Impact on NAT router #28
Comments
|
The impact on a NAT router could be significant since it too has to
track some state for every connection. I don't really know how much
consumer routers have improved, but, only a decade ago, it wasn't
unusual for a single, busy BitTorrent client to completely knock down a
mid-range home router — mostly due to the crappy, cheap memory they'd
put in those things. Endlessh would have a similar sort of impact.
Moving Endlessh to the router would reduce the overall resource usage
since it eliminates the duplication, but it would increase the load on
the router, since it has to track even more information per connection
(receive buffer, etc.).
I've tagged release 1.0 for you.
|
|
Absolutely perfect, thanks a lot. |
mtlynch
added a commit
to mtlynch/endlessh
that referenced
this issue
Jan 14, 2020
* Add note about RHEL 6 / CentOS 6 Fixes skeeto#10. * Check for FreeBSD and adjust feature test macros Fixes #2. * Fix -V typo in usage documentation (skeeto#11) * Add link to main article in README * Makefile: add all target * Improve support for Solaris and its derivatives Requires extensions to be enabled due to incomplete support for POSIX.1-2008. However one of the now-exposed extensions is tragically named "struct queue". This struct was been renamed to "struct fifo". Thanks to @yvoinov for reporting this issue and collaborating on a solution. Closes skeeto#14, skeeto#17. * Greatly simplify a bunch of things 1. If sockets are non-blocking, no need to use poll() on them. Just try to write regardless and ignore the outcome. This means we don't need the pollvec stuff anymore. 2. getline(3) is apparently still too new to POSIX that it's hard to use portably. We don't really need it that badly anyway. 3. Don't use MSG_DONTWAIT. It's non-standard and apparently still hard to use portably. Set sockets to non-blocking instead. 4. Since we're not polling on client sockets, the queue is a whole lot simpler. * Use _XOPEN_SOURCE instead of _POSIX_C_SOURCE It seems this is required to get all the IPv6 definitions, though most systems aren't very picky. NetBSD seems to be one of those picky systems, though. * Solaris SMF Closes skeeto#18. * Added -4 -6 Switches and default tcp46 As *BSD defaults to use IPv6 only sockets and Linux to IPv4 mapped IPv6 sockets, switches to support explicit binding address families are required. Now set explicitly if you want IPv6 only, IPv4 only or mapped IPv4. Caveat: OpenBSD explicitly states to not support IPv4 mapped IPv6 via setsock-API * newlines for -4 and -6 help options * Add note about __EXTENSIONS__ to README (illumos) * add rc.d script for openbsd * A unix tool deserves a proper manual page * Proper unix tools come with make install target Merges and closes skeeto#22. * Gather statistics and LOG_INFO them upon SIGUSR1 Merges and closes skeeto#24. * Rename uepoch() to epochms() It returns milliseconds, not microseconds. * Tweak SIGUSR1 statistics totals logging * Don't dynamically allocate the struct since that's not necessary. * Use a more concise log message. * Include current clients when counting the time. * Print final statistics message *after* closing all clients. * Don't include total connections in ACCEPT. * Mention SIGUSR1 in the new man page, too. Adjusts skeeto#24. * Always set standard output to line-buffered When logging was enabled via the config file, standard output was left fully buffered. Logs should never be fully buffered. Thanks to Chang-Li for pointing this out. * Use correct format specifier when printing totals Fixes skeeto#26. * Bump to version 1.0 Fixes skeeto#28. * fix Exec value in systemd unit Thanks for creating this wonderful tool! By default `make install` installs the binary into `/usr/local/bin` so I think this should be changed accordingly. Cheers * fix ConfigurationDirectory in systemd unit `ConfigurationDirectory=endlessh` should be enough. Previous assignment throws a warning with systemd 237 ``` May 13 08:57:18 kernelwtf systemd[1]: Started Endlessh SSH Tarpit. May 13 08:58:20 kernelwtf systemd[1]: /etc/systemd/system/endlessh.service:25: ConfigurationDirectory= path is not valid, ignoring assignment: /etc/endlessh ``` * add optional AmbientCapabilities to systemd unit If a user wants to bind to a privileged port (<1024) our current systemd unit fails to provide enough capabilities to endlessh binary. So, a user can modify `/etc/endlessh/config` to have `Port=22` or similar and then check out the systemd unit to enable the extra attribute. * PrivateUsers=true prevents privileged port mapping * fix typo * config file location on FreeBSD * better name for the config file * Add pledge for OpenBSD Closes skeeto#32. * Use unveil(2) to restrict reading config file only Closes skeeto#36. * Tweak some macro formatting for consistency * Balance list begin (.Bl) and end (.El) in man page Ref: skeeto#35 * Add Documentation link in endlessh.service Closes skeeto#33. * Prevent access to /run and /var in endlessh.service Closes skeeto#34. * Add public domain dedication to the source header * Don't dereference NULL pointer on OOM Fixes skeeto#37. Co-authored-by: Christopher Wellons <wellons@nullprogram.com> Co-authored-by: Dmitry Marakasov <amdmi3@amdmi3.ru> Co-authored-by: Yuri Voinov <yvoinov@gmail.com> Co-authored-by: Anton Rieger <inrin@jikken.de> Co-authored-by: Felix Kronlage-Dammers <fkr@hazardous.org> Co-authored-by: Cengiz Can <123910+cengizIO@users.noreply.github.com> Co-authored-by: Nicolas Braud-Santoni <nicolas@braud-santoni.eu>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How is the impact of endlessh if running behind a NAT router with port forwarding?
Especially on the router in this case, as the NAT router would have to monitor up to 4096 connections while the server behind it handles the "keeping clients busy" part.
An alternative I have would be to install endlessh on the NAT router, but for this I'd need a more recent "release" than 0.1, as that is hardly compatible with the package manager in use. So I would be grateful if the current state of endlessh could be tagged as a "release" version.
The text was updated successfully, but these errors were encountered: