The DoS would be that a client establishes connections faster than the server handles them? How would a shorter backlog make such a DoS less severe? Afaics the only effect would be that the DoS frequency would be different (shorter connection queue => takes less time to fill it => shorter but more frequent DoS intervals).
As for why it's hardcoded I don't know. I suspect it's only because the author thought noone would feel the need to to twiddle it (which apparently was incorrect).
/ Martin Stjernholm, Roxen IS
Previous text:
2003-01-22 00:24: Subject: Stdio.port listen() backlog again...
Hi everyone,
I posted this once on Pike list, and got no reply, so I am trying here, perhaps devel list is better place...
I found that it is impossible to specify backlog parameter when using Stdio.Port - it is hardcoded to 16384. Actually, the questions are - what should I do to actually limit backlog value? And - why it is hardcoded?Problem with current implementation: it is relatively easy to make a DoS attack against everything that listening through Stdio.Port (most used apps: Roxen & Caudium).
Any comments? :)
Regards, /Al
/ Brevbäraren