feat: add --maxclients option to limit concurrent fork connections#68
Draft
toddr-bot wants to merge 1 commit into
Draft
feat: add --maxclients option to limit concurrent fork connections#68toddr-bot wants to merge 1 commit into
toddr-bot wants to merge 1 commit into
Conversation
… mode Without a connection limit, fork-mode servers are vulnerable to resource exhaustion from connection floods — each new connection spawns a child process unconditionally. The new --maxclients=N option tracks active children and rejects connections when the limit is reached, logging an error and closing the socket immediately. When children exit and slots free up, new connections are accepted again. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a
--maxclients=Noption that limits the number of concurrent child processes in fork mode.Why
Fork-mode servers currently have no connection limit — every incoming connection spawns a child unconditionally. Under connection floods (intentional or accidental), this can exhaust system resources. Every serious daemon framework (Apache, vsftpd, postfix) has this guard.
How
active_childrencounter inBind(), incremented on fork, decremented inSigChildHandlermaxclientsis set and the limit is reached, connections are accepted (to drain the kernel queue) then immediately closed with an error log--childs) which has its own fixed poolTesting
t/maxclients.t: starts server with--maxclients=2, verifies 3rd connection is rejected, verifies recovery after a slot frees up (6 tests)🤖 Generated with Claude Code
Quality Report
Changes: 2 files changed, 136 insertions(+)
Code scan: 2 issue(s) found
t/maxclients.t:70— debug print statementt/maxclients.t:97— debug print statementTests: passed (OK)
Branch hygiene: clean
Generated by Kōan post-mission quality pipeline