pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-12 15:34:47 +02:00
Code Activity

For connthrottle rate limiting (new-users) now check except tkl type 'c'

Browse Source 
(connect-flood). Those users are exempt and not counted towards new users.

And the new ipv6-unknown-users-limit in connthrottle (which has nothing
do with rates, but counts, similar to maxperip, but only on unknown-users)
now checks tkl type 'm' (maxperip). Those are counted as "except unknowns".

This is more of what the admin would expect.
This commit is contained in:
Bram Matthys
2026-05-06 18:54:10 +02:00
parent 8bafd33286
commit 05ef211900
1 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/modules/connthrottle.c
+13 -10
View File
@@ -596,8 +596,9 @@ int ct_pre_lconnect(Client *client)
if (still_reputation_gathering())
return HOOK_CONTINUE; /* still gathering reputation data */
if (user_allowed_by_security_group(client, cfg.except))
return HOOK_CONTINUE; /* allowed: user is exempt (known user or otherwise) */
if (user_allowed_by_security_group(client, cfg.except) ||
find_tkl_exception(TKL_CONNECT_FLOOD, client))
return HOOK_CONTINUE; /* allowed: user is exempt */
/* If we reach this then the user is NEW */
@@ -667,10 +668,11 @@ int ct_lconnect(Client *client)
if (still_reputation_gathering())
return 0; /* still gathering reputation data */
if (user_allowed_by_security_group(client, cfg.except))
if (user_allowed_by_security_group(client, cfg.except) ||
find_tkl_exception(TKL_CONNECT_FLOOD, client))
{
ucounter->allowed_except++;
return HOOK_CONTINUE; /* allowed: user is exempt (known user or otherwise) */
return HOOK_CONTINUE; /* allowed: user is exempt */
}
/* Allowed NEW user */
@@ -704,8 +706,9 @@ int ct_rconnect(Client *client)
}
#endif
if (user_allowed_by_security_group(client, cfg.except))
return 0; /* user is on except list (known user or otherwise) */
if (user_allowed_by_security_group(client, cfg.except) ||
find_tkl_exception(TKL_CONNECT_FLOOD, client))
return 0; /* user is exempt */
bump_connect_counter(0);
@@ -1127,15 +1130,15 @@ static void ct_bucket_decrement(ConnThrottleBucket *b, ConnThrottleCategory cate
}
/** Classify a client into one of CT_CATEGORY_*.
* Reads client->known_user_cached (the existing global "known-users"
* cache) and the existing cfg.except SecurityGroup that the rate-throttle
* uses. Does not modify any state.
* Reads client->known_user_cached, the cfg.except SecurityGroup, and TKL
* exceptions of type maxperip. Does not modify state.
*/
static ConnThrottleCategory ct_classify(Client *client)
{
if (client->known_user_cached)
return CT_CATEGORY_KNOWN_USERS;
if (user_allowed_by_security_group(client, cfg.except))
if (user_allowed_by_security_group(client, cfg.except) ||
find_tkl_exception(TKL_MAXPERIP, client))
return CT_CATEGORY_EXCEPTED_UNKNOWNS;
return CT_CATEGORY_UNKNOWN_USERS;
}