- delay-close does not act if there are udp-wait queries, so that

  it does not make a socketdrain DoS easier.

git-svn-id: file:///svn/unbound/trunk@3059 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index a1bcf7ece124cb793f0be35ed2123ee10c9c7b59..d16b62c1571ca4d2d82eb1ebcbc4609784e3bc86 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+30 January 2014: Wouter
+       - delay-close does not act if there are udp-wait queries, so that
+         it does not make a socketdrain DoS easier.
+
 28 January 2014: Wouter
        - iana portlist updated.
        - iana portlist test updated so it does not touch the source

diff --git a/services/outside_network.c b/services/outside_network.c
index fa5000a4f2a0b812261ce57005a0af66251c6baf..5b21c34310b9b60cd4cd77a66e00c925845649d0 100644 (file)
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -522,7 +522,11 @@ pending_udp_timer_cb(void *arg)
                fptr_ok(fptr_whitelist_pending_udp(p->cb));
                (void)(*p->cb)(p->pc->cp, p->cb_arg, NETEVENT_TIMEOUT, NULL);
        }
-       if(outnet->delayclose) {
+       /* if delayclose, keep port open for a longer time.
+        * But if the udpwaitlist exists, then we are struggling to
+        * keep up with demand for sockets, so do not wait, but service
+        * the customer (customer service more important than portICMPs) */
+       if(outnet->delayclose && !outnet->udp_wait_first) {
                p->cb = NULL;
                p->timer->callback = &pending_udp_timer_delay_cb;
                comm_timer_set(p->timer, &outnet->delay_tv);