From ffb7094ed2751488b22586623756551e9bd91a8b Mon Sep 17 00:00:00 2001 From: Paul Traina Date: Tue, 24 Feb 1998 21:55:14 +0000 Subject: [PATCH] Make maxchild and max child-per-minute default values configurable from the command line or Makefile. --- usr.sbin/inetd/inetd.8 | 15 ++++++++-- usr.sbin/inetd/inetd.c | 67 ++++++++++++++++++++++++++++++------------ 2 files changed, 62 insertions(+), 20 deletions(-) diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8 index 125c4e9a1569..f4e5bc8be441 100644 --- a/usr.sbin/inetd/inetd.8 +++ b/usr.sbin/inetd/inetd.8 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 -.\" $Id: inetd.8,v 1.16 1997/10/28 13:46:51 ache Exp $ +.\" $Id: inetd.8,v 1.17 1997/10/29 21:49:02 dima Exp $ .\" .Dd February 7, 1996 .Dt INETD 8 @@ -43,9 +43,11 @@ .Nm inetd .Op Fl d .Op Fl l -.Op Fl R Ar rate +.Op Fl c Ar maximum +.Op Fl C Ar rate .Op Fl a Ar address .Op Fl p Ar filename +.Op Fl R Ar rate .Op Ar configuration file .Sh DESCRIPTION The @@ -76,6 +78,15 @@ The following options are available: Turn on debugging. .It Fl l Turn on logging. +.It Fl c Ar maximum +Specify the default maximum number of services that can be invoked. +May be overridden on a per-service basis with the "max-child" +parameter. +.It Fl C Ar rate +Specify the default maximum number of times a service can be invoked +from a single IP address in one minute; the default is unlimited. +May be overridden on a per-service basis with the +"max-connections-per-ip-per-minute" parameter. .It Fl R Ar rate Specify the maximum number of times a service can be invoked in one minute; the default is 256. diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index bffaee6bdb7d..72b83664c980 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)from: inetd.c 8.4 (Berkeley) 4/13/94"; #endif static const char rcsid[] = - "$Id: inetd.c,v 1.28 1997/10/28 13:46:52 ache Exp $"; + "$Id: inetd.c,v 1.29 1997/10/29 21:49:04 dima Exp $"; #endif /* not lint */ /* @@ -141,6 +141,17 @@ static const char rcsid[] = #include "pathnames.h" +#ifndef MAXCHILD +#define MAXCHILD -1 /* maximum number of this service + < 0 = no limit */ +#endif + +#ifndef MAXCPM +#define MAXCPM -1 /* rate limit invocations from a + single remote address, + < 0 = no limit */ +#endif + #define TOOMANY 256 /* don't start more than TOOMANY */ #define CNT_INTVL 60 /* servers in CNT_INTVL sec. */ #define RETRYTIME (60*10) /* retry after bind or server fail */ @@ -155,6 +166,8 @@ fd_set allsock; int options; int timingout; int toomany = TOOMANY; +int maxchild = MAXCPM; +int maxcpm = MAXCHILD; struct servent *sp; struct rpcent *rpc; struct in_addr bind_address; @@ -272,6 +285,23 @@ char **Argv; char *LastArg; #endif +int +getvalue(arg, value, whine) + char *arg, *whine; + int *value; +{ + int tmp; + char *p; + + tmp = strtol(arg, &p, 0); + if (tmp < 1 || *p) { + syslog(LOG_ERR, whine, arg); + return 1; /* failure */ + } + *value = tmp; + return 0; /* success */ +} + int main(argc, argv, envp) int argc; @@ -303,7 +333,7 @@ main(argc, argv, envp) openlog("inetd", LOG_PID | LOG_NOWAIT, LOG_DAEMON); bind_address.s_addr = htonl(INADDR_ANY); - while ((ch = getopt(argc, argv, "dlR:a:p:")) != -1) + while ((ch = getopt(argc, argv, "dlR:a:c:C:p:")) != -1) switch(ch) { case 'd': debug = 1; @@ -312,18 +342,18 @@ main(argc, argv, envp) case 'l': log = 1; break; - case 'R': { /* invocation rate */ - char *p; - - tmpint = strtol(optarg, &p, 0); - if (tmpint < 1 || *p) - syslog(LOG_ERR, - "-R %s: bad value for service invocation rate", - optarg); - else - toomany = tmpint; + case 'R': + getvalue(optarg, &toomany, + "-R %s: bad value for service invocation rate"); + break; + case 'c': + getvalue(optarg, &maxchild, + "-c %s: bad value for maximum children"); + break; + case 'C': + getvalue(optarg, &maxcpm, + "-C %s: bad value for maximum children/minute"); break; - } case 'a': if (!inet_aton(optarg, &bind_address)) { syslog(LOG_ERR, @@ -338,6 +368,7 @@ main(argc, argv, envp) default: syslog(LOG_ERR, "usage: inetd [-dl] [-a address] [-R rate]" + " [-c maximum] [-C rate]" " [-p pidfile] [conf-file]"); exit(EX_USAGE); } @@ -1147,8 +1178,8 @@ more: CONFIG, sep->se_service); goto more; } - sep->se_maxchild = -1; - sep->se_maxcpm = -1; + sep->se_maxchild = maxchild; + sep->se_maxcpm = maxcpm; if ((s = strchr(arg, '/')) != NULL) { char *eptr; u_long val; @@ -1874,9 +1905,9 @@ cpmip(sep, ctrl) if (cnt * (CHTSIZE * CHTGRAN) / 60 > sep->se_maxcpm) { r = -1; syslog(LOG_ERR, - "%s from %s exceeded counts/min limit %d/%d", - sep->se_service, inet_ntoa(rsin.sin_addr), cnt, - sep->se_maxcpm ); + "%s from %s exceeded counts/min (limit %d/min)", + sep->se_service, inet_ntoa(rsin.sin_addr), + sep->se_maxcpm); } } return(r);