From 7bb4de2baf795e02d078d2f3c9e0a03752b3de5d Mon Sep 17 00:00:00 2001
From: claudio <claudio@openbsd.org>
Date: Mon, 17 May 2021 10:47:07 +0000
Subject: [PATCH] Limit the number of concurrent RTR connects to 32. If the
 limit is hit the request will be dropped and the rtr process will retry the
 connect after the retry timeout. Hopefully by then the number of connections
 is down again. OK deraadt@ benno@

---
 usr.sbin/bgpd/bgpd.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/bgpd/bgpd.c b/usr.sbin/bgpd/bgpd.c
index d670e302cac..88427f5a1e9 100644
--- a/usr.sbin/bgpd/bgpd.c
+++ b/usr.sbin/bgpd/bgpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bgpd.c,v 1.236 2021/05/11 07:57:24 claudio Exp $ */
+/*	$OpenBSD: bgpd.c,v 1.237 2021/05/17 10:47:07 claudio Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -74,6 +74,7 @@ struct connect_elm {
 TAILQ_HEAD( ,connect_elm)	connect_queue = \
 				    TAILQ_HEAD_INITIALIZER(connect_queue);
 u_int				connect_cnt;
+#define MAX_CONNECT_CNT		32
 
 void
 sighdlr(int sig)
@@ -1304,6 +1305,12 @@ bgpd_rtr_connect(struct rtr_config *r)
 	struct sockaddr *sa;
 	socklen_t len;
 
+	if (connect_cnt >= MAX_CONNECT_CNT) {
+		log_warnx("rtr %s: too many concurrent connection requests",
+		    r->descr);
+		return;
+	}
+
 	if ((ce = calloc(1, sizeof(*ce))) == NULL) {
 		log_warn("rtr %s", r->descr);
 		return;
-- 
2.20.1