mirror of
https://github.com/matrix-construct/construct
synced 2025-01-16 01:26:58 +01:00
Make flood control settings configurable by those who know exactly what they're doing.
From ircd-seven git changeset 29aa4203150337925a4f5c6e7da47be5394c2125 .
This commit is contained in:
parent
e732a57bd1
commit
e6e54763d9
8 changed files with 173 additions and 121 deletions
|
@ -497,7 +497,7 @@ general {
|
||||||
disable_auth = no;
|
disable_auth = no;
|
||||||
no_oper_flood = yes;
|
no_oper_flood = yes;
|
||||||
max_targets = 4;
|
max_targets = 4;
|
||||||
client_flood = 20;
|
client_flood_max_lines = 20;
|
||||||
use_whois_actually = no;
|
use_whois_actually = no;
|
||||||
oper_only_umodes = operwall, locops, servnotice;
|
oper_only_umodes = operwall, locops, servnotice;
|
||||||
oper_umodes = locops, servnotice, operwall, wallop;
|
oper_umodes = locops, servnotice, operwall, wallop;
|
||||||
|
|
|
@ -1167,11 +1167,6 @@ general {
|
||||||
*/
|
*/
|
||||||
max_targets = 4;
|
max_targets = 4;
|
||||||
|
|
||||||
/* client flood: maximum number of lines in a clients queue before
|
|
||||||
* they are dropped for flooding.
|
|
||||||
*/
|
|
||||||
client_flood = 20;
|
|
||||||
|
|
||||||
/* use_whois_actually: send clients requesting a whois a numeric
|
/* use_whois_actually: send clients requesting a whois a numeric
|
||||||
* giving the real IP of non-spoofed clients to prevent DNS abuse.
|
* giving the real IP of non-spoofed clients to prevent DNS abuse.
|
||||||
*/
|
*/
|
||||||
|
@ -1255,6 +1250,21 @@ general {
|
||||||
/* throttle_count: Number of connections within throttle_duration that it takes
|
/* throttle_count: Number of connections within throttle_duration that it takes
|
||||||
* for throttling to take effect */
|
* for throttling to take effect */
|
||||||
throttle_count = 4;
|
throttle_count = 4;
|
||||||
|
|
||||||
|
/* client flood_max_lines: maximum number of lines in a clients queue before
|
||||||
|
* they are dropped for flooding.
|
||||||
|
*/
|
||||||
|
client_flood_max_lines = 20;
|
||||||
|
|
||||||
|
/* Flood control settings. DO NOT CHANGE THESE without extensive discussion
|
||||||
|
* and testing by someone who knows exactly what they do.
|
||||||
|
*
|
||||||
|
* These settings replicate charybdis-3.3 behaviour.
|
||||||
|
*/
|
||||||
|
client_flood_burst_rate = 40;
|
||||||
|
client_flood_burst_max = 5;
|
||||||
|
client_flood_message_time = 1;
|
||||||
|
client_flood_message_num = 2;
|
||||||
};
|
};
|
||||||
|
|
||||||
modules {
|
modules {
|
||||||
|
|
|
@ -43,9 +43,13 @@
|
||||||
* just connected. this allows clients to rejoin multiple channels
|
* just connected. this allows clients to rejoin multiple channels
|
||||||
* without being so heavily penalised they excess flood.
|
* without being so heavily penalised they excess flood.
|
||||||
*/
|
*/
|
||||||
#define MAX_FLOOD 5
|
/*
|
||||||
|
* spb: Made these configurable
|
||||||
|
*/
|
||||||
|
#define MAX_FLOOD ConfigFileEntry.client_flood_burst_max
|
||||||
#define MAX_FLOOD_BURST MAX_FLOOD * 8
|
#define MAX_FLOOD_BURST MAX_FLOOD * 8
|
||||||
|
|
||||||
|
|
||||||
extern PF read_packet;
|
extern PF read_packet;
|
||||||
extern EVH flood_recalc;
|
extern EVH flood_recalc;
|
||||||
extern void flood_endgrace(struct Client *);
|
extern void flood_endgrace(struct Client *);
|
||||||
|
|
|
@ -205,7 +205,6 @@ struct config_file_entry
|
||||||
int min_nonwildcard;
|
int min_nonwildcard;
|
||||||
int min_nonwildcard_simple;
|
int min_nonwildcard_simple;
|
||||||
int default_floodcount;
|
int default_floodcount;
|
||||||
int client_flood;
|
|
||||||
int default_ident_timeout;
|
int default_ident_timeout;
|
||||||
int use_egd;
|
int use_egd;
|
||||||
int ping_cookie;
|
int ping_cookie;
|
||||||
|
@ -225,6 +224,13 @@ struct config_file_entry
|
||||||
int global_snotices;
|
int global_snotices;
|
||||||
int operspy_dont_care_user_info;
|
int operspy_dont_care_user_info;
|
||||||
int use_propagated_bans;
|
int use_propagated_bans;
|
||||||
|
|
||||||
|
int client_flood_max_lines;
|
||||||
|
int client_flood_burst_rate;
|
||||||
|
int client_flood_burst_max;
|
||||||
|
int client_flood_message_time;
|
||||||
|
int client_flood_message_num;
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
struct config_channel_entry
|
struct config_channel_entry
|
||||||
|
|
|
@ -122,11 +122,35 @@ static struct InfoStruct info_table[] = {
|
||||||
"Prepend 'Client Exit:' to user QUIT messages"
|
"Prepend 'Client Exit:' to user QUIT messages"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"client_flood",
|
"client_flood_max_lines",
|
||||||
OUTPUT_DECIMAL,
|
OUTPUT_DECIMAL,
|
||||||
&ConfigFileEntry.client_flood,
|
&ConfigFileEntry.client_flood_max_lines,
|
||||||
"Number of lines before a client Excess Flood's",
|
"Number of lines before a client Excess Flood's",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"client_flood_burst_rate",
|
||||||
|
OUTPUT_DECIMAL,
|
||||||
|
&ConfigFileEntry.client_flood_burst_rate,
|
||||||
|
"Rate at which burst lines are processed",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client_flood_burst_max",
|
||||||
|
OUTPUT_DECIMAL,
|
||||||
|
&ConfigFileEntry.client_flood_burst_max,
|
||||||
|
"Number of lines to permit at client_flood_burst_rate",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client_flood_message_num",
|
||||||
|
OUTPUT_DECIMAL,
|
||||||
|
&ConfigFileEntry.client_flood_message_num,
|
||||||
|
"Number of messages to allow per client_flood_message_time outside of burst",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client_flood_message_time",
|
||||||
|
OUTPUT_DECIMAL,
|
||||||
|
&ConfigFileEntry.client_flood_message_time,
|
||||||
|
"Time to allow per client_flood_message_num outside of burst",
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"connect_timeout",
|
"connect_timeout",
|
||||||
OUTPUT_DECIMAL,
|
OUTPUT_DECIMAL,
|
||||||
|
@ -626,9 +650,9 @@ static struct InfoStruct info_table[] = {
|
||||||
/* *INDENT-ON* */
|
/* *INDENT-ON* */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
** m_info
|
** m_info
|
||||||
** parv[1] = servername
|
** parv[1] = servername
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
m_info(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
|
m_info(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
|
||||||
{
|
{
|
||||||
|
@ -658,9 +682,9 @@ m_info(struct Client *client_p, struct Client *source_p, int parc, const char *p
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
** mo_info
|
** mo_info
|
||||||
** parv[1] = servername
|
** parv[1] = servername
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
mo_info(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
|
mo_info(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
|
||||||
{
|
{
|
||||||
|
|
|
@ -2207,7 +2207,6 @@ static struct ConfEntry conf_general_table[] =
|
||||||
{ "burst_away", CF_YESNO, NULL, 0, &ConfigFileEntry.burst_away },
|
{ "burst_away", CF_YESNO, NULL, 0, &ConfigFileEntry.burst_away },
|
||||||
{ "caller_id_wait", CF_TIME, NULL, 0, &ConfigFileEntry.caller_id_wait },
|
{ "caller_id_wait", CF_TIME, NULL, 0, &ConfigFileEntry.caller_id_wait },
|
||||||
{ "client_exit", CF_YESNO, NULL, 0, &ConfigFileEntry.client_exit },
|
{ "client_exit", CF_YESNO, NULL, 0, &ConfigFileEntry.client_exit },
|
||||||
{ "client_flood", CF_INT, NULL, 0, &ConfigFileEntry.client_flood },
|
|
||||||
{ "collision_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.collision_fnc },
|
{ "collision_fnc", CF_YESNO, NULL, 0, &ConfigFileEntry.collision_fnc },
|
||||||
{ "connect_timeout", CF_TIME, NULL, 0, &ConfigFileEntry.connect_timeout },
|
{ "connect_timeout", CF_TIME, NULL, 0, &ConfigFileEntry.connect_timeout },
|
||||||
{ "default_floodcount", CF_INT, NULL, 0, &ConfigFileEntry.default_floodcount },
|
{ "default_floodcount", CF_INT, NULL, 0, &ConfigFileEntry.default_floodcount },
|
||||||
|
@ -2252,6 +2251,11 @@ static struct ConfEntry conf_general_table[] =
|
||||||
{ "use_whois_actually", CF_YESNO, NULL, 0, &ConfigFileEntry.use_whois_actually },
|
{ "use_whois_actually", CF_YESNO, NULL, 0, &ConfigFileEntry.use_whois_actually },
|
||||||
{ "warn_no_nline", CF_YESNO, NULL, 0, &ConfigFileEntry.warn_no_nline },
|
{ "warn_no_nline", CF_YESNO, NULL, 0, &ConfigFileEntry.warn_no_nline },
|
||||||
{ "use_propagated_bans",CF_YESNO, NULL, 0, &ConfigFileEntry.use_propagated_bans },
|
{ "use_propagated_bans",CF_YESNO, NULL, 0, &ConfigFileEntry.use_propagated_bans },
|
||||||
|
{ "client_flood_max_lines", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_max_lines },
|
||||||
|
{ "client_flood_burst_rate", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_burst_rate },
|
||||||
|
{ "client_flood_burst_max", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_burst_max },
|
||||||
|
{ "client_flood_message_num", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_num },
|
||||||
|
{ "client_flood_message_time", CF_INT, NULL, 0, &ConfigFileEntry.client_flood_message_time },
|
||||||
{ "\0", 0, NULL, 0, NULL }
|
{ "\0", 0, NULL, 0, NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
17
src/packet.c
17
src/packet.c
|
@ -38,7 +38,6 @@
|
||||||
static char readBuf[READBUF_SIZE];
|
static char readBuf[READBUF_SIZE];
|
||||||
static void client_dopacket(struct Client *client_p, char *buffer, size_t length);
|
static void client_dopacket(struct Client *client_p, char *buffer, size_t length);
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* parse_client_queued - parse client queued messages
|
* parse_client_queued - parse client queued messages
|
||||||
*/
|
*/
|
||||||
|
@ -124,6 +123,9 @@ parse_client_queued(struct Client *client_p)
|
||||||
{
|
{
|
||||||
if(client_p->localClient->sent_parsed >= client_p->localClient->allow_read)
|
if(client_p->localClient->sent_parsed >= client_p->localClient->allow_read)
|
||||||
break;
|
break;
|
||||||
|
/* spb: Add second layer of throttling to n lines per second, even during burst */
|
||||||
|
if(client_p->localClient->actually_read >= ConfigFileEntry.client_flood_burst_rate)
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* allow opers 4 times the amount of messages as users. why 4?
|
/* allow opers 4 times the amount of messages as users. why 4?
|
||||||
|
@ -142,7 +144,9 @@ parse_client_queued(struct Client *client_p)
|
||||||
client_dopacket(client_p, readBuf, dolen);
|
client_dopacket(client_p, readBuf, dolen);
|
||||||
if(IsAnyDead(client_p))
|
if(IsAnyDead(client_p))
|
||||||
return;
|
return;
|
||||||
client_p->localClient->sent_parsed++;
|
|
||||||
|
client_p->localClient->sent_parsed += ConfigFileEntry.client_flood_message_time;
|
||||||
|
client_p->localClient->actually_read++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -188,14 +192,13 @@ flood_recalc(void *unused)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if(IsFloodDone(client_p))
|
if(IsFloodDone(client_p))
|
||||||
client_p->localClient->sent_parsed -= 2;
|
client_p->localClient->sent_parsed -= ConfigFileEntry.client_flood_message_num;
|
||||||
else
|
else
|
||||||
client_p->localClient->sent_parsed = 0;
|
client_p->localClient->sent_parsed = 0;
|
||||||
|
|
||||||
if(client_p->localClient->sent_parsed < 0)
|
if(client_p->localClient->sent_parsed < 0)
|
||||||
client_p->localClient->sent_parsed = 0;
|
client_p->localClient->sent_parsed = 0;
|
||||||
|
|
||||||
if(--client_p->localClient->actually_read < 0)
|
|
||||||
client_p->localClient->actually_read = 0;
|
client_p->localClient->actually_read = 0;
|
||||||
|
|
||||||
parse_client_queued(client_p);
|
parse_client_queued(client_p);
|
||||||
|
@ -217,7 +220,6 @@ flood_recalc(void *unused)
|
||||||
if(client_p->localClient->sent_parsed < 0)
|
if(client_p->localClient->sent_parsed < 0)
|
||||||
client_p->localClient->sent_parsed = 0;
|
client_p->localClient->sent_parsed = 0;
|
||||||
|
|
||||||
if(--client_p->localClient->actually_read < 0)
|
|
||||||
client_p->localClient->actually_read = 0;
|
client_p->localClient->actually_read = 0;
|
||||||
|
|
||||||
parse_client_queued(client_p);
|
parse_client_queued(client_p);
|
||||||
|
@ -231,7 +233,6 @@ void
|
||||||
read_packet(rb_fde_t * F, void *data)
|
read_packet(rb_fde_t * F, void *data)
|
||||||
{
|
{
|
||||||
struct Client *client_p = data;
|
struct Client *client_p = data;
|
||||||
struct LocalUser *lclient_p = client_p->localClient;
|
|
||||||
int length = 0;
|
int length = 0;
|
||||||
int lbuf_len;
|
int lbuf_len;
|
||||||
|
|
||||||
|
@ -288,8 +289,6 @@ read_packet(rb_fde_t * F, void *data)
|
||||||
|
|
||||||
lbuf_len = rb_linebuf_parse(&client_p->localClient->buf_recvq, readBuf, length, binary);
|
lbuf_len = rb_linebuf_parse(&client_p->localClient->buf_recvq, readBuf, length, binary);
|
||||||
|
|
||||||
lclient_p->actually_read += lbuf_len;
|
|
||||||
|
|
||||||
if(IsAnyDead(client_p))
|
if(IsAnyDead(client_p))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -301,7 +300,7 @@ read_packet(rb_fde_t * F, void *data)
|
||||||
|
|
||||||
/* Check to make sure we're not flooding */
|
/* Check to make sure we're not flooding */
|
||||||
if(!IsAnyServer(client_p) &&
|
if(!IsAnyServer(client_p) &&
|
||||||
(rb_linebuf_alloclen(&client_p->localClient->buf_recvq) > ConfigFileEntry.client_flood))
|
(rb_linebuf_alloclen(&client_p->localClient->buf_recvq) > ConfigFileEntry.client_flood_max_lines))
|
||||||
{
|
{
|
||||||
if(!(ConfigFileEntry.no_oper_flood && IsOper(client_p)))
|
if(!(ConfigFileEntry.no_oper_flood && IsOper(client_p)))
|
||||||
{
|
{
|
||||||
|
|
13
src/s_conf.c
13
src/s_conf.c
|
@ -784,7 +784,6 @@ set_default_conf(void)
|
||||||
ConfigFileEntry.min_nonwildcard_simple = 3;
|
ConfigFileEntry.min_nonwildcard_simple = 3;
|
||||||
ConfigFileEntry.default_floodcount = 8;
|
ConfigFileEntry.default_floodcount = 8;
|
||||||
ConfigFileEntry.default_ident_timeout = 5;
|
ConfigFileEntry.default_ident_timeout = 5;
|
||||||
ConfigFileEntry.client_flood = CLIENT_FLOOD_DEFAULT;
|
|
||||||
ConfigFileEntry.tkline_expire_notices = 0;
|
ConfigFileEntry.tkline_expire_notices = 0;
|
||||||
|
|
||||||
ConfigFileEntry.reject_after_count = 5;
|
ConfigFileEntry.reject_after_count = 5;
|
||||||
|
@ -793,6 +792,12 @@ set_default_conf(void)
|
||||||
ConfigFileEntry.throttle_count = 4;
|
ConfigFileEntry.throttle_count = 4;
|
||||||
ConfigFileEntry.throttle_duration = 60;
|
ConfigFileEntry.throttle_duration = 60;
|
||||||
|
|
||||||
|
ConfigFileEntry.client_flood_max_lines = CLIENT_FLOOD_DEFAULT;
|
||||||
|
ConfigFileEntry.client_flood_burst_rate = 5;
|
||||||
|
ConfigFileEntry.client_flood_burst_max = 5;
|
||||||
|
ConfigFileEntry.client_flood_message_time = 1;
|
||||||
|
ConfigFileEntry.client_flood_message_num = 2;
|
||||||
|
|
||||||
ServerInfo.default_max_clients = MAXCONNECTIONS;
|
ServerInfo.default_max_clients = MAXCONNECTIONS;
|
||||||
|
|
||||||
if (!alias_dict)
|
if (!alias_dict)
|
||||||
|
@ -858,9 +863,9 @@ validate_conf(void)
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if((ConfigFileEntry.client_flood < CLIENT_FLOOD_MIN) ||
|
if((ConfigFileEntry.client_flood_max_lines < CLIENT_FLOOD_MIN) ||
|
||||||
(ConfigFileEntry.client_flood > CLIENT_FLOOD_MAX))
|
(ConfigFileEntry.client_flood_max_lines > CLIENT_FLOOD_MAX))
|
||||||
ConfigFileEntry.client_flood = CLIENT_FLOOD_MAX;
|
ConfigFileEntry.client_flood_max_lines = CLIENT_FLOOD_MAX;
|
||||||
|
|
||||||
if(!split_users || !split_servers ||
|
if(!split_users || !split_servers ||
|
||||||
(!ConfigChannel.no_create_on_split && !ConfigChannel.no_join_on_split))
|
(!ConfigChannel.no_create_on_split && !ConfigChannel.no_join_on_split))
|
||||||
|
|
Loading…
Reference in a new issue