diff options
-rw-r--r-- | conf/inspircd.conf.example | 32 | ||||
-rw-r--r-- | include/configreader.h | 11 | ||||
-rw-r--r-- | src/configreader.cpp | 4 |
3 files changed, 46 insertions, 1 deletions
diff --git a/conf/inspircd.conf.example b/conf/inspircd.conf.example index fa32053d9..4ded58e6e 100644 --- a/conf/inspircd.conf.example +++ b/conf/inspircd.conf.example @@ -304,6 +304,11 @@ # but if they can connect again to B, there are three. You get the # # idea (i hope). # # # +# NOTE NOTE NOTE NOTE NOTE NOTE! # +# The maximum limits by default apply to individual IP addresses # +# This *MAY* be changed by modifying the <cidr> block, in order # +# to detect cloning across an ISP. # +# # # The optional port value determines which port the connect tag is # # handling. If left out the connect tag covers all bound ports else # # only incoming connections on the specified port will match. Port # @@ -331,6 +336,33 @@ <connect deny="69.254.*"> <connect deny="3ffe::0/32"> +#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- +# # +# CIDR configuration allows detection of clones and applying of # +# throttle limits across a CIDR range. (A CIDR range is a group of # +# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be # +# represented as 192.168.1.0/24). This means that abuse across an ISP # +# is detected and curtailed much easier. # +# # +# ipv4clone: # +# This specifies how many bits of an IP address should be checked # +# against cloning in the <connect> tags, for example, if <connect> # +# tags specified a limit of 2 (low!), and three users attempted to # +# connect in the IP range 192.168.1.0-192.168.1.255, and ipv4clone # +# was set to '24', the third connection would be disconnected. # +# # +# Valid values are 0-32, but you *don't* want 0. # +# # +# ipv6clone works in the same way, except for ipv6 addresses. Valid # +# range is 0-128, but you *don't* want anything too small. # +# # +# Setting these to their maximum value (32, 128) will result in # +# no actual CIDR checking being done, and clone checking will only be # +# done across individual IPs. This is the default behaviour. # + +<cidr + ipv4clone="32" + ipv6clone="128"> #-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- # # diff --git a/include/configreader.h b/include/configreader.h index 62d757621..877cb823d 100644 --- a/include/configreader.h +++ b/include/configreader.h @@ -292,7 +292,6 @@ class CoreExport ServerConfig : public Extensible bool CheckOnce(const char* tag, ConfigDataHash &newconf); public: - /** Process an include executable directive */ bool DoPipe(ConfigDataHash &target, const std::string &file, std::ostringstream &errorstream); @@ -328,6 +327,16 @@ class CoreExport ServerConfig : public Extensible ServerLimits Limits; + /** Clones CIDR range for ipv4 (0-32) + * Defaults to 32 (checks clones on all IPs seperately) + */ + int c_ipv4_range; + + /** Clones CIDR range for ipv6 (0-128) + * Defaults to 128 (checks on all IPs seperately) + */ + int c_ipv6_range; + /** Max number of WhoWas entries per user. */ int WhoWasGroupSize; diff --git a/src/configreader.cpp b/src/configreader.cpp index b28c60d0b..8f6c93b1b 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -54,6 +54,8 @@ ServerConfig::ServerConfig(InspIRCd* Instance) : ServerInstance(Instance) debugging = 0; MaxChans = 20; OperMaxChans = 30; + c_ipv4_range = 32; + c_ipv6_range = 128; maxbans.clear(); DNSServerValidator = &ValidateDnsServer; } @@ -845,6 +847,8 @@ void ServerConfig::Read(bool bail, User* user) {"die", "value", "", new ValueContainerChar (this->DieValue), DT_CHARPTR, NoValidation}, {"channels", "users", "20", new ValueContainerUInt (&this->MaxChans), DT_INTEGER, NoValidation}, {"channels", "opers", "60", new ValueContainerUInt (&this->OperMaxChans), DT_INTEGER, NoValidation}, + {"cidr", "ipv4clone", "32", new ValueContainerInt (&this->c_ipv4_range), DT_INTEGER, NoValidation}, + {"cidr", "ipv6clone", "128", new ValueContainerInt (&this->c_ipv6_range), DT_INTEGER, NoValidation}, {"limits", "maxnick", "32", new ValueContainerST (&this->Limits.NickMax), DT_INTEGER, NoValidation}, {"limits", "maxchan", "64", new ValueContainerST (&this->Limits.ChanMax), DT_INTEGER, NoValidation}, {"limits", "maxmodes", "20", new ValueContainerST (&this->Limits.MaxModes), DT_INTEGER, NoValidation}, |