summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--conf/inspircd.conf.example32
-rw-r--r--include/configreader.h11
-rw-r--r--src/configreader.cpp4
3 files changed, 46 insertions, 1 deletions
diff --git a/conf/inspircd.conf.example b/conf/inspircd.conf.example
index fa32053d9..4ded58e6e 100644
--- a/conf/inspircd.conf.example
+++ b/conf/inspircd.conf.example
@@ -304,6 +304,11 @@
# but if they can connect again to B, there are three. You get the #
# idea (i hope). #
# #
+# NOTE NOTE NOTE NOTE NOTE NOTE! #
+# The maximum limits by default apply to individual IP addresses #
+# This *MAY* be changed by modifying the <cidr> block, in order #
+# to detect cloning across an ISP. #
+# #
# The optional port value determines which port the connect tag is #
# handling. If left out the connect tag covers all bound ports else #
# only incoming connections on the specified port will match. Port #
@@ -331,6 +336,33 @@
<connect deny="69.254.*">
<connect deny="3ffe::0/32">
+#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
+# #
+# CIDR configuration allows detection of clones and applying of #
+# throttle limits across a CIDR range. (A CIDR range is a group of #
+# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be #
+# represented as 192.168.1.0/24). This means that abuse across an ISP #
+# is detected and curtailed much easier. #
+# #
+# ipv4clone: #
+# This specifies how many bits of an IP address should be checked #
+# against cloning in the <connect> tags, for example, if <connect> #
+# tags specified a limit of 2 (low!), and three users attempted to #
+# connect in the IP range 192.168.1.0-192.168.1.255, and ipv4clone #
+# was set to '24', the third connection would be disconnected. #
+# #
+# Valid values are 0-32, but you *don't* want 0. #
+# #
+# ipv6clone works in the same way, except for ipv6 addresses. Valid #
+# range is 0-128, but you *don't* want anything too small. #
+# #
+# Setting these to their maximum value (32, 128) will result in #
+# no actual CIDR checking being done, and clone checking will only be #
+# done across individual IPs. This is the default behaviour. #
+
+<cidr
+ ipv4clone="32"
+ ipv6clone="128">
#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
diff --git a/include/configreader.h b/include/configreader.h
index 62d757621..877cb823d 100644
--- a/include/configreader.h
+++ b/include/configreader.h
@@ -292,7 +292,6 @@ class CoreExport ServerConfig : public Extensible
bool CheckOnce(const char* tag, ConfigDataHash &newconf);
public:
-
/** Process an include executable directive
*/
bool DoPipe(ConfigDataHash &target, const std::string &file, std::ostringstream &errorstream);
@@ -328,6 +327,16 @@ class CoreExport ServerConfig : public Extensible
ServerLimits Limits;
+ /** Clones CIDR range for ipv4 (0-32)
+ * Defaults to 32 (checks clones on all IPs seperately)
+ */
+ int c_ipv4_range;
+
+ /** Clones CIDR range for ipv6 (0-128)
+ * Defaults to 128 (checks on all IPs seperately)
+ */
+ int c_ipv6_range;
+
/** Max number of WhoWas entries per user.
*/
int WhoWasGroupSize;
diff --git a/src/configreader.cpp b/src/configreader.cpp
index b28c60d0b..8f6c93b1b 100644
--- a/src/configreader.cpp
+++ b/src/configreader.cpp
@@ -54,6 +54,8 @@ ServerConfig::ServerConfig(InspIRCd* Instance) : ServerInstance(Instance)
debugging = 0;
MaxChans = 20;
OperMaxChans = 30;
+ c_ipv4_range = 32;
+ c_ipv6_range = 128;
maxbans.clear();
DNSServerValidator = &ValidateDnsServer;
}
@@ -845,6 +847,8 @@ void ServerConfig::Read(bool bail, User* user)
{"die", "value", "", new ValueContainerChar (this->DieValue), DT_CHARPTR, NoValidation},
{"channels", "users", "20", new ValueContainerUInt (&this->MaxChans), DT_INTEGER, NoValidation},
{"channels", "opers", "60", new ValueContainerUInt (&this->OperMaxChans), DT_INTEGER, NoValidation},
+ {"cidr", "ipv4clone", "32", new ValueContainerInt (&this->c_ipv4_range), DT_INTEGER, NoValidation},
+ {"cidr", "ipv6clone", "128", new ValueContainerInt (&this->c_ipv6_range), DT_INTEGER, NoValidation},
{"limits", "maxnick", "32", new ValueContainerST (&this->Limits.NickMax), DT_INTEGER, NoValidation},
{"limits", "maxchan", "64", new ValueContainerST (&this->Limits.ChanMax), DT_INTEGER, NoValidation},
{"limits", "maxmodes", "20", new ValueContainerST (&this->Limits.MaxModes), DT_INTEGER, NoValidation},