>> I had a small doubt with httpd.c code .. >> >> >> Following is the transmission steps between Client and Server >> >> >> >> 1. 3 way handshake >> >> 2. GET packet from client and then followed by ACK from server. >> >> 3. RST ACK from Client to Server >> >> >> >> As a result of RST_ACK packet from client the socket connection is >> >> getting terminated >> abruptly and cur_clients global variable is not >> >> getting decremented. Once cur_clients >> >> value reaches the max value of 5 it stops accepting the new >> >> connections. >> >> In my scenario the child process is getting terminated abnormally and >> there is no mechanism in httpd for decrementing the value of >> cur_clients if it gets terminated abnormally. httpd takes for granted >> that >> >> SIGCHLD signal is ignored in httpd because of a chance of creating >> ZOMBIES. But I tried the scenario where I created a SIGCHLD signal >> handler where it properly handles the child process which is killed >> and decrements the value for cur_clients variable and it solved my >> Denial of Service attack scenario (I am not sure if it is a proper way >> to do but I am not creating any zombies). >> >> When I gone through 1.16 version code for httpd.c file I still see >> that SIGCHLD signal is ignored. But there is no check in httpd server >> for maximum number of clients allowed to be processed. >> >> So is http server in 1.16 version doesnt have any limitation of >> supporting only MAX_CLIENTS number of clients ?? > > httpd.c in 1.16.0 has neither MAX_CLIENTS nor cur_clients variables > or defines. I searched entire git history and there are no such things > anywhere. > > Thus I do not understand what code are you talking about. > --
Actually I am using older 1.2 version of httpd.c file in Busybox which has terms like MAX_CLIENTS and cur_clients variables. In that particular version there is a limit of supporting only 'n' number of clients which can be set by .conf file. Once we reach a count of 'n' and if we try to connect to the http server we get error number 503 - service not available .. So if the cur_clients value is not properly decremented (which is happening in my case) then it is resulting in Denial of Service stage. I even gone through httpd.c file in 1.16 version where there are no limits or any counts for number of clients supported. So it seems that there is no way to set any rules saying support only 'n' number of clients. So for 1.2 version of httpd.c file it seems I got only 2 choices to solve my problem 1. Create a signal handler function for SIGCHLD signal and decrement the value for cur_clients variable and take care of not creating any zombies accidentally. This solution at present working like a charm and no zombies created until now ... 2. or Remove the count for number of clients supported to look similar to 1.16 version of code ? -- Thanks, codingfreak --------------------------------------------- www.codingfreak.blogspot.com _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
