1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-06 13:53:12 +02:00

Add /ELINE exception type 'm' to bypass allow::maxperip.

In the configuration item you can now achieve the same via:
except ban { mask 1.2.3.4; type maxperip; }
Or even:
except ban { mask { 1.2.3.4; 8.8.8.8; }; type maxperip; }
etc.

Suggested by The_Myth in https://bugs.unrealircd.org/view.php?id=5507

Also, fixed an issue where the IRCd was counting servers as
clients for maxperip, which doesn't make much sense in practice,
so it only counts users now.
This commit is contained in:
Bram Matthys
2019-12-30 18:19:09 +01:00
parent e4d9e001d8
commit fccb3b2f5b
3 changed files with 33 additions and 21 deletions
+26 -17
View File
@@ -1258,6 +1258,27 @@ int check_init(Client *client, char *sockn, size_t size)
return 1;
}
/** Returns 1 if allow::maxperip is exceeded by 'client' */
int exceeds_maxperip(Client *client, ConfigItem_allow *aconf)
{
Client *acptr;
int cnt = 1;
if (find_tkl_exception(TKL_MAXPERIP, client))
return 0; /* exempt */
list_for_each_entry(acptr, &lclient_list, lclient_node)
{
if (IsUser(acptr) && !strcmp(GetIP(acptr), GetIP(client)))
{
cnt++;
if (cnt > aconf->maxperip)
return 1;
}
}
return 0;
}
/** Allow or reject the client based on allow { } blocks and all other restrictions.
* @param client Client to check (local)
* @param username Username, for some reason...
@@ -1365,25 +1386,13 @@ int AllowClient(Client *client, char *username)
strlcpy(uhost, sockhost, sizeof(uhost));
set_sockhost(client, uhost);
if (aconf->maxperip)
if (aconf->maxperip && exceeds_maxperip(client, aconf))
{
Client *acptr, *acptr2;
int cnt = 1;
list_for_each_entry_safe(acptr, acptr2, &lclient_list, lclient_node)
{
if (!strcmp(GetIP(acptr), GetIP(client)))
{
cnt++;
if (cnt > aconf->maxperip)
{
/* Already got too many with that ip# */
exit_client(client, NULL, iConf.reject_message_too_many_connections);
return 0;
}
}
}
/* Already got too many with that ip# */
exit_client(client, NULL, iConf.reject_message_too_many_connections);
return 0;
}
if (aconf->auth && !Auth_Check(client, aconf->auth, client->local->passwd))
{
/* Always continue if password was wrong. */
+2
View File
@@ -124,6 +124,7 @@ TKLTypeTable tkl_types[] = {
{ "local-exception", 'f', TKL_SPAMF, "Local Spamfilter", 1, 0 },
{ "blacklist", 'b', TKL_BLACKLIST, "Blacklist", 0, 1 },
{ "connect-flood", 'c', TKL_CONNECT_FLOOD, "Connect flood", 0, 1 },
{ "maxperip", 'm', TKL_MAXPERIP, "Max-per-IP", 0, 1 },
{ "unknown-data-flood", 'd', TKL_UNKNOWN_DATA_FLOOD, "Unknown data flood", 0, 1 },
{ "antirandom", 'r', TKL_ANTIRANDOM, "Antirandom", 0, 1 },
{ "antimixedutf8", '8', TKL_ANTIMIXEDUTF8, "Antimixedutf8", 0, 1 },
@@ -1361,6 +1362,7 @@ void eline_syntax(Client *client)
sendnotice(client, "b: Blacklist checking");
sendnotice(client, "c: Connect flood (bypass set::anti-flood::connect-flood))");
sendnotice(client, "d: Unknown data flood (no ZLINE on too much data before registration)");
sendnotice(client, "m: Bypass allow::maxperip restriction");
sendnotice(client, "r: Bypass antirandom module");
sendnotice(client, "8: Bypass antimixedutf8 module");
sendnotice(client, "v: Bypass ban version { } blocks");