session.tex

socket4 socket5 client

%@(#)$Id: session.tex,v 1.3 2006/01/10 12:24:24 michaels Exp $
%/*
% * Copyright (c) 2005
% *      Inferno Nettverk A/S, Norway.  All rights reserved.
% *
% * Redistribution and use in source and binary forms, with or without
% * modification, are permitted provided that the following conditions
% * are met:
% * 1. The above copyright notice, this list of conditions and the following
% *    disclaimer must appear in all copies of the software, derivative works
% *    or modified versions, and any portions thereof, aswell as in all
% *    supporting documentation.
% * 2. All advertising materials mentioning features or use of this software
% *    must display the following acknowledgement:
% *      This product includes software developed by
% *      Inferno Nettverk A/S, Norway.
% * 3. The name of the author may not be used to endorse or promote products
% *    derived from this software without specific prior written permission.
% *
% * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
% * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
% * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
% * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
% * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
% * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
% * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
% * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
% * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
% * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
% *
% * Inferno Nettverk A/S requests users of this software to return to
% *
% *  Software Distribution Coordinator  or  sdc@inet.no
% *  Inferno Nettverk A/S
% *  Oslo Research Park
% *  Gaustadall閑n 21
% *  NO-0349 Oslo
% *  Norway
% *
% * any improvements or extensions that they make and grant Inferno Nettverk A/S
% * the rights to redistribute these changes.
% *
% */

\documentclass[a4paper, final, twoside, english]{article}
\usepackage[latin1]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{babel}
\usepackage{html}

\title{\emph{Dante}, Module \emph{Session}}
\author{
	Inferno Nettverk A/S \\
	Oslo Research Park   \\
	Gaustadall閑n 21	\\
	NO-0349 Oslo          \\
	Norway}
\date{$$$$Date: 2006/01/10 12:24:24 $$$$}

\makeindex

\begin{document}
\maketitle
\thispagestyle{empty}

\clearpage
\setcounter{page}{1}

\section{Description}
 The \emph{Session} module gives you control over how many con-current
 sessions the \emph{Dante} server will allow different user to
 create.

 It can be used to limit the number of active sessions going to
 certain not work-related web/ftp-sites for instance, or impose different
 limits on different users.

\section{Syntax}
 The syntax of the \texttt{bandwidth} statement is as follows:

 \verb"maxsessions: <sessions>"

 \texttt{sessions} is the maximum number of sessions that can be active.

\section{Semantics}
 The \texttt{maxsessions} statement integrates as a part of
 \emph{client-rules} or \emph{socks-rules}.  See \emph{sockd.conf(5)}
 for more information about these.

 The maximal number of sessions set for a rule will be shared by
 all clients matching that rule.  The \emph{Dante} server will
 distribute the sessions on a first come, first served basis.

 When the maximal number of sessions has been reached, future
 clients will not be allowed to create new socks sessions and
 will instead receive the socks error code indicating a general
 socks server failure.  These clients may re-try again later,
 and if one of the old clients has finished in the mean-time,
 and no new ones have become active, be granted access.

\section{Special notes}
 Sending the \emph{Dante} server a \texttt{SIGHUP} signal forces a reload
 of the configuration file.  It should be noted that this
 does not affect current sessions. 

 Changing e.g. a \emph{pass} statement to a \emph{block} statement,
 does not terminate the session of any existing client.
 Likewise, a reload of the configuration file does not let sessions
 created before the reload affect sessions created after the reload.

 This means that after a reload of the configuration file, the
 session counter for new sessions will be reset, and the possibly
 confusing situation might arise where more than the configured
 number of sessions exists con-currently.
 Eventually the old sessions will finish however, and the maximal
 number of sessions will be the the number currently configured,
 until a new reload of the configuration-file occurs.
 
\section{Examples}
 This section shows some examples of how one could use this module.

 \subsection{Limiting the number of clients negotiating}
  The below rule shows how one can limit the number of clients
  on the 10.0.0.0/24 net con-currently negotiating with the
  \emph{Dante} server to a total 10.  

  \begin{verbatim}
client-pass {
   from: 10.0.0.0/24 to: 0.0.0.0/0 
   maxsessions: 10
}
  \end{verbatim}

	Note that since this is a client-rule, it only limits the clients
	while they are negotiating.  It enforces no limitations on the
	number of clients once they have finished negotiating, and
	as thus, is of limited use.

 \subsection{Limiting the number of clients using the web}
  The next rule shows how one can limit the number of
  clients con-currently "surfing" the web to 10.

  \begin{verbatim}
pass {
   from: 0.0.0.0/0 to: 0.0.0.0/0 port http
   maxsessions: 10
}
  \end{verbatim}
   
	Since this is a socks-rule, it takes action when the clients
	have finished negotiating with the \emph{Dante} server.

   A last examples shows how one could limit a particular user,
   in this example, the user "monica", to one ftp-session at a time.

  \begin{verbatim}
pass {
   from: 0.0.0.0/0 to: 0.0.0.0/0 port ftp
   maxsessions: 1
   user: monica
}
  \end{verbatim}

\end{document}