From 0f87ad0d4b97874823c94a5168a06dcd444ad559 Mon Sep 17 00:00:00 2001 From: danieldg Date: Wed, 11 Nov 2009 19:52:03 +0000 Subject: Add fine-grained command flood controls This reintrouces "Excess Flood" quits for those that prefer it to fakelag, and allows the maximum command rate to be set in the connect block. git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12093 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/command_parse.cpp | 2 +- src/commands/cmd_nick.cpp | 2 +- src/commands/cmd_oper.cpp | 2 +- src/configreader.cpp | 2 ++ src/modules/m_cloaking.cpp | 2 +- src/modules/m_testnet.cpp | 4 ++-- src/userprocess.cpp | 8 ++++++-- src/users.cpp | 34 ++++++++++++++++++---------------- 8 files changed, 32 insertions(+), 24 deletions(-) (limited to 'src') diff --git a/src/command_parse.cpp b/src/command_parse.cpp index 772b23117..86f801d3e 100644 --- a/src/command_parse.cpp +++ b/src/command_parse.cpp @@ -252,7 +252,7 @@ bool CommandParser::ProcessCommand(User *user, std::string &cmd) if (IS_LOCAL(user) && !user->HasPrivPermission("users/flood/no-throttle")) { // If it *doesn't* exist, give it a slightly heftier penalty than normal to deter flooding us crap - IS_LOCAL(user)->Penalty += cm != cmdlist.end() ? cm->second->Penalty : 2; + IS_LOCAL(user)->CommandFloodPenalty += cm != cmdlist.end() ? cm->second->Penalty * 1000 : 2000; } diff --git a/src/commands/cmd_nick.cpp b/src/commands/cmd_nick.cpp index 489551dd1..eccf2327e 100644 --- a/src/commands/cmd_nick.cpp +++ b/src/commands/cmd_nick.cpp @@ -203,7 +203,7 @@ CmdResult CommandNick::Handle (const std::vector& parameters, User if (user->registered == REG_ALL) { if (IS_LOCAL(user)) - IS_LOCAL(user)->Penalty += 10; + IS_LOCAL(user)->CommandFloodPenalty += 5000; FOREACH_MOD(I_OnUserPostNick,OnUserPostNick(user, oldnick)); } diff --git a/src/commands/cmd_oper.cpp b/src/commands/cmd_oper.cpp index 42ea0c07d..378db4303 100644 --- a/src/commands/cmd_oper.cpp +++ b/src/commands/cmd_oper.cpp @@ -89,7 +89,7 @@ CmdResult CommandOper::HandleLocal(const std::vector& parameters, L // tell them they suck, and lag them up to help prevent brute-force attacks user->WriteNumeric(491, "%s :Invalid oper credentials",user->nick.c_str()); - user->Penalty += 10; + user->CommandFloodPenalty += 10000; snprintf(broadcast, MAXBUF, "WARNING! Failed oper attempt by %s!%s@%s using login '%s': The following fields do not match: %s", user->nick.c_str(), user->ident.c_str(), user->host.c_str(), parameters[0].c_str(), fields.c_str()); ServerInstance->SNO->WriteToSnoMask('o',std::string(broadcast)); diff --git a/src/configreader.cpp b/src/configreader.cpp index f81283dc7..aebf85ca8 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -366,6 +366,8 @@ void ServerConfig::CrossCheckConnectBlocks(ServerConfig* current) me->hardsendqmax = tag->getInt("hardsendq", me->hardsendqmax); me->recvqmax = tag->getInt("recvq", me->recvqmax); me->penaltythreshold = tag->getInt("threshold", me->penaltythreshold); + me->commandrate = tag->getInt("commandrate", me->commandrate); + me->fakelag = tag->getBool("fakelag", me->fakelag); me->maxlocal = tag->getInt("localmax", me->maxlocal); me->maxglobal = tag->getInt("globalmax", me->maxglobal); me->port = tag->getInt("port", me->port); diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index 263e28210..0a4e58edf 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -57,7 +57,7 @@ class CloakUser : public ModeHandler } /* don't allow this user to spam modechanges */ - IS_LOCAL(dest)->Penalty += 5; + IS_LOCAL(dest)->CommandFloodPenalty += 5000; if (adding) { diff --git a/src/modules/m_testnet.cpp b/src/modules/m_testnet.cpp index ff37adf3c..0bc33f002 100644 --- a/src/modules/m_testnet.cpp +++ b/src/modules/m_testnet.cpp @@ -190,9 +190,9 @@ class CommandTest : public Command for(unsigned int i=0; i < count; i++) user->Write(line); } - else if (parameters[0] == "freeze" && IS_LOCAL(user)) + else if (parameters[0] == "freeze" && IS_LOCAL(user) && parameters.size() > 1) { - IS_LOCAL(user)->Penalty += 100; + IS_LOCAL(user)->CommandFloodPenalty += atoi(parameters[1].c_str()); } else if (parameters[0] == "shutdown" && IS_LOCAL(user)) { diff --git a/src/userprocess.cpp b/src/userprocess.cpp index 8aa76a1fd..781f8ae52 100644 --- a/src/userprocess.cpp +++ b/src/userprocess.cpp @@ -55,9 +55,13 @@ void InspIRCd::DoBackgroundUserStuff() if (curr->quitting) continue; - if (curr->Penalty) + if (curr->CommandFloodPenalty) { - curr->Penalty--; + unsigned int rate = curr->MyClass->GetCommandRate(); + if (curr->CommandFloodPenalty > rate) + curr->CommandFloodPenalty -= rate; + else + curr->CommandFloodPenalty = 0; curr->eh.OnDataReady(); } diff --git a/src/users.cpp b/src/users.cpp index ec6fd0571..98c362f95 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -244,7 +244,7 @@ LocalUser::LocalUser(int myfd, irc::sockets::sockaddrs* client, irc::sockets::so { bytes_in = bytes_out = cmds_in = cmds_out = 0; server_sa.sa.sa_family = AF_UNSPEC; - Penalty = 0; + CommandFloodPenalty = 0; lastping = nping = 0; eh.SetFd(myfd); memcpy(&client_sa, client, sizeof(irc::sockets::sockaddrs)); @@ -509,11 +509,11 @@ void UserIOHandler::OnDataReady() unsigned long sendqmax = ULONG_MAX; if (!user->HasPrivPermission("users/flood/increased-buffers")) sendqmax = user->MyClass->GetSendqSoftMax(); - int penaltymax = user->MyClass->GetPenaltyThreshold(); - if (penaltymax == 0 || user->HasPrivPermission("users/flood/no-fakelag")) - penaltymax = INT_MAX; + unsigned long penaltymax = ULONG_MAX; + if (!user->HasPrivPermission("users/flood/no-fakelag")) + penaltymax = user->MyClass->GetPenaltyThreshold() * 1000; - while (user->Penalty < penaltymax && getSendQSize() < sendqmax) + while (user->CommandFloodPenalty < penaltymax && getSendQSize() < sendqmax) { std::string line; line.reserve(MAXBUF); @@ -550,8 +550,10 @@ eol_found: return; } // Add pseudo-penalty so that we continue processing after sendq recedes - if (user->Penalty == 0 && getSendQSize() >= sendqmax) - user->Penalty++; + if (user->CommandFloodPenalty == 0 && getSendQSize() >= sendqmax) + user->CommandFloodPenalty++; + if (user->CommandFloodPenalty >= penaltymax && !user->MyClass->fakelag) + ServerInstance->Users->QuitUser(user, "Excess Flood"); } void UserIOHandler::AddWriteBuf(const std::string &data) @@ -1689,19 +1691,19 @@ const std::string& FakeUser::GetFullRealHost() } ConnectClass::ConnectClass(ConfigTag* tag, char t, const std::string& mask) - : config(tag), type(t), name("unnamed"), registration_timeout(0), host(mask), - pingtime(0), pass(""), hash(""), softsendqmax(0), hardsendqmax(0), - recvqmax(0), penaltythreshold(0), maxlocal(0), maxglobal(0), maxchans(0), port(0), limit(0) + : config(tag), type(t), fakelag(true), name("unnamed"), registration_timeout(0), host(mask), + pingtime(0), pass(""), hash(""), softsendqmax(0), hardsendqmax(0), recvqmax(0), + penaltythreshold(0), commandrate(0), maxlocal(0), maxglobal(0), maxchans(0), port(0), limit(0) { } ConnectClass::ConnectClass(ConfigTag* tag, char t, const std::string& mask, const ConnectClass& parent) - : config(tag), type(t), name("unnamed"), - registration_timeout(parent.registration_timeout), host(mask), - pingtime(parent.pingtime), pass(parent.pass), hash(parent.hash), - softsendqmax(parent.softsendqmax), hardsendqmax(parent.hardsendqmax), - recvqmax(parent.recvqmax), penaltythreshold(parent.penaltythreshold), maxlocal(parent.maxlocal), - maxglobal(parent.maxglobal), maxchans(parent.maxchans), + : config(tag), type(t), fakelag(parent.fakelag), name("unnamed"), + registration_timeout(parent.registration_timeout), host(mask), pingtime(parent.pingtime), + pass(parent.pass), hash(parent.hash), softsendqmax(parent.softsendqmax), + hardsendqmax(parent.hardsendqmax), recvqmax(parent.recvqmax), + penaltythreshold(parent.penaltythreshold), commandrate(parent.commandrate), + maxlocal(parent.maxlocal), maxglobal(parent.maxglobal), maxchans(parent.maxchans), port(parent.port), limit(parent.limit) { } -- cgit v1.2.3