1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-09 18:53:13 +02:00

Added set::ident::connect-timeout and set::ident::read-timeout, updated example.conf: added throttle block.

This commit is contained in:
Bram Matthys
2003-05-11 21:08:13 +00:00
parent b780fc9347
commit 374a7d5950
8 changed files with 103 additions and 34 deletions
+4
View File
@@ -2157,3 +2157,7 @@ seen. gmtime warning still there
- IPv6: Fixed unable-to-resolve-bug if both a A/AAAA record and NS/MX/etc records were present
for the same hostname, reported by Byte (#0000972).
- Updated flags in /version (and greeting), added 'Z' for zip links support, updated tech doc.
- Added set::ident::connect-timeout (default 10s) and set::ident::read-timeout (default 30s) to
have much more control over ident timeouts, this should also fix connection timeout problems
during connecting.
- Updated example.conf (added throttle block).
+7
View File
@@ -733,6 +733,13 @@ set {
/* This allows you to make certain stats oper only, use * for all stats or leave this out to allow
* all users to use any stats. */
oper-only-stats "okG";
/* Throttling: this example sets a limit of 3 connections per 60s. */
throttle {
connections 3;
period 60s;
};
};
/*
+4
View File
@@ -1727,6 +1727,10 @@ set {
times.</p>
<p><font class="set">set::throttle::connections &lt;amount&gt;;</font><br>
How many times a user must connect with the same host to be throttled.</p>
<p><font class="set">set::ident::connect-timeout &lt;amount&gt;;</font><br>
Amount of seconds after which to give up connecting to the ident server (default: 10s).</p>
<p><font class="set">set::ident::read-timeout &lt;amount&gt;;</font><br>
Amount of seconds after which to give up waiting for a reply (default: 30s).</p>
<p><font class="set">set::anti-flood::unknown-flood-bantime &lt;timevalue&gt;;</font><br>
Specifies how long an unknown connection flooder is banned for.</p>
<p><font class="set">set::anti-flood::unknown-flood-amount &lt;amount&gt;;</font><br>
+5
View File
@@ -105,6 +105,8 @@ struct zConfiguration {
unsigned char away_count;
long away_period;
#endif
int ident_connect_timeout;
int ident_read_timeout;
aNetwork network;
};
@@ -177,3 +179,6 @@ extern aConfiguration iConf;
#define AWAY_PERIOD iConf.away_period
#define AWAY_COUNT iConf.away_count
#endif
#define IDENT_CONNECT_TIMEOUT iConf.ident_connect_timeout
#define IDENT_READ_TIMEOUT iConf.ident_read_timeout
+1
View File
@@ -569,3 +569,4 @@ extern char trouble_info[1024];
#define EVENT_DRUGS BASE_VERSION
extern void rejoin_doparts(aClient *sptr);
extern void rejoin_dojoinandmode(aClient *sptr);
extern void ident_failed(aClient *cptr);
+20 -23
View File
@@ -44,6 +44,23 @@ static char sccsid[] = "@(#)s_auth.c 1.18 4/18/94 (C) 1992 Darren Reed";
#include "proto.h"
#include <string.h>
void ident_failed(aClient *cptr)
{
Debug((DEBUG_NOTICE, "ident_failed() for %x", cptr));
ircstp->is_abad++;
if (cptr->authfd != -1)
{
CLOSE_SOCK(cptr->authfd);
--OpenFiles;
cptr->authfd = -1;
}
cptr->flags &= ~(FLAGS_WRAUTH | FLAGS_AUTH);
if (!DoingDNS(cptr))
SetAccess(cptr);
if (SHOWCONNECTINFO && !cptr->serv)
sendto_one(cptr, "%s", REPORT_FAIL_ID);
}
/*
* start_auth
*
@@ -68,9 +85,7 @@ void start_auth(aClient *cptr)
{
Debug((DEBUG_ERROR, "Unable to create auth socket for %s:%s",
get_client_name(cptr, TRUE), strerror(get_sockerr(cptr))));
if (!DoingDNS(cptr))
SetAccess(cptr);
ircstp->is_abad++;
ident_failed(cptr);
return;
}
if (++OpenFiles >= (MAXCONNECTIONS - 2))
@@ -109,17 +124,7 @@ void start_auth(aClient *cptr)
if (connect(cptr->authfd, (struct sockaddr *)&sock, sizeof(sock)) == -1 && !(ERRNO == P_EWORKING))
{
ircstp->is_abad++;
/*
* No error report from this...
*/
CLOSE_SOCK(cptr->authfd);
--OpenFiles;
cptr->authfd = -1;
if (!DoingDNS(cptr))
SetAccess(cptr);
if (SHOWCONNECTINFO && !cptr->serv)
sendto_one(cptr, "%s", REPORT_FAIL_ID);
ident_failed(cptr);
return;
}
cptr->flags |= (FLAGS_WRAUTH | FLAGS_AUTH);
@@ -161,15 +166,7 @@ void send_authports(aClient *cptr)
if (ERRNO == P_EAGAIN)
return; /* Not connected yet, try again later */
authsenderr:
ircstp->is_abad++;
CLOSE_SOCK(cptr->authfd);
--OpenFiles;
cptr->authfd = -1;
cptr->flags &= ~FLAGS_AUTH;
if (SHOWCONNECTINFO && !cptr->serv)
sendto_one(cptr, "%s", REPORT_FAIL_ID);
if (!DoingDNS(cptr))
SetAccess(cptr);
ident_failed(cptr);
}
cptr->flags &= ~FLAGS_WRAUTH;
return;
+24 -11
View File
@@ -1654,20 +1654,33 @@ int read_message(time_t delay, fdlist *listp)
if (DoingAuth(cptr))
{
auth++;
Debug((DEBUG_NOTICE, "auth on %x %d", cptr, i));
if (cptr->authfd >= 0)
int s = TStime() - cptr->firsttime, fail = 0;
/* Maybe they should be timed out. -- Syzop. */
if ( ((s > IDENT_CONNECT_TIMEOUT) && (cptr->flags & FLAGS_WRAUTH)) ||
(s > IDENT_READ_TIMEOUT))
{
FD_SET(cptr->authfd, &read_set);
#ifdef _WIN32
FD_SET(cptr->authfd, &excpt_set);
#endif
if (cptr->flags & FLAGS_WRAUTH)
FD_SET(cptr->authfd, &write_set);
Debug((DEBUG_NOTICE, "ident timed out (cptr %x, %d sec)", cptr, s));
ident_failed(cptr);
}
else
{
auth++;
Debug((DEBUG_NOTICE, "auth on %x %d %d", cptr, i, s));
if (cptr->authfd >= 0)
{
FD_SET(cptr->authfd, &read_set);
#ifdef _WIN32
FD_SET(cptr->authfd, &excpt_set);
#endif
if (cptr->flags & FLAGS_WRAUTH)
FD_SET(cptr->authfd, &write_set);
}
}
}
if (DoingDNS(cptr) || DoingAuth(cptr)
)
/* (warning: don't merge the DoingAuth() here with the check
* above coz ident_failed() might have been called -- Syzop.)
*/
if (DoingDNS(cptr) || DoingAuth(cptr))
continue;
if (IsMe(cptr) && IsListening(cptr))
{
+38
View File
@@ -1147,6 +1147,8 @@ void config_setdefaultsettings(aConfiguration *i)
i->unknown_flood_amount = 4;
i->unknown_flood_bantime = 600;
i->oper_snomask = strdup(SNO_DEFOPER);
i->ident_read_timeout = 30;
i->ident_connect_timeout = 10;
}
int init_conf(char *rootconf, int rehash)
@@ -2296,6 +2298,10 @@ void report_dynconf(aClient *sptr)
sptr->name, pretty_time_val(AWAY_PERIOD));
}
#endif
sendto_one(sptr, ":%s %i %s :ident::connect-timeout: %s", me.name, RPL_TEXT,
sptr->name, pretty_time_val(IDENT_CONNECT_TIMEOUT));
sendto_one(sptr, ":%s %i %s :ident::read-timeout: %s", me.name, RPL_TEXT,
sptr->name, pretty_time_val(IDENT_READ_TIMEOUT));
}
@@ -5213,6 +5219,16 @@ int _conf_set(ConfigFile *conf, ConfigEntry *ce)
tempiConf.network.key2, tempiConf.network.key3);
tempiConf.network.keycrc = (long) our_crc32(temp, strlen(temp));
}
else if (!strcmp(cep->ce_varname, "ident"))
{
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
{
if (!strcmp(cepp->ce_varname, "connect-timeout"))
tempiConf.ident_connect_timeout = config_checkval(cepp->ce_vardata,CFG_TIME);
if (!strcmp(cepp->ce_varname, "read-timeout"))
tempiConf.ident_read_timeout = config_checkval(cepp->ce_vardata,CFG_TIME);
}
}
else if (!strcmp(cep->ce_varname, "ssl")) {
#ifdef USE_SSL
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {
@@ -5676,6 +5692,28 @@ int _test_set(ConfigFile *conf, ConfigEntry *ce)
"use BOPM instead: http://www.blitzed.org/bopm/ (*NIX) / http://vulnscan.org/winbopm/ (Windows)",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum);
}
else if (!strcmp(cep->ce_varname, "ident")) {
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
{
CheckNull(cepp);
if (!strcmp(cepp->ce_varname, "connect-timeout") || !strcmp(cepp->ce_varname, "read-timeout"))
{
int v = config_checkval(cepp->ce_vardata,CFG_TIME);;
if ((v > 60) || (v < 1))
{
config_error("%s:%i: set::ident::%s value out of range (%d), should be between 1 and 60.",
cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, cepp->ce_varname, v);
errors++;
continue;
}
} else {
config_error("%s:%i: unknown directive set::ident::%s",
cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, cepp->ce_varname);
errors++;
continue;
}
}
}
else if (!strcmp(cep->ce_varname, "ssl")) {
#ifdef USE_SSL
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {