This pull request addresses #89. This is done directly by reducing the log priority for messages during the connection accept process from "error" and "notice" to "debug". This should reduce the system load caused by a DDOS attack provided the trust router is not run with debug level logging.
This also adds validation of the internal configuration section of the trust router. This is done as part of this pull request in order to add a check that the trust router cannot be configured to make unthrottled connection attempts to its peers. I went ahead and validated other fields as well.
Production systems should still use proper firewall configurations to prevent abuse of the system, but this will hopefully improve the situation.
This pull request addresses #89. This is done directly by reducing the log priority for messages during the connection accept process from "error" and "notice" to "debug". This should reduce the system load caused by a DDOS attack provided the trust router is not run with debug level logging.
This also adds validation of the internal configuration section of the trust router. This is done as part of this pull request in order to add a check that the trust router cannot be configured to make unthrottled connection attempts to its peers. I went ahead and validated other fields as well.
Production systems should still use proper firewall configurations to prevent abuse of the system, but this will hopefully improve the situation.