off-by: Dan McGee <dan@archlinux.org>
This commit is contained in:
Dan McGee
committed by
Max Kellermann
Max Kellermann
parent
74617389c8
commit
27946a981f
@@ -148,3 +148,18 @@ socket_bind_listen(int domain, int type, int protocol,
|
||||
|
||||
return fd;
|
||||
}
|
||||
|
||||
int
|
||||
socket_keepalive(int fd)
|
||||
{
|
||||
const int reuse = 1;
|
||||
|
||||
#ifdef WIN32
|
||||
const char *optval = (const char *)&reuse;
|
||||
#else
|
||||
const void *optval = &reuse;
|
||||
#endif
|
||||
|
||||
return setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE,
|
||||
optval, sizeof(reuse));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user