File: connstat.c

package info (click to toggle)
gatling 0.13-6
  • links: PTS
  • area: main
  • in suites: sid, stretch
  • size: 1,196 kB
  • ctags: 1,115
  • sloc: ansic: 23,805; makefile: 143; sh: 71; perl: 30
file content (87 lines) | stat: -rw-r--r-- 2,031 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#include <byte.h>
#include <stdlib.h>
#include <time.h>

unsigned int max_requests_per_minute;

enum { HASHTABLEN=1031 };
static time_t lastpurge;

static struct connection {
  struct connection* next;
  unsigned long connections;
  time_t last;
  char ip[16];
}* root[HASHTABLEN];

static unsigned int hash(const char* ip) {
  int i;
  unsigned int res;
  res=0;
  for (i=0; i<16; ++i)
    res = (res + (res << 5)) ^ ip[i];
  return res%HASHTABLEN;
}

/* returns 0 if the request was added and should be serviced.
 * returns 1 if a denial of service attack from this IP was detected and
 *           the request should not be serviced
 * returns -1 if we ran out of memory trying to add the request */
int new_request_from_ip(const char ip[16],time_t now) {
  struct connection** x, ** base;
  unsigned int i;
  if (!max_requests_per_minute) return 0;
  if (now > lastpurge+60) {
    for (i=0; i<sizeof(root)/sizeof(root[0]); ++i) {
      x=root+i;
      while (*x) {
	struct connection* tmp;
	if ((*x)->last+60 < now ||
	    (*x)->connections <= max_requests_per_minute/10) {	// had a minute of silence or very low volume -> remove
	  tmp=*x;
	  x=&(*x)->next;
	  free(tmp);
	} else {
	  /* halve connections count on record unless they exceed threshold */
	  if ((*x)->connections < max_requests_per_minute)
	    (*x)->connections /= 2;
	  x=&(*x)->next;
	}
      }
    }
    lastpurge=now;
  }
  x=base=root+hash(ip);
  while (*x) {
    if (byte_equal((*x)->ip,16,ip)) {
      int res;
      (*x)->last=now;
      res = (++(*x)->connections > max_requests_per_minute);
      if (x != base) {
	struct connection* tmp=*x;
	*x=(*x)->next;
	tmp->next=*base;
	*base=tmp;
      }
      return res;
    }
    x=&(*x)->next;
  }
  *x=malloc(sizeof(**x));
  if (!*x) return -1;
  (*x)->last=now;
  byte_copy((*x)->ip,16,ip);
  (*x)->connections=1;
  return 0;
}

#if 0
#include <stdio.h>

int main() {
  int i;
  max_requests_per_minute=5;
  for (i=0; i<100; ++i)
    printf("%d\n",new_request_from_ip("0123456789abcdef",23));
}
#endif