From 27946a981ff4192f064feb3117567463c137933f Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Mon, 19 Sep 2011 08:10:13 -0500
Subject: Set socket TCP keepalive option on incoming connections

If a connected host disappears without our knowledge, as can happen over
wireless or a hibernating machine, we continue to hold the port open waiting
for messages. Because we never try to send anything down this now-broken
pipe, the connection will sit idle taking up a slot in our allowed incoming
connections list.

If enough of these happen, an unintended Denial of Service takes place,
where all connection slots are filled with now-broken, never ending
connections. Setting the TCP keepalive option at least allows these to time
out after the default two hours, which is sufficient in the non-malicious
case.

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 src/socket_util.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'src/socket_util.c')

diff --git a/src/socket_util.c b/src/socket_util.c
index a89a67ed..aa0a44e4 100644
--- a/src/socket_util.c
+++ b/src/socket_util.c
@@ -148,3 +148,18 @@ socket_bind_listen(int domain, int type, int protocol,
 
 	return fd;
 }
+
+int
+socket_keepalive(int fd)
+{
+	const int reuse = 1;
+
+#ifdef WIN32
+	const char *optval = (const char *)&reuse;
+#else
+	const void *optval = &reuse;
+#endif
+
+	return setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE,
+			optval, sizeof(reuse));
+}
-- 
cgit v1.2.3