mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-04 23:13:14 +02:00
Move set::anti-flood::unknown-flood-* to set::anti-flood::handshake-data-flood
which is a new block, documented at: https://www.unrealircd.org/docs/Set_block#set::anti-flood::handshake-data-flood The reason for this is better naming and allowing to tweak ban-action.
This commit is contained in:
@@ -30,6 +30,11 @@ Fixes:
|
||||
|
||||
Changes:
|
||||
* Add doc/KEYS which contains the public key(s) used to sign UnrealIRCd releases
|
||||
* The options set::anti-flood::unknown-flood-* have been renamed and
|
||||
integrated in a new block called
|
||||
[set::anti-flood::handshake-data-flood](https://www.unrealircd.org/docs/Set_block#set::anti-flood::handshake-data-flood).
|
||||
The ban-action can now also be changed. Note that almost nobody will have to
|
||||
change this setting since it has a good default.
|
||||
|
||||
Reminder: UnrealIRCd 4 is no longer supported
|
||||
----------------------------------------------
|
||||
|
||||
+15
-15
@@ -955,21 +955,21 @@ help Eline {
|
||||
" Example: ELINE *@unrealircd.org kGF 0 This user is exempt";
|
||||
" Valid <bantypes> are:";
|
||||
" ==-Type--------Name---------------------------Explanation-----------------------==";
|
||||
" k | K-Line | Bypass K-Lines ";
|
||||
" G | G-Line | Bypass G-Lines ";
|
||||
" z | Z-Line | Bypass Z-Lines ";
|
||||
" Z | GZ-Line | Bypass Global Z-Lines ";
|
||||
" Q | Q-Line | Bypass Q-Lines ";
|
||||
" s | shun | Bypass Shuns ";
|
||||
" F | spamfilter | Bypass spamfilter checking ";
|
||||
" b | blacklist | Bypass blacklist checking ";
|
||||
" c | connect flood | Bypass set::anti-flood::connect-flood ";
|
||||
" d | unknown flood | Bypass unknown data flood checking ";
|
||||
" | | (no ZLINE on too much data before registration) ";
|
||||
" m | maxperip | Bypass allow::maxperip restriction ";
|
||||
" r | antirandom | Bypass antirandom module ";
|
||||
" 8 | antimixedutf8 | Bypass antimixedutf8 module ";
|
||||
" v | version | Bypass ban version { } blocks ";
|
||||
" k | K-Line | Bypass K-Lines ";
|
||||
" G | G-Line | Bypass G-Lines ";
|
||||
" z | Z-Line | Bypass Z-Lines ";
|
||||
" Z | GZ-Line | Bypass Global Z-Lines ";
|
||||
" Q | Q-Line | Bypass Q-Lines ";
|
||||
" s | shun | Bypass Shuns ";
|
||||
" F | spamfilter | Bypass spamfilter checking ";
|
||||
" b | blacklist | Bypass blacklist checking ";
|
||||
" c | connect flood | Bypass set::anti-flood::connect-flood ";
|
||||
" d | handshake flood | Bypass handshake data flood checking ";
|
||||
" | | (no ZLINE on too much data before registration) ";
|
||||
" m | maxperip | Bypass allow::maxperip restriction ";
|
||||
" r | antirandom | Bypass antirandom module ";
|
||||
" 8 | antimixedutf8 | Bypass antimixedutf8 module ";
|
||||
" v | version | Bypass ban version { } blocks ";
|
||||
" ==------------------------------------------------------------------------------==";
|
||||
" -";
|
||||
" Extended server bans (more info at https://www.unrealircd.org/docs/Extended_server_bans)";
|
||||
|
||||
@@ -965,7 +965,7 @@ help Eline {
|
||||
" F | spamfilter | Bypass spamfilter controle ";
|
||||
"b | blacklist | Bypass blacklist checking ";
|
||||
" c | connect flood | Bypass set::anti-flood::connect-flood ";
|
||||
" d | unknown flood | Bypass unknown data flood checking ";
|
||||
" d | handshake flood | Bypass handshake data flood checking ";
|
||||
" | (geen ZLINE op te veel gegevens voor de registratie) ";
|
||||
" m | maxperip | Bypass toestaan::maxperip beperking ";
|
||||
" r | antirandom | Bypass antirandom module ";
|
||||
|
||||
+17
-17
@@ -984,22 +984,22 @@ help Eline {
|
||||
" Przykład: ELINE *@unrealircd.org kGf 0 Ten użytkownik ma wyjątek";
|
||||
" Dostępne <typy banów> to:";
|
||||
" ==-Typ---------Nazwa--------------------------Wyjaśnienie-----------------------==";
|
||||
" k | K-Line | Omija K-Line ";
|
||||
" G | G-Line | Omija G-Line ";
|
||||
" z | Z-Line | Omija Z-Line ";
|
||||
" Z | GZ-Line | Omija globalne Z-Line ";
|
||||
" Q | Q-Line | Omija Q-Line ";
|
||||
" s | shun | Omija Shun ";
|
||||
" F | spamfilter | Omija sprawdzanie spamfiltrów ";
|
||||
" b | blacklist | Omija sprawdzanie czarnych list ";
|
||||
" c | connect flood | Omija ustawienie set::anti-flood::connect-flood ";
|
||||
" d | unknown flood | Omija detekcję floodu danymi z nieznanych połączeń ";
|
||||
" | | (nie będzie ZLINE przy wysłaniu zbyt wielu danych ";
|
||||
" | | przed rejestracją połączenia) ";
|
||||
" m | maxperip | Omija restrykcję allow::maxperipon ";
|
||||
" r | antirandom | Omija działanie modułu 'antirandom' ";
|
||||
" 8 | antimixedutf8 | Omija działanie modułu 'antimixedutf8' ";
|
||||
" v | version | Omija bany ustawione jako 'ban version { }' ";
|
||||
" k | K-Line | Omija K-Line ";
|
||||
" G | G-Line | Omija G-Line ";
|
||||
" z | Z-Line | Omija Z-Line ";
|
||||
" Z | GZ-Line | Omija globalne Z-Line ";
|
||||
" Q | Q-Line | Omija Q-Line ";
|
||||
" s | shun | Omija Shun ";
|
||||
" F | spamfilter | Omija sprawdzanie spamfiltrów ";
|
||||
" b | blacklist | Omija sprawdzanie czarnych list ";
|
||||
" c | connect flood | Omija ustawienie set::anti-flood::connect-flood ";
|
||||
" d | handshake flood | Omija detekcję floodu danymi z nieznanych połączeń ";
|
||||
" | | (nie będzie ZLINE przy wysłaniu zbyt wielu danych ";
|
||||
" | | przed rejestracją połączenia) ";
|
||||
" m | maxperip | Omija restrykcję allow::maxperipon ";
|
||||
" r | antirandom | Omija działanie modułu 'antirandom' ";
|
||||
" 8 | antimixedutf8 | Omija działanie modułu 'antimixedutf8' ";
|
||||
" v | version | Omija bany ustawione jako 'ban version { }' ";
|
||||
" ==------------------------------------------------------------------------------==";
|
||||
" -";
|
||||
" Rozszerzone bany serwerowe (więcej informacji na https://www.unrealircd.org/docs/Extended_server_bans)";
|
||||
@@ -1025,7 +1025,7 @@ help Rehash {
|
||||
" Dodanie -global spowoduje zadziałanie na wszystkich serwerach w sieci.";
|
||||
" -";
|
||||
" Flagi służą do wyboru innych plików konfiguracyjnych do przeładowania. Dostępne";
|
||||
" flagi to:";
|
||||
" flagi to:";
|
||||
" -dns - Ponownie inicjalizuje i przeładowuje narzędzie rozpoznawania nazw DNS?";
|
||||
" -garbage - Wymusza zadziałanie mechanizmu oczyszczania (garbage collection)";
|
||||
" -motd - Odświeża tylko wszystkie pliki MOTD, BOTMOTD, OPERMOTD i RULES";
|
||||
|
||||
+6
-6
@@ -113,8 +113,9 @@ struct Configuration {
|
||||
char *restrict_channelmodes;
|
||||
char *restrict_extendedbans;
|
||||
char *channel_command_prefix;
|
||||
long unknown_flood_bantime;
|
||||
long unknown_flood_amount;
|
||||
long handshake_data_flood_amount;
|
||||
long handshake_data_flood_ban_time;
|
||||
int handshake_data_flood_ban_action;
|
||||
struct ChMode modes_on_join;
|
||||
int level_on_join;
|
||||
unsigned char away_count;
|
||||
@@ -230,8 +231,6 @@ extern MODVAR int ipv6_disabled;
|
||||
#define THROTTLING_PERIOD iConf.throttle_period
|
||||
#define THROTTLING_COUNT iConf.throttle_count
|
||||
#define USE_BAN_VERSION iConf.use_ban_version
|
||||
#define UNKNOWN_FLOOD_BANTIME iConf.unknown_flood_bantime
|
||||
#define UNKNOWN_FLOOD_AMOUNT iConf.unknown_flood_amount
|
||||
#define MODES_ON_JOIN iConf.modes_on_join.mode
|
||||
#define LEVEL_ON_JOIN iConf.level_on_join
|
||||
|
||||
@@ -326,8 +325,9 @@ struct SetCheck {
|
||||
unsigned has_restrict_channelmodes:1;
|
||||
unsigned has_restrict_extendedbans:1;
|
||||
unsigned has_channel_command_prefix:1;
|
||||
unsigned has_anti_flood_unknown_flood_bantime:1;
|
||||
unsigned has_anti_flood_unknown_flood_amount:1;
|
||||
unsigned has_anti_flood_handshake_data_flood_amount:1;
|
||||
unsigned has_anti_flood_handshake_data_flood_ban_action:1;
|
||||
unsigned has_anti_flood_handshake_data_flood_ban_time:1;
|
||||
unsigned has_modes_on_join:1;
|
||||
unsigned has_level_on_join:1;
|
||||
unsigned has_anti_flood_away_count:1;
|
||||
|
||||
@@ -885,7 +885,6 @@ extern CMD_FUNC(cmd_rehash);
|
||||
extern CMD_FUNC(cmd_die);
|
||||
extern CMD_FUNC(cmd_restart);
|
||||
extern void cmd_alias(Client *client, MessageTag *recv_mtags, int parc, char *parv[], char *cmd); /* special! */
|
||||
extern void ban_flooder(Client *cptr);
|
||||
extern char *pcre2_version(void);
|
||||
extern int get_terminal_width(void);
|
||||
extern int has_common_channels(Client *c1, Client *c2);
|
||||
|
||||
+1
-1
@@ -880,7 +880,7 @@ typedef void (*OverrideCmdFunc)(CommandOverride *ovr, Client *client, MessageTag
|
||||
#define TKL_BLACKLIST 0x0001000
|
||||
#define TKL_CONNECT_FLOOD 0x0002000
|
||||
#define TKL_MAXPERIP 0x0004000
|
||||
#define TKL_UNKNOWN_DATA_FLOOD 0x0008000
|
||||
#define TKL_HANDSHAKE_DATA_FLOOD 0x0008000
|
||||
#define TKL_ANTIRANDOM 0x0010000
|
||||
#define TKL_ANTIMIXEDUTF8 0x0020000
|
||||
#define TKL_BAN_VERSION 0x0040000
|
||||
|
||||
+69
-16
@@ -1625,8 +1625,9 @@ void config_setdefaultsettings(Configuration *i)
|
||||
{
|
||||
char tmp[512];
|
||||
|
||||
i->unknown_flood_amount = 4;
|
||||
i->unknown_flood_bantime = 600;
|
||||
i->handshake_data_flood_amount = 4096;
|
||||
i->handshake_data_flood_ban_action = BAN_ACT_ZLINE;
|
||||
i->handshake_data_flood_ban_time = 600;
|
||||
safe_strdup(i->oper_snomask, SNO_DEFOPER);
|
||||
i->ident_read_timeout = 7;
|
||||
i->ident_connect_timeout = 3;
|
||||
@@ -6592,7 +6593,7 @@ int _conf_ban(ConfigFile *conf, ConfigEntry *ce)
|
||||
else if (!strcmp(cep->ce_varname, "reason"))
|
||||
safe_strdup(ca->reason, cep->ce_vardata);
|
||||
else if (!strcmp(cep->ce_varname, "action"))
|
||||
ca ->action = banact_stringtoval(cep->ce_vardata);
|
||||
ca->action = banact_stringtoval(cep->ce_vardata);
|
||||
}
|
||||
AddListItem(ca, conf_ban);
|
||||
return 0;
|
||||
@@ -7468,11 +7469,20 @@ int _conf_set(ConfigFile *conf, ConfigEntry *ce)
|
||||
}
|
||||
}
|
||||
else if (!strcmp(cep->ce_varname, "anti-flood")) {
|
||||
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {
|
||||
if (!strcmp(cepp->ce_varname, "unknown-flood-bantime"))
|
||||
tempiConf.unknown_flood_bantime = config_checkval(cepp->ce_vardata,CFG_TIME);
|
||||
else if (!strcmp(cepp->ce_varname, "unknown-flood-amount"))
|
||||
tempiConf.unknown_flood_amount = atol(cepp->ce_vardata);
|
||||
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
|
||||
{
|
||||
if (!strcmp(cepp->ce_varname, "handshake-data-flood"))
|
||||
{
|
||||
for (ceppp = cepp->ce_entries; ceppp; ceppp = ceppp->ce_next)
|
||||
{
|
||||
if (!strcmp(ceppp->ce_varname, "amount"))
|
||||
tempiConf.handshake_data_flood_amount = config_checkval(ceppp->ce_vardata, CFG_SIZE);
|
||||
else if (!strcmp(ceppp->ce_varname, "ban-time"))
|
||||
tempiConf.handshake_data_flood_ban_time = config_checkval(ceppp->ce_vardata, CFG_TIME);
|
||||
else if (!strcmp(ceppp->ce_varname, "ban-action"))
|
||||
tempiConf.handshake_data_flood_ban_action = banact_stringtoval(ceppp->ce_vardata);
|
||||
}
|
||||
}
|
||||
else if (!strcmp(cepp->ce_varname, "away-count"))
|
||||
tempiConf.away_count = atol(cepp->ce_vardata);
|
||||
else if (!strcmp(cepp->ce_varname, "away-period"))
|
||||
@@ -8291,8 +8301,10 @@ int _test_set(ConfigFile *conf, ConfigEntry *ce)
|
||||
need_34_upgrade = 1;
|
||||
continue;
|
||||
}
|
||||
else if (!strcmp(cep->ce_varname, "anti-flood")) {
|
||||
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {
|
||||
else if (!strcmp(cep->ce_varname, "anti-flood"))
|
||||
{
|
||||
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
|
||||
{
|
||||
if (!strcmp(cepp->ce_varname, "max-concurrent-conversations"))
|
||||
{
|
||||
for (ceppp = cepp->ce_entries; ceppp; ceppp = ceppp->ce_next)
|
||||
@@ -8329,15 +8341,56 @@ int _test_set(ConfigFile *conf, ConfigEntry *ce)
|
||||
}
|
||||
continue; /* required here, due to checknull directly below */
|
||||
}
|
||||
if (!strcmp(cepp->ce_varname, "unknown-flood-bantime"))
|
||||
else if (!strcmp(cepp->ce_varname, "unknown-flood-amount") ||
|
||||
!strcmp(cepp->ce_varname, "unknown-flood-bantime"))
|
||||
{
|
||||
CheckNull(cepp);
|
||||
CheckDuplicate(cepp, anti_flood_unknown_flood_bantime, "anti-flood::unknown-flood-bantime");
|
||||
config_error("%s:%i: set::anti-flood::%s: this setting has been moved. "
|
||||
"See https://www.unrealircd.org/docs/Set_block#set::anti-flood::handshake-data-flood",
|
||||
cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, cepp->ce_varname);
|
||||
errors++;
|
||||
continue;
|
||||
}
|
||||
else if (!strcmp(cepp->ce_varname, "unknown-flood-amount"))
|
||||
else if (!strcmp(cepp->ce_varname, "handshake-data-flood"))
|
||||
{
|
||||
CheckNull(cepp);
|
||||
CheckDuplicate(cepp, anti_flood_unknown_flood_amount, "anti-flood::unknown-flood-amount");
|
||||
for (ceppp = cepp->ce_entries; ceppp; ceppp = ceppp->ce_next)
|
||||
{
|
||||
if (!strcmp(ceppp->ce_varname, "amount"))
|
||||
{
|
||||
long v;
|
||||
CheckNull(ceppp);
|
||||
CheckDuplicate(ceppp, anti_flood_handshake_data_flood_amount, "anti-flood::handshake-data-flood::amount");
|
||||
v = config_checkval(ceppp->ce_vardata, CFG_SIZE);
|
||||
if (v < 1024)
|
||||
{
|
||||
config_error("%s:%i: set::anti-flood::handshake-data-flood::amount must be at least 1024 bytes",
|
||||
ceppp->ce_fileptr->cf_filename, ceppp->ce_varlinenum);
|
||||
errors++;
|
||||
}
|
||||
} else
|
||||
if (!strcmp(ceppp->ce_varname, "ban-action"))
|
||||
{
|
||||
CheckNull(ceppp);
|
||||
CheckDuplicate(ceppp, anti_flood_handshake_data_flood_ban_action, "anti-flood::handshake-data-flood::ban-action");
|
||||
if (!banact_stringtoval(ceppp->ce_vardata))
|
||||
{
|
||||
config_error("%s:%i: set::anti-flood::handshake-data-flood::ban-action has unknown action type '%s'",
|
||||
ceppp->ce_fileptr->cf_filename, ceppp->ce_varlinenum,
|
||||
ceppp->ce_vardata);
|
||||
errors++;
|
||||
}
|
||||
} else
|
||||
if (!strcmp(ceppp->ce_varname, "ban-time"))
|
||||
{
|
||||
CheckNull(ceppp);
|
||||
CheckDuplicate(ceppp, anti_flood_handshake_data_flood_ban_time, "anti-flood::handshake-data-flood::ban-time");
|
||||
} else
|
||||
{
|
||||
config_error_unknownopt(ceppp->ce_fileptr->cf_filename,
|
||||
ceppp->ce_varlinenum, "set::anti-flood::handshake-data-flood",
|
||||
ceppp->ce_varname);
|
||||
errors++;
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (!strcmp(cepp->ce_varname, "away-count"))
|
||||
{
|
||||
|
||||
+3
-4
@@ -866,12 +866,11 @@ int stats_set(Client *client, char *para)
|
||||
if (LINK_BINDIP)
|
||||
sendtxtnumeric(client, "link::bind-ip: %s", LINK_BINDIP);
|
||||
sendtxtnumeric(client, "anti-flood::connect-flood: %d per %s", THROTTLING_COUNT, pretty_time_val(THROTTLING_PERIOD));
|
||||
sendtxtnumeric(client, "anti-flood::unknown-flood-bantime: %s", pretty_time_val(UNKNOWN_FLOOD_BANTIME));
|
||||
sendtxtnumeric(client, "anti-flood::unknown-flood-amount: %ldKB", UNKNOWN_FLOOD_AMOUNT);
|
||||
sendtxtnumeric(client, "anti-flood::handshake-data-flood::amount: %ld bytes", iConf.handshake_data_flood_amount);
|
||||
sendtxtnumeric(client, "anti-flood::handshake-data-flood::ban-action: %s", banact_valtostring(iConf.handshake_data_flood_ban_action));
|
||||
sendtxtnumeric(client, "anti-flood::handshake-data-flood::ban-time: %s", pretty_time_val(iConf.handshake_data_flood_ban_time));
|
||||
if (AWAY_PERIOD)
|
||||
{
|
||||
sendtxtnumeric(client, "anti-flood::away-flood: %d per %s", AWAY_COUNT, pretty_time_val(AWAY_PERIOD));
|
||||
}
|
||||
sendtxtnumeric(client, "anti-flood::nick-flood: %d per %s", NICK_COUNT, pretty_time_val(NICK_PERIOD));
|
||||
sendtxtnumeric(client, "handshake-timeout: %s", pretty_time_val(iConf.handshake_timeout));
|
||||
sendtxtnumeric(client, "sasl-timeout: %s", pretty_time_val(iConf.sasl_timeout));
|
||||
|
||||
+22
-22
@@ -123,27 +123,27 @@ struct TKLTypeTable
|
||||
*/
|
||||
TKLTypeTable tkl_types[] = {
|
||||
/* <config name> <letter> <TKL_xxx type> <logging name> <tkl option?> <exempt option?> */
|
||||
{ "gline", 'G', TKL_KILL | TKL_GLOBAL, "G-Line", 1, 1 },
|
||||
{ "kline", 'k', TKL_KILL, "K-Line", 1, 1 },
|
||||
{ "gzline", 'Z', TKL_ZAP | TKL_GLOBAL, "Global Z-Line", 1, 1 },
|
||||
{ "zline", 'z', TKL_ZAP, "Z-Line", 1, 1 },
|
||||
{ "spamfilter", 'F', TKL_SPAMF | TKL_GLOBAL, "Spamfilter", 1, 1 },
|
||||
{ "qline", 'Q', TKL_NAME | TKL_GLOBAL, "Q-Line", 1, 1 },
|
||||
{ "except", 'E', TKL_EXCEPTION | TKL_GLOBAL, "Exception", 1, 0 },
|
||||
{ "shun", 's', TKL_SHUN | TKL_GLOBAL, "Shun", 1, 1 },
|
||||
{ "local-qline", 'q', TKL_NAME, "Local Q-Line", 1, 0 },
|
||||
{ "local-spamfilter", 'e', TKL_EXCEPTION, "Local Exception", 1, 0 },
|
||||
{ "local-exception", 'f', TKL_SPAMF, "Local Spamfilter", 1, 0 },
|
||||
{ "blacklist", 'b', TKL_BLACKLIST, "Blacklist", 0, 1 },
|
||||
{ "connect-flood", 'c', TKL_CONNECT_FLOOD, "Connect flood", 0, 1 },
|
||||
{ "maxperip", 'm', TKL_MAXPERIP, "Max-per-IP", 0, 1 },
|
||||
{ "unknown-data-flood", 'd', TKL_UNKNOWN_DATA_FLOOD, "Unknown data flood", 0, 1 },
|
||||
{ "antirandom", 'r', TKL_ANTIRANDOM, "Antirandom", 0, 1 },
|
||||
{ "antimixedutf8", '8', TKL_ANTIMIXEDUTF8, "Antimixedutf8", 0, 1 },
|
||||
{ "ban-version", 'v', TKL_BAN_VERSION, "Ban Version", 0, 1 },
|
||||
{ NULL, '\0', 0, NULL, 0, 0 },
|
||||
{ "gline", 'G', TKL_KILL | TKL_GLOBAL, "G-Line", 1, 1 },
|
||||
{ "kline", 'k', TKL_KILL, "K-Line", 1, 1 },
|
||||
{ "gzline", 'Z', TKL_ZAP | TKL_GLOBAL, "Global Z-Line", 1, 1 },
|
||||
{ "zline", 'z', TKL_ZAP, "Z-Line", 1, 1 },
|
||||
{ "spamfilter", 'F', TKL_SPAMF | TKL_GLOBAL, "Spamfilter", 1, 1 },
|
||||
{ "qline", 'Q', TKL_NAME | TKL_GLOBAL, "Q-Line", 1, 1 },
|
||||
{ "except", 'E', TKL_EXCEPTION | TKL_GLOBAL, "Exception", 1, 0 },
|
||||
{ "shun", 's', TKL_SHUN | TKL_GLOBAL, "Shun", 1, 1 },
|
||||
{ "local-qline", 'q', TKL_NAME, "Local Q-Line", 1, 0 },
|
||||
{ "local-spamfilter", 'e', TKL_EXCEPTION, "Local Exception", 1, 0 },
|
||||
{ "local-exception", 'f', TKL_SPAMF, "Local Spamfilter", 1, 0 },
|
||||
{ "blacklist", 'b', TKL_BLACKLIST, "Blacklist", 0, 1 },
|
||||
{ "connect-flood", 'c', TKL_CONNECT_FLOOD, "Connect flood", 0, 1 },
|
||||
{ "maxperip", 'm', TKL_MAXPERIP, "Max-per-IP", 0, 1 },
|
||||
{ "handshake-data-flood", 'd', TKL_HANDSHAKE_DATA_FLOOD, "Handshake data flood", 0, 1 },
|
||||
{ "antirandom", 'r', TKL_ANTIRANDOM, "Antirandom", 0, 1 },
|
||||
{ "antimixedutf8", '8', TKL_ANTIMIXEDUTF8, "Antimixedutf8", 0, 1 },
|
||||
{ "ban-version", 'v', TKL_BAN_VERSION, "Ban Version", 0, 1 },
|
||||
{ NULL, '\0', 0, NULL, 0, 0 },
|
||||
};
|
||||
#define ALL_VALID_EXCEPTION_TYPES "kline, gline, zline, gzline, spamfilter, shun, qline, blacklist, connect-flood, unknown-data-flood, antirandom, antimixedutf8, ban-version"
|
||||
#define ALL_VALID_EXCEPTION_TYPES "kline, gline, zline, gzline, spamfilter, shun, qline, blacklist, connect-flood, handshake-data-flood, antirandom, antimixedutf8, ban-version"
|
||||
|
||||
int max_stats_matches = 1000;
|
||||
|
||||
@@ -1527,7 +1527,7 @@ void eline_syntax(Client *client)
|
||||
sendnotice(client, "F: Spamfilter");
|
||||
sendnotice(client, "b: Blacklist checking");
|
||||
sendnotice(client, "c: Connect flood (bypass set::anti-flood::connect-flood))");
|
||||
sendnotice(client, "d: Unknown data flood (no ZLINE on too much data before registration)");
|
||||
sendnotice(client, "d: Handshake data flood (no ZLINE on too much data before registration)");
|
||||
sendnotice(client, "m: Bypass allow::maxperip restriction");
|
||||
sendnotice(client, "r: Bypass antirandom module");
|
||||
sendnotice(client, "8: Bypass antimixedutf8 module");
|
||||
@@ -2645,7 +2645,7 @@ static void add_default_exempts(void)
|
||||
/* The exempted ban types are only ones that will affect other connections as well,
|
||||
* such as gline, and not policy decissions such as maxperip exempt or bypass qlines.
|
||||
* Currently the list is: gline, kline, gzline, zline, shun, blacklist,
|
||||
* connect-flood, unknown-data-flood.
|
||||
* connect-flood, handshake-data-flood.
|
||||
*/
|
||||
tkl_add_banexception(TKL_EXCEPTION, "*", "127.*", "localhost is always exempt",
|
||||
"-default-", 0, TStime(), 0, "GkZzsbcd", TKL_FLAG_CONFIG);
|
||||
|
||||
+12
-13
@@ -35,6 +35,7 @@ static void remove_unknown(Client *, char *);
|
||||
static void parse2(Client *client, Client **fromptr, MessageTag *mtags, char *ch);
|
||||
static void parse_addlag(Client *client, int cmdbytes);
|
||||
static int client_lagged_up(Client *client);
|
||||
static void ban_handshake_data_flooder(Client *client);
|
||||
|
||||
/** Put a packet in the client receive queue and process the data (if
|
||||
* the 'fake lag' rules permit doing so).
|
||||
@@ -60,14 +61,13 @@ int process_packet(Client *client, char *readbuf, int length, int killsafely)
|
||||
return 0;
|
||||
|
||||
/* flood from unknown connection */
|
||||
if (IsUnknown(client) && (DBufLength(&client->local->recvQ) > UNKNOWN_FLOOD_AMOUNT*1024))
|
||||
if (IsUnknown(client) && (DBufLength(&client->local->recvQ) > iConf.handshake_data_flood_amount))
|
||||
{
|
||||
sendto_snomask(SNO_FLOOD, "Flood from unknown connection %s detected",
|
||||
client->local->sockhost);
|
||||
sendto_snomask(SNO_FLOOD, "Handshake data flood from %s detected", client->local->sockhost);
|
||||
if (!killsafely)
|
||||
ban_flooder(client);
|
||||
ban_handshake_data_flooder(client);
|
||||
else
|
||||
dead_socket(client, "Flood from unknown connection");
|
||||
dead_socket(client, "Handshake data flood detected");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -193,11 +193,10 @@ void parse(Client *cptr, char *buffer, int length)
|
||||
if (IsDeadSocket(cptr))
|
||||
return;
|
||||
|
||||
if ((cptr->local->receiveK >= UNKNOWN_FLOOD_AMOUNT) && IsUnknown(cptr))
|
||||
if ((cptr->local->receiveK >= iConf.handshake_data_flood_amount/1024) && IsUnknown(cptr))
|
||||
{
|
||||
sendto_snomask(SNO_FLOOD, "Flood from unknown connection %s detected",
|
||||
cptr->local->sockhost);
|
||||
ban_flooder(cptr);
|
||||
sendto_snomask(SNO_FLOOD, "Handshake data flood from %s detected", cptr->local->sockhost);
|
||||
ban_handshake_data_flooder(cptr);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -533,20 +532,20 @@ static void parse2(Client *cptr, Client **fromptr, MessageTag *mtags, char *ch)
|
||||
* Note that "lots" in terms of IRC is a few KB's, since more is rather unusual.
|
||||
* @param client The client.
|
||||
*/
|
||||
void ban_flooder(Client *client)
|
||||
static void ban_handshake_data_flooder(Client *client)
|
||||
{
|
||||
if (find_tkl_exception(TKL_UNKNOWN_DATA_FLOOD, client))
|
||||
if (find_tkl_exception(TKL_HANDSHAKE_DATA_FLOOD, client))
|
||||
{
|
||||
/* If the user is exempt we will still KILL the client, since it is
|
||||
* clearly misbehaving. We just won't ZLINE the host, so it won't
|
||||
* affect any other connections from the same IP address.
|
||||
*/
|
||||
exit_client(client, NULL, "Flood from unknown connection");
|
||||
exit_client(client, NULL, "Handshake data flood detected");
|
||||
}
|
||||
else
|
||||
{
|
||||
/* place_host_ban also takes care of removing any other clients with same host/ip */
|
||||
place_host_ban(client, BAN_ACT_ZLINE, "Flood from unknown connection", UNKNOWN_FLOOD_BANTIME);
|
||||
place_host_ban(client, iConf.handshake_data_flood_ban_action, "Handshake data flood detected", iConf.handshake_data_flood_ban_time);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user