1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 23:13:14 +02:00

Move set::anti-flood::unknown-flood-* to set::anti-flood::handshake-data-flood

which is a new block, documented at:
https://www.unrealircd.org/docs/Set_block#set::anti-flood::handshake-data-flood
The reason for this is better naming and allowing to tweak ban-action.
This commit is contained in:
Bram Matthys
2021-02-28 07:47:58 +01:00
parent 94b8f6575e
commit dc40d27cd8
11 changed files with 151 additions and 96 deletions
+5
View File
@@ -30,6 +30,11 @@ Fixes:
Changes:
* Add doc/KEYS which contains the public key(s) used to sign UnrealIRCd releases
* The options set::anti-flood::unknown-flood-* have been renamed and
integrated in a new block called
[set::anti-flood::handshake-data-flood](https://www.unrealircd.org/docs/Set_block#set::anti-flood::handshake-data-flood).
The ban-action can now also be changed. Note that almost nobody will have to
change this setting since it has a good default.
Reminder: UnrealIRCd 4 is no longer supported
----------------------------------------------
+15 -15
View File
@@ -955,21 +955,21 @@ help Eline {
" Example: ELINE *@unrealircd.org kGF 0 This user is exempt";
" Valid <bantypes> are:";
" ==-Type--------Name---------------------------Explanation-----------------------==";
" k | K-Line | Bypass K-Lines ";
" G | G-Line | Bypass G-Lines ";
" z | Z-Line | Bypass Z-Lines ";
" Z | GZ-Line | Bypass Global Z-Lines ";
" Q | Q-Line | Bypass Q-Lines ";
" s | shun | Bypass Shuns ";
" F | spamfilter | Bypass spamfilter checking ";
" b | blacklist | Bypass blacklist checking ";
" c | connect flood | Bypass set::anti-flood::connect-flood ";
" d | unknown flood | Bypass unknown data flood checking ";
" | | (no ZLINE on too much data before registration) ";
" m | maxperip | Bypass allow::maxperip restriction ";
" r | antirandom | Bypass antirandom module ";
" 8 | antimixedutf8 | Bypass antimixedutf8 module ";
" v | version | Bypass ban version { } blocks ";
" k | K-Line | Bypass K-Lines ";
" G | G-Line | Bypass G-Lines ";
" z | Z-Line | Bypass Z-Lines ";
" Z | GZ-Line | Bypass Global Z-Lines ";
" Q | Q-Line | Bypass Q-Lines ";
" s | shun | Bypass Shuns ";
" F | spamfilter | Bypass spamfilter checking ";
" b | blacklist | Bypass blacklist checking ";
" c | connect flood | Bypass set::anti-flood::connect-flood ";
" d | handshake flood | Bypass handshake data flood checking ";
" | | (no ZLINE on too much data before registration) ";
" m | maxperip | Bypass allow::maxperip restriction ";
" r | antirandom | Bypass antirandom module ";
" 8 | antimixedutf8 | Bypass antimixedutf8 module ";
" v | version | Bypass ban version { } blocks ";
" ==------------------------------------------------------------------------------==";
" -";
" Extended server bans (more info at https://www.unrealircd.org/docs/Extended_server_bans)";
+1 -1
View File
@@ -965,7 +965,7 @@ help Eline {
" F | spamfilter | Bypass spamfilter controle ";
"b | blacklist | Bypass blacklist checking ";
" c | connect flood | Bypass set::anti-flood::connect-flood ";
" d | unknown flood | Bypass unknown data flood checking ";
" d | handshake flood | Bypass handshake data flood checking ";
" | (geen ZLINE op te veel gegevens voor de registratie) ";
" m | maxperip | Bypass toestaan::maxperip beperking ";
" r | antirandom | Bypass antirandom module ";
+17 -17
View File
@@ -984,22 +984,22 @@ help Eline {
" Przykład: ELINE *@unrealircd.org kGf 0 Ten użytkownik ma wyjątek";
" Dostępne <typy banów> to:";
" ==-Typ---------Nazwa--------------------------Wyjaśnienie-----------------------==";
" k | K-Line | Omija K-Line ";
" G | G-Line | Omija G-Line ";
" z | Z-Line | Omija Z-Line ";
" Z | GZ-Line | Omija globalne Z-Line ";
" Q | Q-Line | Omija Q-Line ";
" s | shun | Omija Shun ";
" F | spamfilter | Omija sprawdzanie spamfiltrów ";
" b | blacklist | Omija sprawdzanie czarnych list ";
" c | connect flood | Omija ustawienie set::anti-flood::connect-flood ";
" d | unknown flood | Omija detekcję floodu danymi z nieznanych połączeń ";
" | | (nie będzie ZLINE przy wysłaniu zbyt wielu danych ";
" | | przed rejestracją połączenia) ";
" m | maxperip | Omija restrykcję allow::maxperipon ";
" r | antirandom | Omija działanie modułu 'antirandom' ";
" 8 | antimixedutf8 | Omija działanie modułu 'antimixedutf8' ";
" v | version | Omija bany ustawione jako 'ban version { }' ";
" k | K-Line | Omija K-Line ";
" G | G-Line | Omija G-Line ";
" z | Z-Line | Omija Z-Line ";
" Z | GZ-Line | Omija globalne Z-Line ";
" Q | Q-Line | Omija Q-Line ";
" s | shun | Omija Shun ";
" F | spamfilter | Omija sprawdzanie spamfiltrów ";
" b | blacklist | Omija sprawdzanie czarnych list ";
" c | connect flood | Omija ustawienie set::anti-flood::connect-flood ";
" d | handshake flood | Omija detekcję floodu danymi z nieznanych połączeń ";
" | | (nie będzie ZLINE przy wysłaniu zbyt wielu danych ";
" | | przed rejestracją połączenia) ";
" m | maxperip | Omija restrykcję allow::maxperipon ";
" r | antirandom | Omija działanie modułu 'antirandom' ";
" 8 | antimixedutf8 | Omija działanie modułu 'antimixedutf8' ";
" v | version | Omija bany ustawione jako 'ban version { }' ";
" ==------------------------------------------------------------------------------==";
" -";
" Rozszerzone bany serwerowe (więcej informacji na https://www.unrealircd.org/docs/Extended_server_bans)";
@@ -1025,7 +1025,7 @@ help Rehash {
" Dodanie -global spowoduje zadziałanie na wszystkich serwerach w sieci.";
" -";
" Flagi służą do wyboru innych plików konfiguracyjnych do przeładowania. Dostępne";
" flagi to:";
" flagi to:";
" -dns - Ponownie inicjalizuje i przeładowuje narzędzie rozpoznawania nazw DNS?";
" -garbage - Wymusza zadziałanie mechanizmu oczyszczania (garbage collection)";
" -motd - Odświeża tylko wszystkie pliki MOTD, BOTMOTD, OPERMOTD i RULES";
+6 -6
View File
@@ -113,8 +113,9 @@ struct Configuration {
char *restrict_channelmodes;
char *restrict_extendedbans;
char *channel_command_prefix;
long unknown_flood_bantime;
long unknown_flood_amount;
long handshake_data_flood_amount;
long handshake_data_flood_ban_time;
int handshake_data_flood_ban_action;
struct ChMode modes_on_join;
int level_on_join;
unsigned char away_count;
@@ -230,8 +231,6 @@ extern MODVAR int ipv6_disabled;
#define THROTTLING_PERIOD iConf.throttle_period
#define THROTTLING_COUNT iConf.throttle_count
#define USE_BAN_VERSION iConf.use_ban_version
#define UNKNOWN_FLOOD_BANTIME iConf.unknown_flood_bantime
#define UNKNOWN_FLOOD_AMOUNT iConf.unknown_flood_amount
#define MODES_ON_JOIN iConf.modes_on_join.mode
#define LEVEL_ON_JOIN iConf.level_on_join
@@ -326,8 +325,9 @@ struct SetCheck {
unsigned has_restrict_channelmodes:1;
unsigned has_restrict_extendedbans:1;
unsigned has_channel_command_prefix:1;
unsigned has_anti_flood_unknown_flood_bantime:1;
unsigned has_anti_flood_unknown_flood_amount:1;
unsigned has_anti_flood_handshake_data_flood_amount:1;
unsigned has_anti_flood_handshake_data_flood_ban_action:1;
unsigned has_anti_flood_handshake_data_flood_ban_time:1;
unsigned has_modes_on_join:1;
unsigned has_level_on_join:1;
unsigned has_anti_flood_away_count:1;
-1
View File
@@ -885,7 +885,6 @@ extern CMD_FUNC(cmd_rehash);
extern CMD_FUNC(cmd_die);
extern CMD_FUNC(cmd_restart);
extern void cmd_alias(Client *client, MessageTag *recv_mtags, int parc, char *parv[], char *cmd); /* special! */
extern void ban_flooder(Client *cptr);
extern char *pcre2_version(void);
extern int get_terminal_width(void);
extern int has_common_channels(Client *c1, Client *c2);
+1 -1
View File
@@ -880,7 +880,7 @@ typedef void (*OverrideCmdFunc)(CommandOverride *ovr, Client *client, MessageTag
#define TKL_BLACKLIST 0x0001000
#define TKL_CONNECT_FLOOD 0x0002000
#define TKL_MAXPERIP 0x0004000
#define TKL_UNKNOWN_DATA_FLOOD 0x0008000
#define TKL_HANDSHAKE_DATA_FLOOD 0x0008000
#define TKL_ANTIRANDOM 0x0010000
#define TKL_ANTIMIXEDUTF8 0x0020000
#define TKL_BAN_VERSION 0x0040000
+69 -16
View File
@@ -1625,8 +1625,9 @@ void config_setdefaultsettings(Configuration *i)
{
char tmp[512];
i->unknown_flood_amount = 4;
i->unknown_flood_bantime = 600;
i->handshake_data_flood_amount = 4096;
i->handshake_data_flood_ban_action = BAN_ACT_ZLINE;
i->handshake_data_flood_ban_time = 600;
safe_strdup(i->oper_snomask, SNO_DEFOPER);
i->ident_read_timeout = 7;
i->ident_connect_timeout = 3;
@@ -6592,7 +6593,7 @@ int _conf_ban(ConfigFile *conf, ConfigEntry *ce)
else if (!strcmp(cep->ce_varname, "reason"))
safe_strdup(ca->reason, cep->ce_vardata);
else if (!strcmp(cep->ce_varname, "action"))
ca ->action = banact_stringtoval(cep->ce_vardata);
ca->action = banact_stringtoval(cep->ce_vardata);
}
AddListItem(ca, conf_ban);
return 0;
@@ -7468,11 +7469,20 @@ int _conf_set(ConfigFile *conf, ConfigEntry *ce)
}
}
else if (!strcmp(cep->ce_varname, "anti-flood")) {
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {
if (!strcmp(cepp->ce_varname, "unknown-flood-bantime"))
tempiConf.unknown_flood_bantime = config_checkval(cepp->ce_vardata,CFG_TIME);
else if (!strcmp(cepp->ce_varname, "unknown-flood-amount"))
tempiConf.unknown_flood_amount = atol(cepp->ce_vardata);
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
{
if (!strcmp(cepp->ce_varname, "handshake-data-flood"))
{
for (ceppp = cepp->ce_entries; ceppp; ceppp = ceppp->ce_next)
{
if (!strcmp(ceppp->ce_varname, "amount"))
tempiConf.handshake_data_flood_amount = config_checkval(ceppp->ce_vardata, CFG_SIZE);
else if (!strcmp(ceppp->ce_varname, "ban-time"))
tempiConf.handshake_data_flood_ban_time = config_checkval(ceppp->ce_vardata, CFG_TIME);
else if (!strcmp(ceppp->ce_varname, "ban-action"))
tempiConf.handshake_data_flood_ban_action = banact_stringtoval(ceppp->ce_vardata);
}
}
else if (!strcmp(cepp->ce_varname, "away-count"))
tempiConf.away_count = atol(cepp->ce_vardata);
else if (!strcmp(cepp->ce_varname, "away-period"))
@@ -8291,8 +8301,10 @@ int _test_set(ConfigFile *conf, ConfigEntry *ce)
need_34_upgrade = 1;
continue;
}
else if (!strcmp(cep->ce_varname, "anti-flood")) {
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next) {
else if (!strcmp(cep->ce_varname, "anti-flood"))
{
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
{
if (!strcmp(cepp->ce_varname, "max-concurrent-conversations"))
{
for (ceppp = cepp->ce_entries; ceppp; ceppp = ceppp->ce_next)
@@ -8329,15 +8341,56 @@ int _test_set(ConfigFile *conf, ConfigEntry *ce)
}
continue; /* required here, due to checknull directly below */
}
if (!strcmp(cepp->ce_varname, "unknown-flood-bantime"))
else if (!strcmp(cepp->ce_varname, "unknown-flood-amount") ||
!strcmp(cepp->ce_varname, "unknown-flood-bantime"))
{
CheckNull(cepp);
CheckDuplicate(cepp, anti_flood_unknown_flood_bantime, "anti-flood::unknown-flood-bantime");
config_error("%s:%i: set::anti-flood::%s: this setting has been moved. "
"See https://www.unrealircd.org/docs/Set_block#set::anti-flood::handshake-data-flood",
cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, cepp->ce_varname);
errors++;
continue;
}
else if (!strcmp(cepp->ce_varname, "unknown-flood-amount"))
else if (!strcmp(cepp->ce_varname, "handshake-data-flood"))
{
CheckNull(cepp);
CheckDuplicate(cepp, anti_flood_unknown_flood_amount, "anti-flood::unknown-flood-amount");
for (ceppp = cepp->ce_entries; ceppp; ceppp = ceppp->ce_next)
{
if (!strcmp(ceppp->ce_varname, "amount"))
{
long v;
CheckNull(ceppp);
CheckDuplicate(ceppp, anti_flood_handshake_data_flood_amount, "anti-flood::handshake-data-flood::amount");
v = config_checkval(ceppp->ce_vardata, CFG_SIZE);
if (v < 1024)
{
config_error("%s:%i: set::anti-flood::handshake-data-flood::amount must be at least 1024 bytes",
ceppp->ce_fileptr->cf_filename, ceppp->ce_varlinenum);
errors++;
}
} else
if (!strcmp(ceppp->ce_varname, "ban-action"))
{
CheckNull(ceppp);
CheckDuplicate(ceppp, anti_flood_handshake_data_flood_ban_action, "anti-flood::handshake-data-flood::ban-action");
if (!banact_stringtoval(ceppp->ce_vardata))
{
config_error("%s:%i: set::anti-flood::handshake-data-flood::ban-action has unknown action type '%s'",
ceppp->ce_fileptr->cf_filename, ceppp->ce_varlinenum,
ceppp->ce_vardata);
errors++;
}
} else
if (!strcmp(ceppp->ce_varname, "ban-time"))
{
CheckNull(ceppp);
CheckDuplicate(ceppp, anti_flood_handshake_data_flood_ban_time, "anti-flood::handshake-data-flood::ban-time");
} else
{
config_error_unknownopt(ceppp->ce_fileptr->cf_filename,
ceppp->ce_varlinenum, "set::anti-flood::handshake-data-flood",
ceppp->ce_varname);
errors++;
}
}
}
else if (!strcmp(cepp->ce_varname, "away-count"))
{
+3 -4
View File
@@ -866,12 +866,11 @@ int stats_set(Client *client, char *para)
if (LINK_BINDIP)
sendtxtnumeric(client, "link::bind-ip: %s", LINK_BINDIP);
sendtxtnumeric(client, "anti-flood::connect-flood: %d per %s", THROTTLING_COUNT, pretty_time_val(THROTTLING_PERIOD));
sendtxtnumeric(client, "anti-flood::unknown-flood-bantime: %s", pretty_time_val(UNKNOWN_FLOOD_BANTIME));
sendtxtnumeric(client, "anti-flood::unknown-flood-amount: %ldKB", UNKNOWN_FLOOD_AMOUNT);
sendtxtnumeric(client, "anti-flood::handshake-data-flood::amount: %ld bytes", iConf.handshake_data_flood_amount);
sendtxtnumeric(client, "anti-flood::handshake-data-flood::ban-action: %s", banact_valtostring(iConf.handshake_data_flood_ban_action));
sendtxtnumeric(client, "anti-flood::handshake-data-flood::ban-time: %s", pretty_time_val(iConf.handshake_data_flood_ban_time));
if (AWAY_PERIOD)
{
sendtxtnumeric(client, "anti-flood::away-flood: %d per %s", AWAY_COUNT, pretty_time_val(AWAY_PERIOD));
}
sendtxtnumeric(client, "anti-flood::nick-flood: %d per %s", NICK_COUNT, pretty_time_val(NICK_PERIOD));
sendtxtnumeric(client, "handshake-timeout: %s", pretty_time_val(iConf.handshake_timeout));
sendtxtnumeric(client, "sasl-timeout: %s", pretty_time_val(iConf.sasl_timeout));
+22 -22
View File
@@ -123,27 +123,27 @@ struct TKLTypeTable
*/
TKLTypeTable tkl_types[] = {
/* <config name> <letter> <TKL_xxx type> <logging name> <tkl option?> <exempt option?> */
{ "gline", 'G', TKL_KILL | TKL_GLOBAL, "G-Line", 1, 1 },
{ "kline", 'k', TKL_KILL, "K-Line", 1, 1 },
{ "gzline", 'Z', TKL_ZAP | TKL_GLOBAL, "Global Z-Line", 1, 1 },
{ "zline", 'z', TKL_ZAP, "Z-Line", 1, 1 },
{ "spamfilter", 'F', TKL_SPAMF | TKL_GLOBAL, "Spamfilter", 1, 1 },
{ "qline", 'Q', TKL_NAME | TKL_GLOBAL, "Q-Line", 1, 1 },
{ "except", 'E', TKL_EXCEPTION | TKL_GLOBAL, "Exception", 1, 0 },
{ "shun", 's', TKL_SHUN | TKL_GLOBAL, "Shun", 1, 1 },
{ "local-qline", 'q', TKL_NAME, "Local Q-Line", 1, 0 },
{ "local-spamfilter", 'e', TKL_EXCEPTION, "Local Exception", 1, 0 },
{ "local-exception", 'f', TKL_SPAMF, "Local Spamfilter", 1, 0 },
{ "blacklist", 'b', TKL_BLACKLIST, "Blacklist", 0, 1 },
{ "connect-flood", 'c', TKL_CONNECT_FLOOD, "Connect flood", 0, 1 },
{ "maxperip", 'm', TKL_MAXPERIP, "Max-per-IP", 0, 1 },
{ "unknown-data-flood", 'd', TKL_UNKNOWN_DATA_FLOOD, "Unknown data flood", 0, 1 },
{ "antirandom", 'r', TKL_ANTIRANDOM, "Antirandom", 0, 1 },
{ "antimixedutf8", '8', TKL_ANTIMIXEDUTF8, "Antimixedutf8", 0, 1 },
{ "ban-version", 'v', TKL_BAN_VERSION, "Ban Version", 0, 1 },
{ NULL, '\0', 0, NULL, 0, 0 },
{ "gline", 'G', TKL_KILL | TKL_GLOBAL, "G-Line", 1, 1 },
{ "kline", 'k', TKL_KILL, "K-Line", 1, 1 },
{ "gzline", 'Z', TKL_ZAP | TKL_GLOBAL, "Global Z-Line", 1, 1 },
{ "zline", 'z', TKL_ZAP, "Z-Line", 1, 1 },
{ "spamfilter", 'F', TKL_SPAMF | TKL_GLOBAL, "Spamfilter", 1, 1 },
{ "qline", 'Q', TKL_NAME | TKL_GLOBAL, "Q-Line", 1, 1 },
{ "except", 'E', TKL_EXCEPTION | TKL_GLOBAL, "Exception", 1, 0 },
{ "shun", 's', TKL_SHUN | TKL_GLOBAL, "Shun", 1, 1 },
{ "local-qline", 'q', TKL_NAME, "Local Q-Line", 1, 0 },
{ "local-spamfilter", 'e', TKL_EXCEPTION, "Local Exception", 1, 0 },
{ "local-exception", 'f', TKL_SPAMF, "Local Spamfilter", 1, 0 },
{ "blacklist", 'b', TKL_BLACKLIST, "Blacklist", 0, 1 },
{ "connect-flood", 'c', TKL_CONNECT_FLOOD, "Connect flood", 0, 1 },
{ "maxperip", 'm', TKL_MAXPERIP, "Max-per-IP", 0, 1 },
{ "handshake-data-flood", 'd', TKL_HANDSHAKE_DATA_FLOOD, "Handshake data flood", 0, 1 },
{ "antirandom", 'r', TKL_ANTIRANDOM, "Antirandom", 0, 1 },
{ "antimixedutf8", '8', TKL_ANTIMIXEDUTF8, "Antimixedutf8", 0, 1 },
{ "ban-version", 'v', TKL_BAN_VERSION, "Ban Version", 0, 1 },
{ NULL, '\0', 0, NULL, 0, 0 },
};
#define ALL_VALID_EXCEPTION_TYPES "kline, gline, zline, gzline, spamfilter, shun, qline, blacklist, connect-flood, unknown-data-flood, antirandom, antimixedutf8, ban-version"
#define ALL_VALID_EXCEPTION_TYPES "kline, gline, zline, gzline, spamfilter, shun, qline, blacklist, connect-flood, handshake-data-flood, antirandom, antimixedutf8, ban-version"
int max_stats_matches = 1000;
@@ -1527,7 +1527,7 @@ void eline_syntax(Client *client)
sendnotice(client, "F: Spamfilter");
sendnotice(client, "b: Blacklist checking");
sendnotice(client, "c: Connect flood (bypass set::anti-flood::connect-flood))");
sendnotice(client, "d: Unknown data flood (no ZLINE on too much data before registration)");
sendnotice(client, "d: Handshake data flood (no ZLINE on too much data before registration)");
sendnotice(client, "m: Bypass allow::maxperip restriction");
sendnotice(client, "r: Bypass antirandom module");
sendnotice(client, "8: Bypass antimixedutf8 module");
@@ -2645,7 +2645,7 @@ static void add_default_exempts(void)
/* The exempted ban types are only ones that will affect other connections as well,
* such as gline, and not policy decissions such as maxperip exempt or bypass qlines.
* Currently the list is: gline, kline, gzline, zline, shun, blacklist,
* connect-flood, unknown-data-flood.
* connect-flood, handshake-data-flood.
*/
tkl_add_banexception(TKL_EXCEPTION, "*", "127.*", "localhost is always exempt",
"-default-", 0, TStime(), 0, "GkZzsbcd", TKL_FLAG_CONFIG);
+12 -13
View File
@@ -35,6 +35,7 @@ static void remove_unknown(Client *, char *);
static void parse2(Client *client, Client **fromptr, MessageTag *mtags, char *ch);
static void parse_addlag(Client *client, int cmdbytes);
static int client_lagged_up(Client *client);
static void ban_handshake_data_flooder(Client *client);
/** Put a packet in the client receive queue and process the data (if
* the 'fake lag' rules permit doing so).
@@ -60,14 +61,13 @@ int process_packet(Client *client, char *readbuf, int length, int killsafely)
return 0;
/* flood from unknown connection */
if (IsUnknown(client) && (DBufLength(&client->local->recvQ) > UNKNOWN_FLOOD_AMOUNT*1024))
if (IsUnknown(client) && (DBufLength(&client->local->recvQ) > iConf.handshake_data_flood_amount))
{
sendto_snomask(SNO_FLOOD, "Flood from unknown connection %s detected",
client->local->sockhost);
sendto_snomask(SNO_FLOOD, "Handshake data flood from %s detected", client->local->sockhost);
if (!killsafely)
ban_flooder(client);
ban_handshake_data_flooder(client);
else
dead_socket(client, "Flood from unknown connection");
dead_socket(client, "Handshake data flood detected");
return 0;
}
@@ -193,11 +193,10 @@ void parse(Client *cptr, char *buffer, int length)
if (IsDeadSocket(cptr))
return;
if ((cptr->local->receiveK >= UNKNOWN_FLOOD_AMOUNT) && IsUnknown(cptr))
if ((cptr->local->receiveK >= iConf.handshake_data_flood_amount/1024) && IsUnknown(cptr))
{
sendto_snomask(SNO_FLOOD, "Flood from unknown connection %s detected",
cptr->local->sockhost);
ban_flooder(cptr);
sendto_snomask(SNO_FLOOD, "Handshake data flood from %s detected", cptr->local->sockhost);
ban_handshake_data_flooder(cptr);
return;
}
@@ -533,20 +532,20 @@ static void parse2(Client *cptr, Client **fromptr, MessageTag *mtags, char *ch)
* Note that "lots" in terms of IRC is a few KB's, since more is rather unusual.
* @param client The client.
*/
void ban_flooder(Client *client)
static void ban_handshake_data_flooder(Client *client)
{
if (find_tkl_exception(TKL_UNKNOWN_DATA_FLOOD, client))
if (find_tkl_exception(TKL_HANDSHAKE_DATA_FLOOD, client))
{
/* If the user is exempt we will still KILL the client, since it is
* clearly misbehaving. We just won't ZLINE the host, so it won't
* affect any other connections from the same IP address.
*/
exit_client(client, NULL, "Flood from unknown connection");
exit_client(client, NULL, "Handshake data flood detected");
}
else
{
/* place_host_ban also takes care of removing any other clients with same host/ip */
place_host_ban(client, BAN_ACT_ZLINE, "Flood from unknown connection", UNKNOWN_FLOOD_BANTIME);
place_host_ban(client, iConf.handshake_data_flood_ban_action, "Handshake data flood detected", iConf.handshake_data_flood_ban_time);
}
}