Added rad_recv_header() function, which calls MSG_PEEK on the
socket to get the header, and the source IP. This allows us
to perform some basic sanity checks, like "known client" before
we allocate memory for the packet.
This slows the server down slightly for normal cases, but can
greatly improve its robustness to DoS attacks. As of now, it
logs *nothing* and allocates *no* memory on a DoS, so it should
be able to deal with them pretty well.
The rad_recv_header() function also returns the size of the packet
(taken from the header), which can permit us in the future to
minimize the number of memory allocations we make.
projects / freeradius.git / commit