Re: [PATCH] Exponential backoff for auth_delay

On Tue, Mar 5, 2024 at 1:51 PM Nathan Bossart <nathandbossart@gmail.com> wrote:
> I don't have a strong opinion about making this configurable, but I do
> think we should consider making this a hash table so that we can set
> MAX_CONN_RECORDS much higher.

I'm curious why? It seems like the higher you make MAX_CONN_RECORDS,
the easier it is to put off the brute-force protection. (My assumption
is that anyone mounting a serious attack is not going to be doing this
from their own computer; they'll be doing it from many devices they
don't own -- a botnet, or a series of proxies, or something.)

--

Drive-by microreview -- auth_delay_cleanup_conn_record() has

> +   port->remote_host[0] = '\0';

which doesn't seem right. I assume acr->remote_host was meant?

--Jacob