Acked-by: Gert Doering <g...@greenie.muc.de>
The following tests were all done on v4. diff v4->v5 is only the extra
MSVC build files, so I did not completely re-test v5.
Stare-at-code looks good now (thanks). Fixed a bit of wording in the
commit message and reflect_filter.h comments.
Tested on the Linux server test rig, with "normal" traffic, "gremlins"
(~100 UDP gremlins) and "just bombarding with RESET packets". Everything
worked fine, and the new logs nicely show what is happening:
Jan 9 20:47:48 gentoo tun-udp-p2mp[1718]: Connection Attempt Note:
--connect-freq-initial 100 10 rate limit exceeded, dropping initial handshake
packets for the next 1 seconds
Jan 9 20:47:57 gentoo tun-udp-p2mp[1718]: Dropped 920 initial handshake
packets due to --connect-freq-initial 100 10
I have also tested actually using the new option to change defaults :-)
2023-01-09 22:38:31 us=987098 Connection Attempt Note: --connect-freq-initial
200 30 rate limit exceeded, dropping initial handshake packets for the next 30
seconds
(and it does that)
MSVC builds succeed now (GHA), with v5, and for good measure I've thrown
in a "make distcheck" ("new source files") which succeeds as well.
Your patch has been applied to the master and release/2.6 branch.
commit b520c68c67b6e52cd71b16675f1c436abf18d4dc (master)
commit 93d8d92319816a36f53ef8772bd6705f6abc2df9 (release/2.6)
Author: Arne Schwabe
Date: Tue Jan 10 02:59:01 2023 +0100
Add connect-freq-initial option to limit initial connection responses
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20230110015901.933522-1-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25938.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
