Connection-level rate limiting.

2025-04-14 16:17:17 +03:00 · 2015-01-16 12:30:18 -08:00 · 2015-01-16 12:30:18 -08:00 · b99083ee6e
commit b99083ee6e
parent b94911f052
2 changed files with 28 additions and 0 deletions
--- a/sshd/net.go
+++ b/sshd/net.go
@ -2,7 +2,9 @@ package sshd

 import (
 	"net"
+	"time"

+	"github.com/shazow/rateio"
 	"golang.org/x/crypto/ssh"
 )

@ -24,6 +26,7 @@ func ListenSSH(laddr string, config *ssh.ServerConfig) (*SSHListener, error) {

 func (l *SSHListener) handleConn(conn net.Conn) (*Terminal, error) {
 	// Upgrade TCP connection to SSH connection
+	conn = ReadLimitConn(conn, rateio.NewGracefulLimiter(1000, time.Minute*2, time.Second*3))
 	sshConn, channels, requests, err := ssh.NewServerConn(conn, l.config)
 	if err != nil {
 		return nil, err
--- a/sshd/ratelimit.go
+++ b/sshd/ratelimit.go
@ -0,0 +1,25 @@
+package sshd
+
+import (
+	"io"
+	"net"
+
+	"github.com/shazow/rateio"
+)
+
+type limitedConn struct {
+	net.Conn
+	io.Reader // Our rate-limited io.Reader for net.Conn
+}
+
+func (r *limitedConn) Read(p []byte) (n int, err error) {
+	return r.Reader.Read(p)
+}
+
+// ReadLimitConn returns a net.Conn whose io.Reader interface is rate-limited by limiter.
+func ReadLimitConn(conn net.Conn, limiter rateio.Limiter) net.Conn {
+	return &limitedConn{
+		Conn:   conn,
+		Reader: rateio.NewReader(conn, limiter),
+	}
+}