mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-09 18:53:13 +02:00
Added set::ident::connect-timeout and set::ident::read-timeout, updated example.conf: added throttle block.
This commit is contained in:
@@ -2157,3 +2157,7 @@ seen. gmtime warning still there
|
||||
- IPv6: Fixed unable-to-resolve-bug if both a A/AAAA record and NS/MX/etc records were present
|
||||
for the same hostname, reported by Byte (#0000972).
|
||||
- Updated flags in /version (and greeting), added 'Z' for zip links support, updated tech doc.
|
||||
- Added set::ident::connect-timeout (default 10s) and set::ident::read-timeout (default 30s) to
|
||||
have much more control over ident timeouts, this should also fix connection timeout problems
|
||||
during connecting.
|
||||
- Updated example.conf (added throttle block).
|
||||
|
||||
@@ -733,6 +733,13 @@ set {
|
||||
/* This allows you to make certain stats oper only, use * for all stats or leave this out to allow
|
||||
* all users to use any stats. */
|
||||
oper-only-stats "okG";
|
||||
|
||||
/* Throttling: this example sets a limit of 3 connections per 60s. */
|
||||
throttle {
|
||||
connections 3;
|
||||
period 60s;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
/*
|
||||
|
||||
@@ -1727,6 +1727,10 @@ set {
|
||||
times.</p>
|
||||
<p><font class="set">set::throttle::connections <amount>;</font><br>
|
||||
How many times a user must connect with the same host to be throttled.</p>
|
||||
<p><font class="set">set::ident::connect-timeout <amount>;</font><br>
|
||||
Amount of seconds after which to give up connecting to the ident server (default: 10s).</p>
|
||||
<p><font class="set">set::ident::read-timeout <amount>;</font><br>
|
||||
Amount of seconds after which to give up waiting for a reply (default: 30s).</p>
|
||||
<p><font class="set">set::anti-flood::unknown-flood-bantime <timevalue>;</font><br>
|
||||
Specifies how long an unknown connection flooder is banned for.</p>
|
||||
<p><font class="set">set::anti-flood::unknown-flood-amount <amount>;</font><br>
|
||||
|
||||
@@ -105,6 +105,8 @@ struct zConfiguration {
|
||||
unsigned char away_count;
|
||||
long away_period;
|
||||
#endif
|
||||
int ident_connect_timeout;
|
||||
int ident_read_timeout;
|
||||
aNetwork network;
|
||||
};
|
||||
|
||||
@@ -177,3 +179,6 @@ extern aConfiguration iConf;
|
||||
#define AWAY_PERIOD iConf.away_period
|
||||
#define AWAY_COUNT iConf.away_count
|
||||
#endif
|
||||
|
||||
#define IDENT_CONNECT_TIMEOUT iConf.ident_connect_timeout
|
||||
#define IDENT_READ_TIMEOUT iConf.ident_read_timeout
|
||||
|
||||
@@ -569,3 +569,4 @@ extern char trouble_info[1024];
|
||||
#define EVENT_DRUGS BASE_VERSION
|
||||
extern void rejoin_doparts(aClient *sptr);
|
||||
extern void rejoin_dojoinandmode(aClient *sptr);
|
||||
extern void ident_failed(aClient *cptr);
|
||||
|
||||
+20
-23
@@ -44,6 +44,23 @@ static char sccsid[] = "@(#)s_auth.c 1.18 4/18/94 (C) 1992 Darren Reed";
|
||||
#include "proto.h"
|
||||
#include <string.h>
|
||||
|
||||
void ident_failed(aClient *cptr)
|
||||
{
|
||||
Debug((DEBUG_NOTICE, "ident_failed() for %x", cptr));
|
||||
ircstp->is_abad++;
|
||||
if (cptr->authfd != -1)
|
||||
{
|
||||
CLOSE_SOCK(cptr->authfd);
|
||||
--OpenFiles;
|
||||
cptr->authfd = -1;
|
||||
}
|
||||
cptr->flags &= ~(FLAGS_WRAUTH | FLAGS_AUTH);
|
||||
if (!DoingDNS(cptr))
|
||||
SetAccess(cptr);
|
||||
if (SHOWCONNECTINFO && !cptr->serv)
|
||||
sendto_one(cptr, "%s", REPORT_FAIL_ID);
|
||||
}
|
||||
|
||||
/*
|
||||
* start_auth
|
||||
*
|
||||
@@ -68,9 +85,7 @@ void start_auth(aClient *cptr)
|
||||
{
|
||||
Debug((DEBUG_ERROR, "Unable to create auth socket for %s:%s",
|
||||
get_client_name(cptr, TRUE), strerror(get_sockerr(cptr))));
|
||||
if (!DoingDNS(cptr))
|
||||
SetAccess(cptr);
|
||||
ircstp->is_abad++;
|
||||
ident_failed(cptr);
|
||||
return;
|
||||
}
|
||||
if (++OpenFiles >= (MAXCONNECTIONS - 2))
|
||||
@@ -109,17 +124,7 @@ void start_auth(aClient *cptr)
|
||||
|
||||
if (connect(cptr->authfd, (struct sockaddr *)&sock, sizeof(sock)) == -1 && !(ERRNO == P_EWORKING))
|
||||
{
|
||||
ircstp->is_abad++;
|
||||
/*
|
||||
* No error report from this...
|
||||
*/
|
||||
CLOSE_SOCK(cptr->authfd);
|
||||
--OpenFiles;
|
||||
cptr->authfd = -1;
|
||||
if (!DoingDNS(cptr))
|
||||
SetAccess(cptr);
|
||||
if (SHOWCONNECTINFO && !cptr->serv)
|
||||
sendto_one(cptr, "%s", REPORT_FAIL_ID);
|
||||
ident_failed(cptr);
|
||||
return;
|
||||
}
|
||||
cptr->flags |= (FLAGS_WRAUTH | FLAGS_AUTH);
|
||||
@@ -161,15 +166,7 @@ void send_authports(aClient *cptr)
|
||||
if (ERRNO == P_EAGAIN)
|
||||
return; /* Not connected yet, try again later */
|
||||
authsenderr:
|
||||
ircstp->is_abad++;
|
||||
CLOSE_SOCK(cptr->authfd);
|
||||
--OpenFiles;
|
||||
cptr->authfd = -1;
|
||||
cptr->flags &= ~FLAGS_AUTH;
|
||||
if (SHOWCONNECTINFO && !cptr->serv)
|
||||
sendto_one(cptr, "%s", REPORT_FAIL_ID);
|
||||
if (!DoingDNS(cptr))
|
||||
SetAccess(cptr);
|
||||
ident_failed(cptr);
|
||||
}
|
||||
cptr->flags &= ~FLAGS_WRAUTH;
|
||||
return;
|
||||
|
||||
+24
-11
@@ -1654,20 +1654,33 @@ int read_message(time_t delay, fdlist *listp)
|
||||
|
||||
if (DoingAuth(cptr))
|
||||
{
|
||||
auth++;
|
||||
Debug((DEBUG_NOTICE, "auth on %x %d", cptr, i));
|
||||
if (cptr->authfd >= 0)
|
||||
int s = TStime() - cptr->firsttime, fail = 0;
|
||||
/* Maybe they should be timed out. -- Syzop. */
|
||||
if ( ((s > IDENT_CONNECT_TIMEOUT) && (cptr->flags & FLAGS_WRAUTH)) ||
|
||||
(s > IDENT_READ_TIMEOUT))
|
||||
{
|
||||
FD_SET(cptr->authfd, &read_set);
|
||||
#ifdef _WIN32
|
||||
FD_SET(cptr->authfd, &excpt_set);
|
||||
#endif
|
||||
if (cptr->flags & FLAGS_WRAUTH)
|
||||
FD_SET(cptr->authfd, &write_set);
|
||||
Debug((DEBUG_NOTICE, "ident timed out (cptr %x, %d sec)", cptr, s));
|
||||
ident_failed(cptr);
|
||||
}
|
||||
else
|
||||
{
|
||||
auth++;
|
||||
Debug((DEBUG_NOTICE, "auth on %x %d %d", cptr, i, s));
|
||||
if (cptr->authfd >= 0)
|
||||
{
|
||||
FD_SET(cptr->authfd, &read_set);
|
||||
#ifdef _WIN32
|
||||
FD_SET(cptr->authfd, &excpt_set);
|
||||
#endif
|
||||
if (cptr->flags & FLAGS_WRAUTH)
|
||||
FD_SET(cptr->authfd, &write_set);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (DoingDNS(cptr) || DoingAuth(cptr)
|
||||
)
|
||||
/* (warning: don't merge the DoingAuth() here with the check
|
||||
* above coz ident_failed() might have been called -- Syzop.)
|
||||
*/
|
||||
if (DoingDNS(cptr) || DoingAuth(cptr))
|
||||
continue;
|
||||
if (IsMe(cptr) && IsListening(cptr))
|
||||
{
|
||||
|
||||
@@ -1147,6 +1147,8 @@ void config_setdefaultsettings(aConfiguration *i)
|
||||
i->unknown_flood_amount = 4;
|
||||
i->unknown_flood_bantime = 600;
|
||||
i->oper_snomask = strdup(SNO_DEFOPER);
|
||||
i->ident_read_timeout = 30;
|
||||
i->ident_connect_timeout = 10;
|
||||
}
|
||||
|
||||
int init_conf(char *rootconf, int rehash)
|
||||
@@ -2296,6 +2298,10 @@ void report_dynconf(aClient *sptr)
|
||||
sptr->name, pretty_time_val(AWAY_PERIOD));
|
||||
}
|
||||
#endif
|
||||
sendto_one(sptr, ":%s %i %s :ident::connect-timeout: %s", me.name, RPL_TEXT,
|
||||
sptr->name, pretty_time_val(IDENT_CONNECT_TIMEOUT));
|
||||
sendto_one(sptr, ":%s %i %s :ident::read-timeout: %s", me.name, RPL_TEXT,
|
||||
sptr->name, pretty_time_val(IDENT_READ_TIMEOUT));
|
||||
|
||||
}
|
||||
|
||||
@@ -5213,6 +5219,16 @@ int _conf_set(ConfigFile *conf, ConfigEntry *ce)
|
||||
tempiConf.network.key2, tempiConf.network.key3);
|
||||
tempiConf.network.keycrc = (long) our_crc32(temp, strlen(temp));
|
||||
}
|
||||
else if (!strcmp(cep->ce_varname, "ident"))
|
||||
{
|
||||
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
|
||||
{
|
||||
if (!strcmp(cepp->ce_varname, "connect-timeout"))
|
||||
tempiConf.ident_connect_timeout = config_checkval(cepp->ce_vardata,CFG_TIME);
|
||||
if (!strcmp(cepp->ce_varname, "read-timeout"))
|
||||
tempiConf.ident_read_timeout = config_checkval(cepp->ce_vardata,CFG_TIME);
|
||||
}
|
||||
}
|
||||
else if (!strcmp(cep->ce_varname, "ssl")) {
|
||||
#ifdef USE_SSL
|
||||
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {
|
||||
@@ -5676,6 +5692,28 @@ int _test_set(ConfigFile *conf, ConfigEntry *ce)
|
||||
"use BOPM instead: http://www.blitzed.org/bopm/ (*NIX) / http://vulnscan.org/winbopm/ (Windows)",
|
||||
cep->ce_fileptr->cf_filename, cep->ce_varlinenum);
|
||||
}
|
||||
else if (!strcmp(cep->ce_varname, "ident")) {
|
||||
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
|
||||
{
|
||||
CheckNull(cepp);
|
||||
if (!strcmp(cepp->ce_varname, "connect-timeout") || !strcmp(cepp->ce_varname, "read-timeout"))
|
||||
{
|
||||
int v = config_checkval(cepp->ce_vardata,CFG_TIME);;
|
||||
if ((v > 60) || (v < 1))
|
||||
{
|
||||
config_error("%s:%i: set::ident::%s value out of range (%d), should be between 1 and 60.",
|
||||
cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, cepp->ce_varname, v);
|
||||
errors++;
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
config_error("%s:%i: unknown directive set::ident::%s",
|
||||
cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, cepp->ce_varname);
|
||||
errors++;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (!strcmp(cep->ce_varname, "ssl")) {
|
||||
#ifdef USE_SSL
|
||||
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {
|
||||
|
||||
Reference in New Issue
Block a user