faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cmdmon: limit rate of all responses

Browse source 
Include responses to invalid requests in the rate limiting enabled by
the cmdratelimit directive.
This commit is contained in:
Miroslav Lichvar 2019-07-16 17:15:03 +02:00
parent 8cb689a5e6
commit e5b9b6d701
1 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
cmdmon.c
View file

@ -1341,6 +1341,15 @@ read_from_cmd_socket(int sock_fd, int event, void *anything)
return; return;
} }
log_index = CLG_LogCommandAccess(&remote_ip, &cooked_now);
/* Don't reply to all requests from hosts other than localhost if the rate
is excessive */
if (!localhost && log_index >= 0 && CLG_LimitCommandResponseRate(log_index)) {
DEBUG_LOG("Command packet discarded to limit response rate");
return;
}
expected_length = PKL_CommandLength(&rx_message); expected_length = PKL_CommandLength(&rx_message);
rx_command = ntohs(rx_message.command); rx_command = ntohs(rx_message.command);
@ -1384,15 +1393,6 @@ read_from_cmd_socket(int sock_fd, int event, void *anything)
/* OK, we have a valid message. Now dispatch on message type and process it. */ /* OK, we have a valid message. Now dispatch on message type and process it. */
log_index = CLG_LogCommandAccess(&remote_ip, &cooked_now);
/* Don't reply to all requests from hosts other than localhost if the rate
is excessive */
if (!localhost && log_index >= 0 && CLG_LimitCommandResponseRate(log_index)) {
DEBUG_LOG("Command packet discarded to limit response rate");
return;
}
if (rx_command >= N_REQUEST_TYPES) { if (rx_command >= N_REQUEST_TYPES) {
/* This should be already handled */ /* This should be already handled */
assert(0); assert(0);