From c4880e6cf4e778a0e4c61fda72ac87770fd621a7 Mon Sep 17 00:00:00 2001
From: Max Lv <max.c.lv@gmail.com>
Date: Mon, 10 Oct 2016 08:25:57 +0800
Subject: [PATCH] Refine ACL for malicious request

---
 src/acl.h    | 9 +++++----
 src/server.c | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/acl.h b/src/acl.h
index 114d782a..05915b18 100644
--- a/src/acl.h
+++ b/src/acl.h
@@ -26,10 +26,11 @@
 #define BLACK_LIST 0
 #define WHITE_LIST 1
 
-#define MAX_TRIES 128
-#define ATTACK    8
-#define BAD       4
-#define MALFORMED 1    
+#define MAX_TRIES  64
+#define MALICIOUS  32
+#define SUSPICIOUS 16
+#define BAD        4
+#define MALFORMED  1
 
 int init_acl(const char *path);
 void free_acl(void);
diff --git a/src/server.c b/src/server.c
index d761bd75..87e49ab1 100644
--- a/src/server.c
+++ b/src/server.c
@@ -620,7 +620,7 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
 
     if (err) {
         LOGE("invalid password or cipher");
-        report_addr(server->fd, ATTACK);
+        report_addr(server->fd, MALICIOUS);
         close_and_free_remote(EV_A_ remote);
         close_and_free_server(EV_A_ server);
         return;
@@ -1000,7 +1000,7 @@ server_timeout_cb(EV_P_ ev_timer *watcher, int revents)
             LOGI("incomplete header: %zu", len);
 #endif
         }
-        report_addr(server->fd, ATTACK);
+        report_addr(server->fd, SUSPICIOUS);
     }
 
     close_and_free_remote(EV_A_ remote);