This anti-DoS patch adds two new options to tcpserver. You may restrict
the maximum number of connections from a single IP (-i <nr>) or a whole
Class-C subnet (-n <nr>).        http://www.wolfermann.org/djbware.html

--- tcpserver.c.orig	Wed Mar 21 11:51:38 2001
+++ tcpserver.c	Wed Mar 21 11:51:43 2001
@@ -242,6 +242,8 @@
 tcpserver: usage: tcpserver \
 [ -1UXpPhHrRoOdDqQv ] \
 [ -c limit ] \
+[ -i limithost ] \
+[ -n limitnet ] \
 [ -x rules.cdb ] \
 [ -B banner ] \
 [ -g gid ] \
@@ -254,6 +256,8 @@
 }
 
 unsigned long limit = 40;
+unsigned long limithost = 10;
+unsigned long limitnet = 10;
 unsigned long numchildren = 0;
 
 int flag1 = 0;
@@ -261,6 +265,9 @@
 unsigned long uid = 0;
 unsigned long gid = 0;
 
+struct conn_t { char ip[4]; int pid; } *conn;
+/*struct conn_t *conn;*/
+
 void printstatus(void)
 {
   if (verbosity < 2) return;
@@ -278,6 +285,7 @@
 {
   int wstat;
   int pid;
+  int i;
  
   while ((pid = wait_nohang(&wstat)) > 0) {
     if (verbosity >= 2) {
@@ -286,6 +294,8 @@
       strerr_warn4("tcpserver: end ",strnum," status ",strnum2,0);
     }
     if (numchildren) --numchildren; printstatus();
+    for(i=0;conn[i].pid!=pid && i<limit;i++) ;
+    byte_zero(&conn[i],sizeof(struct conn_t));
   }
 }
 
@@ -299,11 +309,14 @@
   unsigned long u;
   int s;
   int t;
+  int i,pos,same;
  
-  while ((opt = getopt(argc,argv,"dDvqQhHrR1UXx:t:u:g:l:b:B:c:pPoO")) != opteof)
+  while ((opt = getopt(argc,argv,"dDvqQhHrR1UXx:t:u:g:l:b:B:c:i:n:pPoO")) != opteof)
     switch(opt) {
       case 'b': scan_ulong(optarg,&backlog); break;
       case 'c': scan_ulong(optarg,&limit); break;
+      case 'i': scan_ulong(optarg,&limithost); break;
+      case 'n': scan_ulong(optarg,&limitnet); break;
       case 'X': flagallownorules = 1; break;
       case 'x': fnrules = optarg; break;
       case 'B': banner = optarg; break;
@@ -391,6 +404,9 @@
     buffer_flush(&b);
   }
  
+  if(!(conn = (struct conn_t *)alloc(limit*sizeof(struct conn_t))))
+    strerr_die2x(111,FATAL,"out of memory");
+ 
   close(0);
   close(1);
   printstatus();
@@ -405,7 +421,31 @@
     if (t == -1) continue;
     ++numchildren; printstatus();
  
-    switch(fork()) {
+    for(pos=0;conn[pos].pid;pos++) ;
+    byte_copy(&conn[pos].ip,4,&remoteip);
+
+    for(i=same=0;i<limit;i++)
+      if(byte_equal(&conn[i].ip,4,&remoteip)) ++same;
+
+    if(same > limithost) {
+      remoteipstr[ip4_fmt(remoteipstr,remoteip)] = 0;
+      strerr_warn2("too many connections from host ",remoteipstr,0);
+      --numchildren; printstatus();
+      close(t); continue;
+    }
+
+    for(i=same=0;i<limit;i++)
+      if(byte_equal(&conn[i].ip,3,&remoteip)) ++same;
+
+    if(same > limitnet) {
+      remoteip[3] = 0;
+      remoteipstr[ip4_fmt(remoteipstr,remoteip)] = 0;
+      strerr_warn2("too many connections from net ",remoteipstr,0);
+      --numchildren; printstatus();
+      close(t); continue;
+    }
+
+    switch(conn[pos].pid=fork()) {
       case 0:
         close(s);
         doit(t);