From: Wouter Wijngaards Date: Thu, 30 Jan 2014 09:27:00 +0000 (+0000) Subject: - delay-close does not act if there are udp-wait queries, so that X-Git-Tag: release-1.4.22rc1~33 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0fbe678e686c19d4ebe70be61b2d07e466cac4e0;p=thirdparty%2Funbound.git - delay-close does not act if there are udp-wait queries, so that it does not make a socketdrain DoS easier. git-svn-id: file:///svn/unbound/trunk@3059 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index a1bcf7ece..d16b62c15 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +30 January 2014: Wouter + - delay-close does not act if there are udp-wait queries, so that + it does not make a socketdrain DoS easier. + 28 January 2014: Wouter - iana portlist updated. - iana portlist test updated so it does not touch the source diff --git a/services/outside_network.c b/services/outside_network.c index fa5000a4f..5b21c3431 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -522,7 +522,11 @@ pending_udp_timer_cb(void *arg) fptr_ok(fptr_whitelist_pending_udp(p->cb)); (void)(*p->cb)(p->pc->cp, p->cb_arg, NETEVENT_TIMEOUT, NULL); } - if(outnet->delayclose) { + /* if delayclose, keep port open for a longer time. + * But if the udpwaitlist exists, then we are struggling to + * keep up with demand for sockets, so do not wait, but service + * the customer (customer service more important than portICMPs) */ + if(outnet->delayclose && !outnet->udp_wait_first) { p->cb = NULL; p->timer->callback = &pending_udp_timer_delay_cb; comm_timer_set(p->timer, &outnet->delay_tv);