Improved flood control counting to strictly not allow more than
the given amount of messages in the configured interval. The previous behavior allowed n+2 messages in the interval, due to two off by one comparison rules. In addition, if flooding is detected then each new message after the flooding is detected will reset the interval timer, which means the client cannot send another message until the timeout interval expires.
This commit is contained in:
Jan Vidar Krey
parent
c26e8aaefe
commit
e2b0757f4a
|
|
@ -30,26 +30,25 @@ int flood_control_check(struct flood_control* data, size_t max_count, size_t ti
|
|||
if (!time_delay || !max_count)
|
||||
return 0;
|
||||
|
||||
if (!data->time)
|
||||
// No previous message, or a long time since
|
||||
// the last message. We allow the message.
|
||||
if (!data->time || ((now - data->time) > time_delay))
|
||||
{
|
||||
data->time = now;
|
||||
data->count = 0;
|
||||
data->count = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((now - data->time) > time_delay)
|
||||
{
|
||||
data->time = now;
|
||||
data->count = 0;
|
||||
return 0;
|
||||
}
|
||||
// increase hit count
|
||||
data->count++;
|
||||
|
||||
if (data->count <= max_count)
|
||||
{
|
||||
data->count++;
|
||||
// did we overflow the limits yet?
|
||||
if (data->count < max_count)
|
||||
return 0;
|
||||
}
|
||||
|
||||
// if we continue sending spam messages we extend the flood interval
|
||||
// based on the last message.
|
||||
data->time = now;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue