diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2017-10-29 01:23:19 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2017-10-29 01:23:19 -0400 |
commit | 1367f60626bed0991f6ca718ebc1fe2f2912096b (patch) | |
tree | 8df0011eb75516d8e7ecdd7040facb2ce362806d /src/mod_evasive.c | |
parent | caab4cdf8a37dbbd660249a4cec8f646239b4ae2 (diff) | |
download | lighttpd-git-1367f60626bed0991f6ca718ebc1fe2f2912096b.tar.gz |
[core] isolate sock_addr manipulation
Diffstat (limited to 'src/mod_evasive.c')
-rw-r--r-- | src/mod_evasive.c | 25 |
1 files changed, 2 insertions, 23 deletions
diff --git a/src/mod_evasive.c b/src/mod_evasive.c index 26362c09..1e0fad44 100644 --- a/src/mod_evasive.c +++ b/src/mod_evasive.c @@ -4,6 +4,7 @@ #include "log.h" #include "buffer.h" #include "response.h" +#include "sock_addr.h" #include "plugin.h" @@ -157,37 +158,15 @@ URIHANDLER_FUNC(mod_evasive_uri_handler) { /* no limit set, nothing to block */ if (p->conf.max_conns == 0) return HANDLER_GO_ON; - switch (con->dst_addr.plain.sa_family) { - case AF_INET: -#ifdef HAVE_IPV6 - case AF_INET6: -#endif - break; - default: /* Address family not supported */ - return HANDLER_GO_ON; - }; - for (j = 0; j < srv->conns->used; j++) { connection *c = srv->conns->ptr[j]; /* check if other connections are already actively serving data for the same IP * we can only ban connections which are already behind the 'read request' state * */ - if (c->dst_addr.plain.sa_family != con->dst_addr.plain.sa_family) continue; if (c->state <= CON_STATE_REQUEST_END) continue; - switch (con->dst_addr.plain.sa_family) { - case AF_INET: - if (c->dst_addr.ipv4.sin_addr.s_addr != con->dst_addr.ipv4.sin_addr.s_addr) continue; - break; -#ifdef HAVE_IPV6 - case AF_INET6: - if (0 != memcmp(c->dst_addr.ipv6.sin6_addr.s6_addr, con->dst_addr.ipv6.sin6_addr.s6_addr, 16)) continue; - break; -#endif - default: /* Address family not supported, should never be reached */ - continue; - }; + if (!sock_addr_is_addr_eq(&c->dst_addr, &con->dst_addr)) continue; conns_by_ip++; if (conns_by_ip > p->conf.max_conns) { |