From 0b209ea5cc333255e055113fa2ad636dda681a21 Mon Sep 17 00:00:00 2001
From: Shawn Routhier <sar@isc.org>
Date: Fri, 4 Mar 2016 12:16:52 -0800
Subject: [PATCH] [master] Add patch to limit the value of an fd we accept for
 a connection.

By limiting the highest value we accept for an fd we limit the number
of connections.
---
 RELNOTES          | 4 ++++
 includes/site.h   | 6 ++++++
 omapip/listener.c | 9 +++++++--
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/RELNOTES b/RELNOTES
index 84fcc49d8..47e303039 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -254,6 +254,10 @@ by Eric Young (eay@cryptsoft.com).
   escapes, and hex - unquoted, colon separated hex digits.
   [ISC-Busg #26378]
 
+! Add an option in site.h to limit the number of failover and control
+  connections the server will accept.  By default this is 200.
+  [ISC-Bugs #41845]
+
 			Changes since 4.3.3b1
 
 - None
diff --git a/includes/site.h b/includes/site.h
index 944dbefc7..1f4407f42 100644
--- a/includes/site.h
+++ b/includes/site.h
@@ -312,6 +312,12 @@
    default. */
 #define PRINT_SPECIFIC_CL_ERRORS
 
+/* Limit the value of a file descriptor the serve will use
+   when accepting a connecting request.  This can be used to
+   limit the number of TCP connections that the server will
+   allow at one time.  A value of 0 means there is no limit.*/
+#define MAX_FD_VALUE 200
+
 /* Include definitions for various options.  In general these
    should be left as is, but if you have already defined one
    of these and prefer your definition you can comment the 
diff --git a/omapip/listener.c b/omapip/listener.c
index 8bdcdbd7f..61473cf5f 100644
--- a/omapip/listener.c
+++ b/omapip/listener.c
@@ -3,7 +3,7 @@
    Subroutines that support the generic listener object. */
 
 /*
- * Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1999-2003 by Internet Software Consortium
  *
@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_t *h)
 			return ISC_R_NORESOURCES;
 		return ISC_R_UNEXPECTED;
 	}
-	
+
+	if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
+		close(socket);
+		return (ISC_R_NORESOURCES);
+	}
+
 #if defined (TRACING)
 	/* If we're recording a trace, remember the connection. */
 	if (trace_record ()) {
-- 
2.47.2