Hi,
Recently i found my softether server's log cotains some "dos attack" logs. After reading & searching source code from https://github.com/SoftEtherVPN/SoftEtherVPN_Stable, I can find nothting about this error. (I know i can adjust configuration to disbale this protection, but i want to check it from source code side, which provide more detailed information)
I try to use "LS_LISTENER_DOS" as keyword to search, nothing found. The TCPAcceptedThread function from `Listener.c` also not include this logic.
Is there anything i missed?
Thanks
Can't find LS_LISTENER_DOS related code
-
- Posts: 1228
- Joined: Sun Feb 14, 2021 10:31 am
Re: Can't find LS_LISTENER_DOS related code
These cedar.h constants are interesting:
But no code seems to refer to them.
Code: Select all
#define DOS_TABLE_EXPIRES_FIRST 250 // Initial value of the expiration date of DOS attack list
#define DOS_TABLE_EXPIRES_MAX 1000 // Maximum value of the expiration date of DOS attack list
#define DOS_TABLE_REFRESH_INTERVAL (10 * 1000) // Interval to update the DOS attack list
#define DOS_TABLE_MAX_LIMIT_PER_IP 16 // Accessible number per an IP
#define DOS_TABLE_EXPIRES_TOTAL (3000 * 1000) // Time to force delete the entry
-
- Posts: 2
- Joined: Tue Jan 18, 2022 6:38 am
Re: Can't find LS_LISTENER_DOS related code
Thanks for you confim, I saw those code too, but i didn't find nothing refer to them either. After compare between official and open source verison, i notice that the open source verison actually doesn't introduce this feature. And submit a issue in github to inquery this sitiaiton.solo wrote: ↑Tue Jan 18, 2022 11:45 pmThese cedar.h constants are interesting:
But no code seems to refer to them.Code: Select all
#define DOS_TABLE_EXPIRES_FIRST 250 // Initial value of the expiration date of DOS attack list #define DOS_TABLE_EXPIRES_MAX 1000 // Maximum value of the expiration date of DOS attack list #define DOS_TABLE_REFRESH_INTERVAL (10 * 1000) // Interval to update the DOS attack list #define DOS_TABLE_MAX_LIMIT_PER_IP 16 // Accessible number per an IP #define DOS_TABLE_EXPIRES_TOTAL (3000 * 1000) // Time to force delete the entry
https://github.com/SoftEtherVPN/SoftEth ... ssues/1541
-
- Posts: 1228
- Joined: Sun Feb 14, 2021 10:31 am
Re: Can't find LS_LISTENER_DOS related code
There is an explanation.
TLDR - "The source code version of SoftEther VPN Server Stable Edition has the anti-DDoS attack feature removed."
TLDR - "The source code version of SoftEther VPN Server Stable Edition has the anti-DDoS attack feature removed."