Can't find LS_LISTENER_DOS related code

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
ovear
Posts: 2
Joined: Tue Jan 18, 2022 6:38 am

Can't find LS_LISTENER_DOS related code

Post by ovear » Tue Jan 18, 2022 7:25 am

Hi,
Recently i found my softether server's log cotains some "dos attack" logs. After reading & searching source code from https://github.com/SoftEtherVPN/SoftEtherVPN_Stable, I can find nothting about this error. (I know i can adjust configuration to disbale this protection, but i want to check it from source code side, which provide more detailed information)
I try to use "LS_LISTENER_DOS" as keyword to search, nothing found. The TCPAcceptedThread function from `Listener.c` also not include this logic.
Is there anything i missed?

Thanks

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Can't find LS_LISTENER_DOS related code

Post by solo » Tue Jan 18, 2022 11:45 pm

These cedar.h constants are interesting:

Code: Select all

#define	DOS_TABLE_EXPIRES_FIRST		250		// Initial value of the expiration date of DOS attack list
#define	DOS_TABLE_EXPIRES_MAX		1000		// Maximum value of the expiration date of DOS attack list
#define	DOS_TABLE_REFRESH_INTERVAL	(10 * 1000)	// Interval to update the DOS attack list
#define	DOS_TABLE_MAX_LIMIT_PER_IP	16		// Accessible number per an IP
#define	DOS_TABLE_EXPIRES_TOTAL		(3000 * 1000)	// Time to force delete the entry
But no code seems to refer to them.

ovear
Posts: 2
Joined: Tue Jan 18, 2022 6:38 am

Re: Can't find LS_LISTENER_DOS related code

Post by ovear » Wed Jan 19, 2022 10:58 am

solo wrote:
Tue Jan 18, 2022 11:45 pm
These cedar.h constants are interesting:

Code: Select all

#define	DOS_TABLE_EXPIRES_FIRST		250		// Initial value of the expiration date of DOS attack list
#define	DOS_TABLE_EXPIRES_MAX		1000		// Maximum value of the expiration date of DOS attack list
#define	DOS_TABLE_REFRESH_INTERVAL	(10 * 1000)	// Interval to update the DOS attack list
#define	DOS_TABLE_MAX_LIMIT_PER_IP	16		// Accessible number per an IP
#define	DOS_TABLE_EXPIRES_TOTAL		(3000 * 1000)	// Time to force delete the entry
But no code seems to refer to them.
Thanks for you confim, I saw those code too, but i didn't find nothing refer to them either. After compare between official and open source verison, i notice that the open source verison actually doesn't introduce this feature. And submit a issue in github to inquery this sitiaiton.

https://github.com/SoftEtherVPN/SoftEth ... ssues/1541

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Can't find LS_LISTENER_DOS related code

Post by solo » Wed Jan 26, 2022 1:02 am

There is an explanation.

TLDR - "The source code version of SoftEther VPN Server Stable Edition has the anti-DDoS attack feature removed."

Post Reply