Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ncat --max-conns

From: Solar Designer <solar () openwall com>
Date: Thu, 8 Oct 2009 04:57:50 +0400
This is a correction to my own posting from a couple of days ago.  The
"alternative" get_conn_count() function below:

On Tue, Oct 06, 2009 at 02:52:00AM +0400, Solar Designer wrote:

Alternatively:

static int get_conn_count(void)
{
      unsigned int conn_count;
      do {
              conn_dec_changed = 0;
              conn_count = conn_inc - conn_dec;
              if (conn_inc < conn_dec && !conn_dec_changed);
                      return -1; // error, counts got out of sync
      } while (conn_dec_changed);
      return conn_count;
}


is not correct in that it "forgets" about the wraparounds of conn_inc
and conn_dec possibly being legitimate (for a long-living process) as
it was suggested earlier in that posting.  The first version of
get_conn_count() given in the posting (with the check against INT_MAX)
is wraparound-compatible, and thus it should be preferred.  INT_MAX may
be replaced with some smaller number (if another upper limit is known).

Alexander

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: