From 49352698a031d5816d04b802ad8e0386a8a73e30 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Sun, 16 Oct 2022 23:02:52 +0200
Subject: nDPId: Added error event threshold to prevent event spamming which
 may be abused.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 packages/openwrt/net/nDPId-testing/nDPId-testing.config | 2 ++
 packages/openwrt/net/nDPId-testing/nDPId-testing.init   | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'packages/openwrt/net')

diff --git a/packages/openwrt/net/nDPId-testing/nDPId-testing.config b/packages/openwrt/net/nDPId-testing/nDPId-testing.config
index 2a7879b42..2e1871d29 100644
--- a/packages/openwrt/net/nDPId-testing/nDPId-testing.config
+++ b/packages/openwrt/net/nDPId-testing/nDPId-testing.config
@@ -54,3 +54,5 @@ config nDPId
 	#option 'max_packets_per_flow_to_send' 15
 	#option 'max_packets_per_flow_to_process' 32
 	#option 'max_packets_per_flow_to_analyse' 32
+	#option 'error_event_threshold_n' 16
+	#option 'error_event_threshold_time' 10000000
diff --git a/packages/openwrt/net/nDPId-testing/nDPId-testing.init b/packages/openwrt/net/nDPId-testing/nDPId-testing.init
index ae0de1106..230b75d01 100644
--- a/packages/openwrt/net/nDPId-testing/nDPId-testing.init
+++ b/packages/openwrt/net/nDPId-testing/nDPId-testing.init
@@ -91,6 +91,8 @@ start_ndpid_instance() {
 	args="$args$(print_arg_str "$cfg" 'max_packets_per_flow_to_send' '-omax-packets-per-flow-to-send=')"
 	args="$args$(print_arg_str "$cfg" 'max_packets_per_flow_to_process' '-omax-packets-per-flow-to-process=')"
 	args="$args$(print_arg_str "$cfg" 'max_packets_per_flow_to_analyse' '-omax-packets-per-flow-to-analyse=')"
+	args="$args$(print_arg_str "$cfg" 'error_event_threshold_n' '-oerror-event-threshold-n=')"
+	args="$args$(print_arg_str "$cfg" 'error_event_threshold_time' '-oerror-event-threshold-time=')"
 
 	procd_open_instance
 	procd_set_param command ${NDPID_BIN}
@@ -133,7 +135,9 @@ validate_ndpid_section() {
 		'tcp_max_post_end_flow_time:uinteger' \
 		'max_packets_per_flow_to_send:uinteger' \
 		'max_packets_per_flow_to_process:uinteger' \
-		'max_packets_per_flow_to_analyse:uinteger'
+		'max_packets_per_flow_to_analyse:uinteger' \
+		'error_event_threshold_n:uinteger' \
+		'error_event_threshold_time:uinteger'
 }
 
 start_ndpisrvd_instance() {
-- 
cgit v1.2.3