pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-12 17:14:46 +02:00
Code Activity

For connthrottle rate limiting (new-users) now check except tkl type 'c'

Browse Source 
(connect-flood). Those users are exempt and not counted towards new users.

And the new ipv6-unknown-users-limit in connthrottle (which has nothing
do with rates, but counts, similar to maxperip, but only on unknown-users)
now checks tkl type 'm' (maxperip). Those are counted as "except unknowns".

This is more of what the admin would expect.
This commit is contained in:
Bram Matthys
2026-05-06 18:54:10 +02:00
parent 8bafd33286
commit 05ef211900
1 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/modules/connthrottle.c
+13 -10
View File
@@ -596,8 +596,9 @@ int ct_pre_lconnect(Client *client)
if (still_reputation_gathering()) if (still_reputation_gathering())
return HOOK_CONTINUE; /* still gathering reputation data */ return HOOK_CONTINUE; /* still gathering reputation data */
if (user_allowed_by_security_group(client, cfg.except)) if (user_allowed_by_security_group(client, cfg.except) ||
return HOOK_CONTINUE; /* allowed: user is exempt (known user or otherwise) */ find_tkl_exception(TKL_CONNECT_FLOOD, client))
return HOOK_CONTINUE; /* allowed: user is exempt */
/* If we reach this then the user is NEW */ /* If we reach this then the user is NEW */
@@ -667,10 +668,11 @@ int ct_lconnect(Client *client)
if (still_reputation_gathering()) if (still_reputation_gathering())
return 0; /* still gathering reputation data */ return 0; /* still gathering reputation data */
if (user_allowed_by_security_group(client, cfg.except)) if (user_allowed_by_security_group(client, cfg.except) ||
find_tkl_exception(TKL_CONNECT_FLOOD, client))
{ {
ucounter->allowed_except++; ucounter->allowed_except++;
return HOOK_CONTINUE; /* allowed: user is exempt (known user or otherwise) */ return HOOK_CONTINUE; /* allowed: user is exempt */
} }
/* Allowed NEW user */ /* Allowed NEW user */
@@ -704,8 +706,9 @@ int ct_rconnect(Client *client)
} }
#endif #endif
if (user_allowed_by_security_group(client, cfg.except)) if (user_allowed_by_security_group(client, cfg.except) ||
return 0; /* user is on except list (known user or otherwise) */ find_tkl_exception(TKL_CONNECT_FLOOD, client))
return 0; /* user is exempt */
bump_connect_counter(0); bump_connect_counter(0);
@@ -1127,15 +1130,15 @@ static void ct_bucket_decrement(ConnThrottleBucket *b, ConnThrottleCategory cate
} }
/** Classify a client into one of CT_CATEGORY_*. /** Classify a client into one of CT_CATEGORY_*.
* Reads client->known_user_cached (the existing global "known-users" * Reads client->known_user_cached, the cfg.except SecurityGroup, and TKL
* cache) and the existing cfg.except SecurityGroup that the rate-throttle * exceptions of type maxperip. Does not modify state.
* uses. Does not modify any state.
*/ */
static ConnThrottleCategory ct_classify(Client *client) static ConnThrottleCategory ct_classify(Client *client)
{ {
if (client->known_user_cached) if (client->known_user_cached)
return CT_CATEGORY_KNOWN_USERS; return CT_CATEGORY_KNOWN_USERS;
if (user_allowed_by_security_group(client, cfg.except)) if (user_allowed_by_security_group(client, cfg.except) ||
find_tkl_exception(TKL_MAXPERIP, client))
return CT_CATEGORY_EXCEPTED_UNKNOWNS; return CT_CATEGORY_EXCEPTED_UNKNOWNS;
return CT_CATEGORY_UNKNOWN_USERS; return CT_CATEGORY_UNKNOWN_USERS;
} }