MirrorHub/construct
0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-12-26 15:33:54 +01:00
Code Issues Releases Wiki Activity

Make flood control settings configurable by those who know exactly what they're doing.

Browse source 
From ircd-seven git changeset 29aa4203150337925a4f5c6e7da47be5394c2125 .
This commit is contained in:
Stephen Bennett 2011-03-27 16:35:26 -04:00
parent e732a57bd1
commit e6e54763d9
8 changed files with 173 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/example.conf
View file

@ -497,7 +497,7 @@ general {
disable_auth = no;
no_oper_flood = yes;
max_targets = 4;
client_flood = 20;
client_flood_max_lines = 20;
use_whois_actually = no;
oper_only_umodes = operwall, locops, servnotice;
oper_umodes = locops, servnotice, operwall, wallop;

20
doc/reference.conf
View file

@ -1167,11 +1167,6 @@ general {
*/
max_targets = 4;
/* client flood: maximum number of lines in a clients queue before
* they are dropped for flooding.
*/
client_flood = 20;
/* use_whois_actually: send clients requesting a whois a numeric
* giving the real IP of non-spoofed clients to prevent DNS abuse.
*/
@ -1255,6 +1250,21 @@ general {
/* throttle_count: Number of connections within throttle_duration that it takes
* for throttling to take effect */
throttle_count = 4;
/* client flood_max_lines: maximum number of lines in a clients queue before
* they are dropped for flooding.
*/
client_flood_max_lines = 20;
/* Flood control settings. DO NOT CHANGE THESE without extensive discussion
* and testing by someone who knows exactly what they do.
*
* These settings replicate charybdis-3.3 behaviour.
*/
client_flood_burst_rate = 40;
client_flood_burst_max = 5;
client_flood_message_time = 1;
client_flood_message_num = 2;
};
modules {

6
include/packet.h
View file

@ -43,9 +43,13 @@
* just connected. this allows clients to rejoin multiple channels
* without being so heavily penalised they excess flood.
*/
#define MAX_FLOOD 5
/*
* spb: Made these configurable
*/
#define MAX_FLOOD ConfigFileEntry.client_flood_burst_max
#define MAX_FLOOD_BURST MAX_FLOOD * 8
extern PF read_packet;
extern EVH flood_recalc;
extern void flood_endgrace(struct Client *);

8
include/s_conf.h
View file

@ -205,7 +205,6 @@ struct config_file_entry
int min_nonwildcard;
int min_nonwildcard_simple;
int default_floodcount;
int client_flood;
int default_ident_timeout;
int use_egd;
int ping_cookie;
@ -225,6 +224,13 @@ struct config_file_entry
int global_snotices;
int operspy_dont_care_user_info;
int use_propagated_bans;
int client_flood_max_lines;
int client_flood_burst_rate;
int client_flood_burst_max;
int client_flood_message_time;
int client_flood_message_num;
};
struct config_channel_entry

218
modules/m_info.c
View file

@ -122,11 +122,35 @@ static struct InfoStruct info_table[] = {
"Prepend 'Client Exit:' to user QUIT messages"
},
{
"client_flood",
"client_flood_max_lines",
OUTPUT_DECIMAL,
&ConfigFileEntry.client_flood,
&ConfigFileEntry.client_flood_max_lines,
"Number of lines before a client Excess Flood's",
},
{
"client_flood_burst_rate",
OUTPUT_DECIMAL,
&ConfigFileEntry.client_flood_burst_rate,
"Rate at which burst lines are processed",
},
{
"client_flood_burst_max",
OUTPUT_DECIMAL,
&ConfigFileEntry.client_flood_burst_max,
"Number of lines to permit at client_flood_burst_rate",
},
{
"client_flood_message_num",
OUTPUT_DECIMAL,
&ConfigFileEntry.client_flood_message_num,
"Number of messages to allow per client_flood_message_time outside of burst",
},
{
"client_flood_message_time",
OUTPUT_DECIMAL,
&ConfigFileEntry.client_flood_message_time,
"Time to allow per client_flood_message_num outside of burst",
},
{
"connect_timeout",
OUTPUT_DECIMAL,
@ -626,9 +650,9 @@ static struct InfoStruct info_table[] = {
/* *INDENT-ON* */
/*
** m_info
** parv[1] = servername
*/
** m_info
** parv[1] = servername
*/
static int
m_info(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
@ -638,7 +662,7 @@ m_info(struct Client *client_p, struct Client *source_p, int parc, const char *p
{
/* safe enough to give this on a local connect only */
sendto_one(source_p, form_str(RPL_LOAD2HI),
me.name, source_p->name, "INFO");
me.name, source_p->name, "INFO");
sendto_one_numeric(source_p, RPL_ENDOFINFO, form_str(RPL_ENDOFINFO));
return 0;
}
@ -658,9 +682,9 @@ m_info(struct Client *client_p, struct Client *source_p, int parc, const char *p
}
/*
** mo_info
** parv[1] = servername
*/
** mo_info
** parv[1] = servername
*/
static int
mo_info(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
@ -716,12 +740,12 @@ send_birthdate_online_time(struct Client *source_p)
{
char tbuf[26]; /* this needs to be 26 - see ctime_r manpage */
sendto_one(source_p, ":%s %d %s :Birth Date: %s, compile # %s",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p), creation, generation);
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p), creation, generation);
sendto_one(source_p, ":%s %d %s :On-line since %s",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p), rb_ctime(startup_time, tbuf, sizeof(tbuf)));
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p), rb_ctime(startup_time, tbuf, sizeof(tbuf)));
}
/*
@ -746,18 +770,18 @@ send_conf_options(struct Client *source_p)
if(infoptr->intvalue)
{
sendto_one(source_p, ":%s %d %s :%-30s %-5d [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
infoptr->name, infoptr->intvalue,
infoptr->desc);
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
infoptr->name, infoptr->intvalue,
infoptr->desc);
}
else
{
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
infoptr->name, infoptr->strvalue,
infoptr->desc);
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
infoptr->name, infoptr->strvalue,
infoptr->desc);
}
}
@ -771,95 +795,95 @@ send_conf_options(struct Client *source_p)
/*
* For "char *" references
*/
case OUTPUT_STRING:
{
char *option = *((char **) info_table[i].option);
case OUTPUT_STRING:
{
char *option = *((char **) info_table[i].option);
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
info_table[i].name,
option ? option : "NONE",
info_table[i].desc ? info_table[i].desc : "<none>");
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
info_table[i].name,
option ? option : "NONE",
info_table[i].desc ? info_table[i].desc : "<none>");
break;
}
/*
* For "char foo[]" references
*/
case OUTPUT_STRING_PTR:
{
char *option = (char *) info_table[i].option;
break;
}
/*
* For "char foo[]" references
*/
case OUTPUT_STRING_PTR:
{
char *option = (char *) info_table[i].option;
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
info_table[i].name,
EmptyString(option) ? "NONE" : option,
info_table[i].desc ? info_table[i].desc : "<none>");
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
info_table[i].name,
EmptyString(option) ? "NONE" : option,
info_table[i].desc ? info_table[i].desc : "<none>");
break;
}
/*
* Output info_table[i].option as a decimal value.
*/
case OUTPUT_DECIMAL:
{
int option = *((int *) info_table[i].option);
break;
}
/*
* Output info_table[i].option as a decimal value.
*/
case OUTPUT_DECIMAL:
{
int option = *((int *) info_table[i].option);
sendto_one(source_p, ":%s %d %s :%-30s %-5d [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
info_table[i].name,
option,
info_table[i].desc ? info_table[i].desc : "<none>");
sendto_one(source_p, ":%s %d %s :%-30s %-5d [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
info_table[i].name,
option,
info_table[i].desc ? info_table[i].desc : "<none>");
break;
}
break;
}
/*
* Output info_table[i].option as "ON" or "OFF"
*/
case OUTPUT_BOOLEAN:
{
int option = *((int *) info_table[i].option);
/*
* Output info_table[i].option as "ON" or "OFF"
*/
case OUTPUT_BOOLEAN:
{
int option = *((int *) info_table[i].option);
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
info_table[i].name,
option ? "ON" : "OFF",
info_table[i].desc ? info_table[i].desc : "<none>");
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
info_table[i].name,
option ? "ON" : "OFF",
info_table[i].desc ? info_table[i].desc : "<none>");
break;
}
/*
* Output info_table[i].option as "YES" or "NO"
*/
case OUTPUT_BOOLEAN_YN:
{
int option = *((int *) info_table[i].option);
break;
}
/*
* Output info_table[i].option as "YES" or "NO"
*/
case OUTPUT_BOOLEAN_YN:
{
int option = *((int *) info_table[i].option);
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
info_table[i].name,
option ? "YES" : "NO",
info_table[i].desc ? info_table[i].desc : "<none>");
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
get_id(&me, source_p), RPL_INFO,
get_id(source_p, source_p),
info_table[i].name,
option ? "YES" : "NO",
info_table[i].desc ? info_table[i].desc : "<none>");
break;
}
break;
}
case OUTPUT_BOOLEAN2:
{
int option = *((int *) info_table[i].option);
case OUTPUT_BOOLEAN2:
{
int option = *((int *) info_table[i].option);
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
me.name, RPL_INFO, source_p->name,
info_table[i].name,
option ? ((option == 1) ? "MASK" : "YES") : "NO",
info_table[i].desc ? info_table[i].desc : "<none>");
} /* switch (info_table[i].output_type) */
sendto_one(source_p, ":%s %d %s :%-30s %-5s [%-30s]",
me.name, RPL_INFO, source_p->name,
info_table[i].name,
option ? ((option == 1) ? "MASK" : "YES") : "NO",
info_table[i].desc ? info_table[i].desc : "<none>");
} /* switch (info_table[i].output_type) */
}
} /* forloop */

6
src/newconf.c
View file

@ -2207,7 +2207,6 @@ static struct ConfEntry conf_general_table[] =
{ "burst_away", CF_YESNO, NULL, 0, &ConfigFileEntry.burst_away },
{ "caller_id_wait", CF_TIME, NULL, 0, &ConfigFileEntry.caller_id_wait },
{ "client_exit", CF_YESNO, NULL, 0, &ConfigFileEntry.client_exit },
{ "client_flood", CF_INT, NULL, 0, &ConfigFileEntry.client_flood },
{ "collision_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.collision_fnc },
{ "connect_timeout", CF_TIME, NULL, 0, &ConfigFileEntry.connect_timeout },
{ "default_floodcount", CF_INT, NULL, 0, &ConfigFileEntry.default_floodcount },
@ -2252,6 +2251,11 @@ static struct ConfEntry conf_general_table[] =
{ "use_whois_actually", CF_YESNO, NULL, 0, &ConfigFileEntry.use_whois_actually },
{ "warn_no_nline", CF_YESNO, NULL, 0, &ConfigFileEntry.warn_no_nline },
{ "use_propagated_bans",CF_YESNO, NULL, 0, &ConfigFileEntry.use_propagated_bans },
{ "client_flood_max_lines", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_max_lines },
{ "client_flood_burst_rate", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_burst_rate },
{ "client_flood_burst_max", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_burst_max },
{ "client_flood_message_num", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_num },
{ "client_flood_message_time", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_time },
{ "\0", 0, NULL, 0, NULL }
};

21
src/packet.c
View file

@ -38,7 +38,6 @@
static char readBuf[READBUF_SIZE];
static void client_dopacket(struct Client *client_p, char *buffer, size_t length);
/*
* parse_client_queued - parse client queued messages
*/
@ -124,6 +123,9 @@ parse_client_queued(struct Client *client_p)
{
if(client_p->localClient->sent_parsed >= client_p->localClient->allow_read)
break;
/* spb: Add second layer of throttling to n lines per second, even during burst */
if(client_p->localClient->actually_read >= ConfigFileEntry.client_flood_burst_rate)
break;
}
/* allow opers 4 times the amount of messages as users. why 4?
@ -142,7 +144,9 @@ parse_client_queued(struct Client *client_p)
client_dopacket(client_p, readBuf, dolen);
if(IsAnyDead(client_p))
return;
client_p->localClient->sent_parsed++;
client_p->localClient->sent_parsed += ConfigFileEntry.client_flood_message_time;
client_p->localClient->actually_read++;
}
}
}
@ -188,15 +192,14 @@ flood_recalc(void *unused)
continue;
if(IsFloodDone(client_p))
client_p->localClient->sent_parsed -= 2;
client_p->localClient->sent_parsed -= ConfigFileEntry.client_flood_message_num;
else
client_p->localClient->sent_parsed = 0;
if(client_p->localClient->sent_parsed < 0)
client_p->localClient->sent_parsed = 0;
if(--client_p->localClient->actually_read < 0)
client_p->localClient->actually_read = 0;
client_p->localClient->actually_read = 0;
parse_client_queued(client_p);
@ -217,8 +220,7 @@ flood_recalc(void *unused)
if(client_p->localClient->sent_parsed < 0)
client_p->localClient->sent_parsed = 0;
if(--client_p->localClient->actually_read < 0)
client_p->localClient->actually_read = 0;
client_p->localClient->actually_read = 0;
parse_client_queued(client_p);
}
@ -231,7 +233,6 @@ void
read_packet(rb_fde_t * F, void *data)
{
struct Client *client_p = data;
struct LocalUser *lclient_p = client_p->localClient;
int length = 0;
int lbuf_len;
@ -288,8 +289,6 @@ read_packet(rb_fde_t * F, void *data)
lbuf_len = rb_linebuf_parse(&client_p->localClient->buf_recvq, readBuf, length, binary);
lclient_p->actually_read += lbuf_len;
if(IsAnyDead(client_p))
return;
@ -301,7 +300,7 @@ read_packet(rb_fde_t * F, void *data)
/* Check to make sure we're not flooding */
if(!IsAnyServer(client_p) &&
(rb_linebuf_alloclen(&client_p->localClient->buf_recvq) > ConfigFileEntry.client_flood))
(rb_linebuf_alloclen(&client_p->localClient->buf_recvq) > ConfigFileEntry.client_flood_max_lines))
{
if(!(ConfigFileEntry.no_oper_flood && IsOper(client_p)))
{

13
src/s_conf.c
View file

@ -784,7 +784,6 @@ set_default_conf(void)
ConfigFileEntry.min_nonwildcard_simple = 3;
ConfigFileEntry.default_floodcount = 8;
ConfigFileEntry.default_ident_timeout = 5;
ConfigFileEntry.client_flood = CLIENT_FLOOD_DEFAULT;
ConfigFileEntry.tkline_expire_notices = 0;
ConfigFileEntry.reject_after_count = 5;
@ -793,6 +792,12 @@ set_default_conf(void)
ConfigFileEntry.throttle_count = 4;
ConfigFileEntry.throttle_duration = 60;
ConfigFileEntry.client_flood_max_lines = CLIENT_FLOOD_DEFAULT;
ConfigFileEntry.client_flood_burst_rate = 5;
ConfigFileEntry.client_flood_burst_max = 5;
ConfigFileEntry.client_flood_message_time = 1;
ConfigFileEntry.client_flood_message_num = 2;
ServerInfo.default_max_clients = MAXCONNECTIONS;
if (!alias_dict)
@ -858,9 +863,9 @@ validate_conf(void)
}
if((ConfigFileEntry.client_flood < CLIENT_FLOOD_MIN) ||
(ConfigFileEntry.client_flood > CLIENT_FLOOD_MAX))
ConfigFileEntry.client_flood = CLIENT_FLOOD_MAX;
if((ConfigFileEntry.client_flood_max_lines < CLIENT_FLOOD_MIN) ||
(ConfigFileEntry.client_flood_max_lines > CLIENT_FLOOD_MAX))
ConfigFileEntry.client_flood_max_lines = CLIENT_FLOOD_MAX;
if(!split_users || !split_servers ||
(!ConfigChannel.no_create_on_split && !ConfigChannel.no_join_on_split))