summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2009-11-11 19:52:03 +0000
committerdanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2009-11-11 19:52:03 +0000
commit0f87ad0d4b97874823c94a5168a06dcd444ad559 (patch)
tree81b0aba7a008a140bf326608e6b6670b31b5c958
parent704c793d479f835180e9d89d82cd21a2c6c6521d (diff)
Add fine-grained command flood controls
This reintrouces "Excess Flood" quits for those that prefer it to fakelag, and allows the maximum command rate to be set in the connect block. git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12093 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r--conf/inspircd.conf.example26
-rw-r--r--include/users.h23
-rw-r--r--src/command_parse.cpp2
-rw-r--r--src/commands/cmd_nick.cpp2
-rw-r--r--src/commands/cmd_oper.cpp2
-rw-r--r--src/configreader.cpp2
-rw-r--r--src/modules/m_cloaking.cpp2
-rw-r--r--src/modules/m_testnet.cpp4
-rw-r--r--src/userprocess.cpp8
-rw-r--r--src/users.cpp34
10 files changed, 71 insertions, 34 deletions
diff --git a/conf/inspircd.conf.example b/conf/inspircd.conf.example
index 0b4099a40..baadf24d6 100644
--- a/conf/inspircd.conf.example
+++ b/conf/inspircd.conf.example
@@ -307,17 +307,35 @@
hardsendq="1048576"
# softsendq: amount of data in a client's send queue before the server
- # begins delaying their commands
+ # begins delaying their commands in order to allow the sendq to drain
softsendq="8192"
# recvq: amount of data allowed in a client's queue before they are dropped.
recvq="8192"
- # threshold: This specifies the seconds worth of penalty a user is allowed to have
- # before fake lag is applied to them. If this value is set too low, every action will cause throttling.
- # Set to 0 to disable.
+ # threshold: This specifies the amount of command penalty a user is allowed to have
+ # before being quit or fakelagged due to flood. Normal commands have a penalty of 1,
+ # ones such as /OPER have penalties up to 10.
+ #
+ # If you are not using fakelag, this should be at least 20 to avoid excess flood kills
+ # from processing some commands.
threshold="10"
+ # commandrate: This specifies the maximum rate that commands can be processed.
+ # If commands are sent more rapidly, the user's penalty will increase and they will
+ # either be fakelagged or killed when they reach the threshold
+ #
+ # Units are millicommands per second, so 1000 means one line per second.
+ commandrate="1000"
+
+ # fakelag: Use fakelag instead of killing users for excessive flood
+ #
+ # Fake lag stops command processing for a user when a flood is detected rather than
+ # immediately killing them; their commands are held in the recvq and processed later
+ # as the user's command penalty drops. Note that if this is enabled, flooders will
+ # quit with "RecvQ exceeded" rather than "Excess Flood".
+ fakelag="on"
+
# localmax: Maximum local connections per IP.
localmax="3"
diff --git a/include/users.h b/include/users.h
index 5cf7669af..e1171e2c3 100644
--- a/include/users.h
+++ b/include/users.h
@@ -71,6 +71,9 @@ struct CoreExport ConnectClass : public refcountbase
*/
char type;
+ /** True if this class uses fake lag to manage flood, false if it kills */
+ bool fakelag;
+
/** Connect class name
*/
std::string name;
@@ -111,7 +114,10 @@ struct CoreExport ConnectClass : public refcountbase
/** Seconds worth of penalty before penalty system activates
*/
- unsigned long penaltythreshold;
+ unsigned int penaltythreshold;
+
+ /** Maximum rate of commands (units: millicommands per second) */
+ unsigned int commandrate;
/** Local max when connecting by this connection class
*/
@@ -188,9 +194,14 @@ struct CoreExport ConnectClass : public refcountbase
/** Returns the penalty threshold value
*/
- unsigned long GetPenaltyThreshold()
+ unsigned int GetPenaltyThreshold()
+ {
+ return (penaltythreshold ? penaltythreshold : 10);
+ }
+
+ unsigned int GetCommandRate()
{
- return penaltythreshold;
+ return commandrate ? commandrate : 1000;
}
/** Returusn the maximum number of local sessions
@@ -787,10 +798,10 @@ class CoreExport LocalUser : public User
*/
time_t nping;
- /** This value contains how far into the penalty threshold the user is. Once its over
- * the penalty threshold then commands are held and processed on-timer.
+ /** This value contains how far into the penalty threshold the user is.
+ * This is used either to enable fake lag or for excess flood quits
*/
- int Penalty;
+ unsigned int CommandFloodPenalty;
/** Stored reverse lookup from res_forward. Should not be used after resolution.
*/
diff --git a/src/command_parse.cpp b/src/command_parse.cpp
index 772b23117..86f801d3e 100644
--- a/src/command_parse.cpp
+++ b/src/command_parse.cpp
@@ -252,7 +252,7 @@ bool CommandParser::ProcessCommand(User *user, std::string &cmd)
if (IS_LOCAL(user) && !user->HasPrivPermission("users/flood/no-throttle"))
{
// If it *doesn't* exist, give it a slightly heftier penalty than normal to deter flooding us crap
- IS_LOCAL(user)->Penalty += cm != cmdlist.end() ? cm->second->Penalty : 2;
+ IS_LOCAL(user)->CommandFloodPenalty += cm != cmdlist.end() ? cm->second->Penalty * 1000 : 2000;
}
diff --git a/src/commands/cmd_nick.cpp b/src/commands/cmd_nick.cpp
index 489551dd1..eccf2327e 100644
--- a/src/commands/cmd_nick.cpp
+++ b/src/commands/cmd_nick.cpp
@@ -203,7 +203,7 @@ CmdResult CommandNick::Handle (const std::vector<std::string>& parameters, User
if (user->registered == REG_ALL)
{
if (IS_LOCAL(user))
- IS_LOCAL(user)->Penalty += 10;
+ IS_LOCAL(user)->CommandFloodPenalty += 5000;
FOREACH_MOD(I_OnUserPostNick,OnUserPostNick(user, oldnick));
}
diff --git a/src/commands/cmd_oper.cpp b/src/commands/cmd_oper.cpp
index 42ea0c07d..378db4303 100644
--- a/src/commands/cmd_oper.cpp
+++ b/src/commands/cmd_oper.cpp
@@ -89,7 +89,7 @@ CmdResult CommandOper::HandleLocal(const std::vector<std::string>& parameters, L
// tell them they suck, and lag them up to help prevent brute-force attacks
user->WriteNumeric(491, "%s :Invalid oper credentials",user->nick.c_str());
- user->Penalty += 10;
+ user->CommandFloodPenalty += 10000;
snprintf(broadcast, MAXBUF, "WARNING! Failed oper attempt by %s!%s@%s using login '%s': The following fields do not match: %s", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), parameters[0].c_str(), fields.c_str());
ServerInstance->SNO->WriteToSnoMask('o',std::string(broadcast));
diff --git a/src/configreader.cpp b/src/configreader.cpp
index f81283dc7..aebf85ca8 100644
--- a/src/configreader.cpp
+++ b/src/configreader.cpp
@@ -366,6 +366,8 @@ void ServerConfig::CrossCheckConnectBlocks(ServerConfig* current)
me->hardsendqmax = tag->getInt("hardsendq", me->hardsendqmax);
me->recvqmax = tag->getInt("recvq", me->recvqmax);
me->penaltythreshold = tag->getInt("threshold", me->penaltythreshold);
+ me->commandrate = tag->getInt("commandrate", me->commandrate);
+ me->fakelag = tag->getBool("fakelag", me->fakelag);
me->maxlocal = tag->getInt("localmax", me->maxlocal);
me->maxglobal = tag->getInt("globalmax", me->maxglobal);
me->port = tag->getInt("port", me->port);
diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp
index 263e28210..0a4e58edf 100644
--- a/src/modules/m_cloaking.cpp
+++ b/src/modules/m_cloaking.cpp
@@ -57,7 +57,7 @@ class CloakUser : public ModeHandler
}
/* don't allow this user to spam modechanges */
- IS_LOCAL(dest)->Penalty += 5;
+ IS_LOCAL(dest)->CommandFloodPenalty += 5000;
if (adding)
{
diff --git a/src/modules/m_testnet.cpp b/src/modules/m_testnet.cpp
index ff37adf3c..0bc33f002 100644
--- a/src/modules/m_testnet.cpp
+++ b/src/modules/m_testnet.cpp
@@ -190,9 +190,9 @@ class CommandTest : public Command
for(unsigned int i=0; i < count; i++)
user->Write(line);
}
- else if (parameters[0] == "freeze" && IS_LOCAL(user))
+ else if (parameters[0] == "freeze" && IS_LOCAL(user) && parameters.size() > 1)
{
- IS_LOCAL(user)->Penalty += 100;
+ IS_LOCAL(user)->CommandFloodPenalty += atoi(parameters[1].c_str());
}
else if (parameters[0] == "shutdown" && IS_LOCAL(user))
{
diff --git a/src/userprocess.cpp b/src/userprocess.cpp
index 8aa76a1fd..781f8ae52 100644
--- a/src/userprocess.cpp
+++ b/src/userprocess.cpp
@@ -55,9 +55,13 @@ void InspIRCd::DoBackgroundUserStuff()
if (curr->quitting)
continue;
- if (curr->Penalty)
+ if (curr->CommandFloodPenalty)
{
- curr->Penalty--;
+ unsigned int rate = curr->MyClass->GetCommandRate();
+ if (curr->CommandFloodPenalty > rate)
+ curr->CommandFloodPenalty -= rate;
+ else
+ curr->CommandFloodPenalty = 0;
curr->eh.OnDataReady();
}
diff --git a/src/users.cpp b/src/users.cpp
index ec6fd0571..98c362f95 100644
--- a/src/users.cpp
+++ b/src/users.cpp
@@ -244,7 +244,7 @@ LocalUser::LocalUser(int myfd, irc::sockets::sockaddrs* client, irc::sockets::so
{
bytes_in = bytes_out = cmds_in = cmds_out = 0;
server_sa.sa.sa_family = AF_UNSPEC;
- Penalty = 0;
+ CommandFloodPenalty = 0;
lastping = nping = 0;
eh.SetFd(myfd);
memcpy(&client_sa, client, sizeof(irc::sockets::sockaddrs));
@@ -509,11 +509,11 @@ void UserIOHandler::OnDataReady()
unsigned long sendqmax = ULONG_MAX;
if (!user->HasPrivPermission("users/flood/increased-buffers"))
sendqmax = user->MyClass->GetSendqSoftMax();
- int penaltymax = user->MyClass->GetPenaltyThreshold();
- if (penaltymax == 0 || user->HasPrivPermission("users/flood/no-fakelag"))
- penaltymax = INT_MAX;
+ unsigned long penaltymax = ULONG_MAX;
+ if (!user->HasPrivPermission("users/flood/no-fakelag"))
+ penaltymax = user->MyClass->GetPenaltyThreshold() * 1000;
- while (user->Penalty < penaltymax && getSendQSize() < sendqmax)
+ while (user->CommandFloodPenalty < penaltymax && getSendQSize() < sendqmax)
{
std::string line;
line.reserve(MAXBUF);
@@ -550,8 +550,10 @@ eol_found:
return;
}
// Add pseudo-penalty so that we continue processing after sendq recedes
- if (user->Penalty == 0 && getSendQSize() >= sendqmax)
- user->Penalty++;
+ if (user->CommandFloodPenalty == 0 && getSendQSize() >= sendqmax)
+ user->CommandFloodPenalty++;
+ if (user->CommandFloodPenalty >= penaltymax && !user->MyClass->fakelag)
+ ServerInstance->Users->QuitUser(user, "Excess Flood");
}
void UserIOHandler::AddWriteBuf(const std::string &data)
@@ -1689,19 +1691,19 @@ const std::string& FakeUser::GetFullRealHost()
}
ConnectClass::ConnectClass(ConfigTag* tag, char t, const std::string& mask)
- : config(tag), type(t), name("unnamed"), registration_timeout(0), host(mask),
- pingtime(0), pass(""), hash(""), softsendqmax(0), hardsendqmax(0),
- recvqmax(0), penaltythreshold(0), maxlocal(0), maxglobal(0), maxchans(0), port(0), limit(0)
+ : config(tag), type(t), fakelag(true), name("unnamed"), registration_timeout(0), host(mask),
+ pingtime(0), pass(""), hash(""), softsendqmax(0), hardsendqmax(0), recvqmax(0),
+ penaltythreshold(0), commandrate(0), maxlocal(0), maxglobal(0), maxchans(0), port(0), limit(0)
{
}
ConnectClass::ConnectClass(ConfigTag* tag, char t, const std::string& mask, const ConnectClass& parent)
- : config(tag), type(t), name("unnamed"),
- registration_timeout(parent.registration_timeout), host(mask),
- pingtime(parent.pingtime), pass(parent.pass), hash(parent.hash),
- softsendqmax(parent.softsendqmax), hardsendqmax(parent.hardsendqmax),
- recvqmax(parent.recvqmax), penaltythreshold(parent.penaltythreshold), maxlocal(parent.maxlocal),
- maxglobal(parent.maxglobal), maxchans(parent.maxchans),
+ : config(tag), type(t), fakelag(parent.fakelag), name("unnamed"),
+ registration_timeout(parent.registration_timeout), host(mask), pingtime(parent.pingtime),
+ pass(parent.pass), hash(parent.hash), softsendqmax(parent.softsendqmax),
+ hardsendqmax(parent.hardsendqmax), recvqmax(parent.recvqmax),
+ penaltythreshold(parent.penaltythreshold), commandrate(parent.commandrate),
+ maxlocal(parent.maxlocal), maxglobal(parent.maxglobal), maxchans(parent.maxchans),
port(parent.port), limit(parent.limit)
{
}