From 374a7d59507652cfec9f36e9640832ea857d33b8 Mon Sep 17 00:00:00 2001
From: Bram Matthys
Date: Sun, 11 May 2003 21:08:13 +0000
Subject: [PATCH] Added set::ident::connect-timeout and
set::ident::read-timeout, updated example.conf: added throttle block.
---
Changes | 4 ++++
doc/example.conf | 7 +++++++
doc/unreal32docs.html | 4 ++++
include/dynconf.h | 5 +++++
include/h.h | 1 +
src/s_auth.c | 43 ++++++++++++++++++++-----------------------
src/s_bsd.c | 35 ++++++++++++++++++++++++-----------
src/s_conf.c | 38 ++++++++++++++++++++++++++++++++++++++
8 files changed, 103 insertions(+), 34 deletions(-)
diff --git a/Changes b/Changes
index 70f2e05cc..d9b3153b3 100644
--- a/Changes
+++ b/Changes
@@ -2157,3 +2157,7 @@ seen. gmtime warning still there
- IPv6: Fixed unable-to-resolve-bug if both a A/AAAA record and NS/MX/etc records were present
for the same hostname, reported by Byte (#0000972).
- Updated flags in /version (and greeting), added 'Z' for zip links support, updated tech doc.
+- Added set::ident::connect-timeout (default 10s) and set::ident::read-timeout (default 30s) to
+ have much more control over ident timeouts, this should also fix connection timeout problems
+ during connecting.
+- Updated example.conf (added throttle block).
diff --git a/doc/example.conf b/doc/example.conf
index a06af2c8d..5a3796925 100644
--- a/doc/example.conf
+++ b/doc/example.conf
@@ -733,6 +733,13 @@ set {
/* This allows you to make certain stats oper only, use * for all stats or leave this out to allow
* all users to use any stats. */
oper-only-stats "okG";
+
+ /* Throttling: this example sets a limit of 3 connections per 60s. */
+ throttle {
+ connections 3;
+ period 60s;
+ };
+
};
/*
diff --git a/doc/unreal32docs.html b/doc/unreal32docs.html
index efdc57d43..98f50b30e 100644
--- a/doc/unreal32docs.html
+++ b/doc/unreal32docs.html
@@ -1727,6 +1727,10 @@ set {
times.
set::throttle::connections <amount>;
How many times a user must connect with the same host to be throttled.
+set::ident::connect-timeout <amount>;
+ Amount of seconds after which to give up connecting to the ident server (default: 10s).
+set::ident::read-timeout <amount>;
+ Amount of seconds after which to give up waiting for a reply (default: 30s).
set::anti-flood::unknown-flood-bantime <timevalue>;
Specifies how long an unknown connection flooder is banned for.
set::anti-flood::unknown-flood-amount <amount>;
diff --git a/include/dynconf.h b/include/dynconf.h
index bd2073d85..dbb11a053 100644
--- a/include/dynconf.h
+++ b/include/dynconf.h
@@ -105,6 +105,8 @@ struct zConfiguration {
unsigned char away_count;
long away_period;
#endif
+ int ident_connect_timeout;
+ int ident_read_timeout;
aNetwork network;
};
@@ -177,3 +179,6 @@ extern aConfiguration iConf;
#define AWAY_PERIOD iConf.away_period
#define AWAY_COUNT iConf.away_count
#endif
+
+#define IDENT_CONNECT_TIMEOUT iConf.ident_connect_timeout
+#define IDENT_READ_TIMEOUT iConf.ident_read_timeout
diff --git a/include/h.h b/include/h.h
index 7e211b0a5..defdd5bb9 100644
--- a/include/h.h
+++ b/include/h.h
@@ -569,3 +569,4 @@ extern char trouble_info[1024];
#define EVENT_DRUGS BASE_VERSION
extern void rejoin_doparts(aClient *sptr);
extern void rejoin_dojoinandmode(aClient *sptr);
+extern void ident_failed(aClient *cptr);
diff --git a/src/s_auth.c b/src/s_auth.c
index 745f48a76..9fc2c0d76 100644
--- a/src/s_auth.c
+++ b/src/s_auth.c
@@ -44,6 +44,23 @@ static char sccsid[] = "@(#)s_auth.c 1.18 4/18/94 (C) 1992 Darren Reed";
#include "proto.h"
#include
+void ident_failed(aClient *cptr)
+{
+ Debug((DEBUG_NOTICE, "ident_failed() for %x", cptr));
+ ircstp->is_abad++;
+ if (cptr->authfd != -1)
+ {
+ CLOSE_SOCK(cptr->authfd);
+ --OpenFiles;
+ cptr->authfd = -1;
+ }
+ cptr->flags &= ~(FLAGS_WRAUTH | FLAGS_AUTH);
+ if (!DoingDNS(cptr))
+ SetAccess(cptr);
+ if (SHOWCONNECTINFO && !cptr->serv)
+ sendto_one(cptr, "%s", REPORT_FAIL_ID);
+}
+
/*
* start_auth
*
@@ -68,9 +85,7 @@ void start_auth(aClient *cptr)
{
Debug((DEBUG_ERROR, "Unable to create auth socket for %s:%s",
get_client_name(cptr, TRUE), strerror(get_sockerr(cptr))));
- if (!DoingDNS(cptr))
- SetAccess(cptr);
- ircstp->is_abad++;
+ ident_failed(cptr);
return;
}
if (++OpenFiles >= (MAXCONNECTIONS - 2))
@@ -109,17 +124,7 @@ void start_auth(aClient *cptr)
if (connect(cptr->authfd, (struct sockaddr *)&sock, sizeof(sock)) == -1 && !(ERRNO == P_EWORKING))
{
- ircstp->is_abad++;
- /*
- * No error report from this...
- */
- CLOSE_SOCK(cptr->authfd);
- --OpenFiles;
- cptr->authfd = -1;
- if (!DoingDNS(cptr))
- SetAccess(cptr);
- if (SHOWCONNECTINFO && !cptr->serv)
- sendto_one(cptr, "%s", REPORT_FAIL_ID);
+ ident_failed(cptr);
return;
}
cptr->flags |= (FLAGS_WRAUTH | FLAGS_AUTH);
@@ -161,15 +166,7 @@ void send_authports(aClient *cptr)
if (ERRNO == P_EAGAIN)
return; /* Not connected yet, try again later */
authsenderr:
- ircstp->is_abad++;
- CLOSE_SOCK(cptr->authfd);
- --OpenFiles;
- cptr->authfd = -1;
- cptr->flags &= ~FLAGS_AUTH;
- if (SHOWCONNECTINFO && !cptr->serv)
- sendto_one(cptr, "%s", REPORT_FAIL_ID);
- if (!DoingDNS(cptr))
- SetAccess(cptr);
+ ident_failed(cptr);
}
cptr->flags &= ~FLAGS_WRAUTH;
return;
diff --git a/src/s_bsd.c b/src/s_bsd.c
index e64b1b8eb..8aba14df1 100644
--- a/src/s_bsd.c
+++ b/src/s_bsd.c
@@ -1654,20 +1654,33 @@ int read_message(time_t delay, fdlist *listp)
if (DoingAuth(cptr))
{
- auth++;
- Debug((DEBUG_NOTICE, "auth on %x %d", cptr, i));
- if (cptr->authfd >= 0)
+ int s = TStime() - cptr->firsttime, fail = 0;
+ /* Maybe they should be timed out. -- Syzop. */
+ if ( ((s > IDENT_CONNECT_TIMEOUT) && (cptr->flags & FLAGS_WRAUTH)) ||
+ (s > IDENT_READ_TIMEOUT))
{
- FD_SET(cptr->authfd, &read_set);
-#ifdef _WIN32
- FD_SET(cptr->authfd, &excpt_set);
-#endif
- if (cptr->flags & FLAGS_WRAUTH)
- FD_SET(cptr->authfd, &write_set);
+ Debug((DEBUG_NOTICE, "ident timed out (cptr %x, %d sec)", cptr, s));
+ ident_failed(cptr);
+ }
+ else
+ {
+ auth++;
+ Debug((DEBUG_NOTICE, "auth on %x %d %d", cptr, i, s));
+ if (cptr->authfd >= 0)
+ {
+ FD_SET(cptr->authfd, &read_set);
+#ifdef _WIN32
+ FD_SET(cptr->authfd, &excpt_set);
+#endif
+ if (cptr->flags & FLAGS_WRAUTH)
+ FD_SET(cptr->authfd, &write_set);
+ }
}
}
- if (DoingDNS(cptr) || DoingAuth(cptr)
- )
+ /* (warning: don't merge the DoingAuth() here with the check
+ * above coz ident_failed() might have been called -- Syzop.)
+ */
+ if (DoingDNS(cptr) || DoingAuth(cptr))
continue;
if (IsMe(cptr) && IsListening(cptr))
{
diff --git a/src/s_conf.c b/src/s_conf.c
index 346497976..1318839ca 100644
--- a/src/s_conf.c
+++ b/src/s_conf.c
@@ -1147,6 +1147,8 @@ void config_setdefaultsettings(aConfiguration *i)
i->unknown_flood_amount = 4;
i->unknown_flood_bantime = 600;
i->oper_snomask = strdup(SNO_DEFOPER);
+ i->ident_read_timeout = 30;
+ i->ident_connect_timeout = 10;
}
int init_conf(char *rootconf, int rehash)
@@ -2296,6 +2298,10 @@ void report_dynconf(aClient *sptr)
sptr->name, pretty_time_val(AWAY_PERIOD));
}
#endif
+ sendto_one(sptr, ":%s %i %s :ident::connect-timeout: %s", me.name, RPL_TEXT,
+ sptr->name, pretty_time_val(IDENT_CONNECT_TIMEOUT));
+ sendto_one(sptr, ":%s %i %s :ident::read-timeout: %s", me.name, RPL_TEXT,
+ sptr->name, pretty_time_val(IDENT_READ_TIMEOUT));
}
@@ -5213,6 +5219,16 @@ int _conf_set(ConfigFile *conf, ConfigEntry *ce)
tempiConf.network.key2, tempiConf.network.key3);
tempiConf.network.keycrc = (long) our_crc32(temp, strlen(temp));
}
+ else if (!strcmp(cep->ce_varname, "ident"))
+ {
+ for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
+ {
+ if (!strcmp(cepp->ce_varname, "connect-timeout"))
+ tempiConf.ident_connect_timeout = config_checkval(cepp->ce_vardata,CFG_TIME);
+ if (!strcmp(cepp->ce_varname, "read-timeout"))
+ tempiConf.ident_read_timeout = config_checkval(cepp->ce_vardata,CFG_TIME);
+ }
+ }
else if (!strcmp(cep->ce_varname, "ssl")) {
#ifdef USE_SSL
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {
@@ -5676,6 +5692,28 @@ int _test_set(ConfigFile *conf, ConfigEntry *ce)
"use BOPM instead: http://www.blitzed.org/bopm/ (*NIX) / http://vulnscan.org/winbopm/ (Windows)",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum);
}
+ else if (!strcmp(cep->ce_varname, "ident")) {
+ for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
+ {
+ CheckNull(cepp);
+ if (!strcmp(cepp->ce_varname, "connect-timeout") || !strcmp(cepp->ce_varname, "read-timeout"))
+ {
+ int v = config_checkval(cepp->ce_vardata,CFG_TIME);;
+ if ((v > 60) || (v < 1))
+ {
+ config_error("%s:%i: set::ident::%s value out of range (%d), should be between 1 and 60.",
+ cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, cepp->ce_varname, v);
+ errors++;
+ continue;
+ }
+ } else {
+ config_error("%s:%i: unknown directive set::ident::%s",
+ cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, cepp->ce_varname);
+ errors++;
+ continue;
+ }
+ }
+ }
else if (!strcmp(cep->ce_varname, "ssl")) {
#ifdef USE_SSL
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {