Hi, I had a small doubt with httpd.c code ..
>> Following is the transmission steps between Client and Server >> >> 1. 3 way handshake >> 2. GET packet from client and then followed by ACK from server. >> 3. RST ACK from Client to Server >> >> As a result of RST_ACK packet from client the socket connection is getting >> terminated >> abruptly and cur_clients global variable is not getting >> decremented. Once cur_clients >> value reaches the max value of 5 it stops accepting the new connections. In my scenario the child process is getting terminated abnormally and there is no mechanism in httpd for decrementing the value of cur_clients if it gets terminated abnormally. httpd takes for granted that SIGCHLD signal is ignored in httpd because of a chance of creating ZOMBIES. But I tried the scenario where I created a SIGCHLD signal handler where it properly handles the child process which is killed and decrements the value for cur_clients variable and it solved my Denial of Service attack scenario (I am not sure if it is a proper way to do but I am not creating any zombies). When I gone through 1.16 version code for httpd.c file I still see that SIGCHLD signal is ignored. But there is no check in httpd server for maximum number of clients allowed to be processed. So is http server in 1.16 version doesnt have any limitation of supporting only MAX_CLIENTS number of clients ?? -- Thanks, codingfreak --------------------------------------------- www.codingfreak.blogspot.com _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
