summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorspecial <special@e03df62e-2008-0410-955e-edbf42e46eb7>2006-06-22 13:32:52 +0000
committerspecial <special@e03df62e-2008-0410-955e-edbf42e46eb7>2006-06-22 13:32:52 +0000
commit2054f42afc803494b08cbb7b645a4bbfe4ed330a (patch)
treeddce53a0dc5a3016ad439b9b668e14e40078d354 /src
parentc1958b1235538eaea2d2e165253a912e0561e1dd (diff)
Forward port of server link DDoS/oper flood fix
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@4045 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src')
-rw-r--r--src/modules/m_spanningtree.cpp20
1 files changed, 20 insertions, 0 deletions
diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp
index f5f0861ff..18f92c025 100644
--- a/src/modules/m_spanningtree.cpp
+++ b/src/modules/m_spanningtree.cpp
@@ -2700,6 +2700,26 @@ class TreeSocket : public InspSocket
virtual int OnIncomingConnection(int newsock, char* ip)
{
+ /* To prevent anyone from attempting to flood opers/DDoS by connecting to the server port,
+ * or discovering if this port is the server port, we don't allow connections from any
+ * IPs for which we don't have a link block.
+ */
+ bool found = false;
+ vector<Link>::iterator i;
+ for (i = LinkBlocks.begin(); i != LinkBlocks.end(); i++)
+ {
+ if (i->IPAddr == ip)
+ {
+ found = true;
+ break;
+ }
+ }
+ if (!found)
+ {
+ WriteOpers("Server connection from %s denied (no link blocks with that IP address)", ip);
+ close(newsock);
+ return false;
+ }
TreeSocket* s = new TreeSocket(newsock, ip);
Srv->AddSocket(s);
return true;