On Tue, Mar 5, 2024 at 1:51 PM Nathan Bossart <nathandboss...@gmail.com> wrote: > I don't have a strong opinion about making this configurable, but I do > think we should consider making this a hash table so that we can set > MAX_CONN_RECORDS much higher.
I'm curious why? It seems like the higher you make MAX_CONN_RECORDS, the easier it is to put off the brute-force protection. (My assumption is that anyone mounting a serious attack is not going to be doing this from their own computer; they'll be doing it from many devices they don't own -- a botnet, or a series of proxies, or something.) -- Drive-by microreview -- auth_delay_cleanup_conn_record() has > + port->remote_host[0] = '\0'; which doesn't seem right. I assume acr->remote_host was meant? --Jacob
