1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-05 02:13:14 +02:00
Commit Graph

6923 Commits

Author SHA1 Message Date
Bram Matthys a04295c588 Add set::dns and increase DNS timeout for DNSBL (3000ms first, then on retry 6000ms).
This is quite a bit higher than client DNS lookups (1500ms first, on retry 3000ms)
and is because some DNSBL are reported to be quite a bit slower than ordinary DNS.
(Maybe just some, but.. the higher timeout does not hurt anyone anyway)

Note that all this has no effect on client handshake times, as DNSBL checks are
done in the background. Only side-effect is that if we do get a "late hit" then
you may now see a kill a few seconds after the client is online (which was actually
already possible before too for quick clients, but.. yeah...)

These settings can be overriden via set::dns, these are the defaults:

set {
        dns {
                client {
                        timeout 1500;
                        retry 2;
                }
                dnsbl {
                        timeout 3000;
                        retry 2;
                }
        }
}

When you REHASH we will check if the values are different than the current
c-ares settings and if so, reinitialize the resolver. Reinitializing the
resolver will destroy outstanding DNS requests, eg DNS lookups for clients
currently connecting, but so be it. Not a super-huge issue since changing
this is rare.

Requested by BlackBishop in https://bugs.unrealircd.org/view.php?id=6306
2023-10-11 19:04:06 +02:00
Bram Matthys 9a6a06b63f Split resolver channel into two: client & dnsbl 2023-10-11 18:08:26 +02:00
Bram Matthys b2030b1a6f Fix UTF8 not working in spamfilter { } blocks, only after the first REHASH.
With error messages about it possibly but also possibly not (silently failing).

This is actually quite bad because when the ircd is running, you could
happily add spamfilters with UTF8 like stuff, REHASH fine, but if you
then restart the IRCd would fail to boot due to a config error.

Reported by BlackBishop.
2023-10-08 18:33:27 +02:00
Bram Matthys c135b71fa3 Fix possible REHASH crash in some circumstances (also in 6.1.*)
If you make a parser mistake in the config file, like a missing semicolon,
then under some circumstances the server may crash. Not always, it seems,
which explains why this bug is not reported that much.
2023-10-07 18:39:49 +02:00
Bram Matthys 552d72cbaa ** UnrealIRCd 6.1.2.2 ** 2023-10-06 09:37:51 +02:00
Bram Matthys 59c11d8b23 Add support for "REHASH -centralspamfilter" (alias "REHASH -cs") to force
an immediate fetch+load of central spamfilter rules, so you don't have
to wait an hour (or whatever is configured).
2023-10-06 08:49:43 +02:00
Bram Matthys 25d1bdfbf5 Make central spamfilters show in STATS spamfilter as "-centralspamfilter-"
rather than "-config-". Suggested by Lord255.
[skip ci]
2023-10-06 08:29:19 +02:00
Bram Matthys 1741da6d2a Fix another instance of "STATS spamfilter" accidentally containing spaces
When using multi-targets like spamfilter { action { report; block; } }
it would output in stats like "report, block". Now changed to "report,block"
2023-10-06 07:44:24 +02:00
Bram Matthys 45002eeb6f Fix STATS output for config-based spamfilters with reasons with spaces.
For config-based spamfilters, the reason was not escaped, meaning that
spaces and underscores did not work as expected.
For example, in "STATS spamfilter" the spaces were displayed as-is
which means that the numeric output was not really parsable.

Apparently this bug exists since UnrealIRCd 5 already...
2023-10-06 07:36:26 +02:00
Bram Matthys 25d5a2ac64 Fix possible crash on SETNAME with spamfilter 'u'.
[skip ci]
2023-10-06 07:19:04 +02:00
Bram Matthys 3d9233baab Fix tkldb storing (and restoring) central spamfilters.
These should not be in tkldb, just like config-based spamfilters are not.
2023-10-06 07:08:22 +02:00
Bram Matthys 43240e4557 Don't allow central spamfilter without 'reason' 2023-10-06 07:00:44 +02:00
Bram Matthys 8398c8cd8d Don't crash when reading spamfilters from tkldb that don't compile (anymore).
For example, because of a different version of PCRE2, or because of the switch
from non-UTF8 to UTF8 (or vice versa) which disallows certain byte sequences.
2023-10-05 17:37:06 +02:00
Bram Matthys 931eea475c ** UnrealIRCd 6.1.2.1 ** 2023-10-04 10:22:43 +02:00
Bram Matthys 088d2595d5 Fix crash on REHASH with crule (such as spamfilter::rule).
This happens when !, || or && are used, though the exact requirements
for the crash may also require a function with arguments.

Reported by BlackBishop.
2023-10-04 10:14:09 +02:00
Bram Matthys a780968dee ** UnrealIRCd 6.1.2 ** 2023-10-04 07:11:36 +02:00
Bram Matthys 87295deb67 Remove client->local->next_nick_allowed which is unused nowadays.
It was moved to the generic anti-flood framework which is
FloodCounter flood[MAXFLOODOPTIONS];
2023-10-02 14:26:01 +02:00
Bram Matthys f2216fc6c1 Call fd_unnotify() on SetDeadSocket(), since we don't care anymore. 2023-10-02 14:25:24 +02:00
Bram Matthys 64a8608a0f ** UnrealIRCd 6.1.2-rc2 ** 2023-09-23 11:40:31 +02:00
Bram Matthys 311f7397f5 Fix NULL pointer crash due to reputation code changes from yesterday 2023-09-18 09:19:53 +02:00
Bram Matthys b234e13358 Don't bump reputation scores anymore for users who are in no channels or
when they are only in channel(s) with very low member counts.

This because some typical bot/drone behavior is not to join any channels.
This kinda forces them to expose themselves a bit more (and if they don't,
they don't get more reputation).

The downside is for the unusual case where a legit chatter would be on
the network but not joining any channels, but that is rare. In any case,
this setting can be adjusted if that is typical or more normal behavior
on your network :D.

* The [reputation score](https://www.unrealircd.org/docs/Reputation_score)
  of connected users (actually IP's) is increased every 5 minutes. We still
  do this, but only for users who are at least in one channel that has 3
  or more members. This setting is tweakable via
  [set::reputation::score-bump-timer-minimum-channel-members](https://www.unrealircd.org/docs/Set_block#set::reputation).
  Setting this to 0 means to bump scores also for people who are in no
  channels at all, which was the behavior in previous UnrealIRCd versions.
2023-09-17 11:47:34 +02:00
Bram Matthys 4e070b8034 Use client:set:reputation oper privilege for latest change
[skip ci]
2023-09-17 09:58:21 +02:00
Bram Matthys f3538f07d9 Support setting of reputation via /REPUTATION <nick|ip> <value>
Useful for testing and.. well.. perhaps other things.
2023-09-17 09:55:59 +02:00
Bram Matthys 97630b4717 Allow setting reputation in https://www.unrealircd.org/docs/Actions via
action { set REPUTATION--; } and similar.

Also enhancement to reputation S2S traffic, to support decreasing:
  *
+ * Since UnrealIRCd 6.0.2+ there is now also asterisk-score-asterisk:
+ * :server REPUTATION 1.2.3.4 *2*
+ * The leading asterisk means no reply will be sent back, ever, and the
+ * trailing asterisk will mean it is a "FORCED SET", which means that
+ * servers should set the reputation to that value, even if it is lower.
+ * This way reputation can be reduced and the reducation can be synced
+ * across servers, which was not possible before 6.0.2.
+ *

So if you are actually decreasing reputation, you need all servers on
6.0.2 or higher for it to work properly, otherwise the other servers
don't decrease it, and next connect the highest wins again, etc.
2023-09-17 09:39:55 +02:00
Bram Matthys 55eaa7bbea Add set::blacklist::recheck-time 'never' to disable rechecking and document
this and blacklist::recheck.
2023-09-09 11:20:32 +02:00
Bram Matthys ddf6dea22d Add blacklist::recheck to skip a dnsbl from rechecks.
Suggested by BlackBishop in https://bugs.unrealircd.org/view.php?id=6307
2023-09-09 11:09:01 +02:00
Bram Matthys 35e5d99e32 './unrealircd module upgrade' only showed output for one module upgrade,
even when multiple modules were upgraded.

Actually not sure about the cause and how this is possible, but running
'make install' only once at the end is the solution, which is something
that should be done that way anyway.

Reported by westor in https://bugs.unrealircd.org/view.php?id=5919
2023-09-09 10:40:29 +02:00
Bram Matthys 942b8a604d Config file: when not using quotes, don't silently drop slashes in names/values.
In the config file, when not using quotes, a slash at the beginning of a
variable name or value was silently discarded (eg `file /tmp/xyz;` resulted
in a file `tmp/xyz`).

Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6325
2023-09-09 09:41:47 +02:00
Bram Matthys 660a501617 ** UnrealIRCd 6.1.2-rc1 ** 2023-09-08 17:46:18 +02:00
Bram Matthys bcc07b1591 Integrate third/blacklistrecheck functionality (set::blacklist::recheck-time)
https://www.unrealircd.org/docs/Set_block#set::blacklist::recheck-time
2023-09-06 16:31:55 +02:00
Bram Matthys 89b2d91084 In HOOKTYPE_PRE_CHANMSG the mtags is now a MessageTag **,
so a pointer-to-a-pointer rather than a pointer, to allow stripping
message tags by modules. Needed for a module from Valware.
2023-08-19 17:26:14 +02:00
Bram Matthys d63a8cf2d5 Show who actually tried to use a banned nick.
Reported by Amiga600 in https://bugs.unrealircd.org/view.php?id=6300
Inspired by patch from Valware in https://github.com/unrealircd/unrealircd/pull/255
2023-08-19 12:17:00 +02:00
Bram Matthys 2665cec73b Fix crash when ~security-group:securitygroup is used in conf (so old style
in eg ban user::mask).
Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6319
2023-07-26 12:45:49 +02:00
Bram Matthys 50753b4678 Make central spamfilters require an 'id', and ignore for non-central.
At least for now...
2023-07-21 12:26:02 +02:00
Bram Matthys 89e5309326 Add set::central-spamfilter::feed and update the page at
https://www.unrealircd.org/docs/Central_Spamfilter
2023-07-21 12:03:43 +02:00
Bram Matthys cd19198e3b Spamfilter fixes: prevent actions that are currently config-only from
being added by other servers and being able to spread to areas of
which the code is currently not ready for ('set', 'report', 'stop').
2023-07-20 14:50:40 +02:00
Bram Matthys e54382fe95 Use (*errors)++ consistently.
This fixes one bug from yesterday in securitygroup.c:258,
fixes 2 (harmless) warnings and other than that just style.
2023-07-17 09:03:03 +02:00
Bram Matthys 937236126f Add new spamfilter type 'raw' which matches against a raw command/protocol line.
SPAMFILTER add -simple R block - Hi_there! LIST*

Though it is more useful in complex spamfilter rules in the conf, presumably.
2023-07-16 19:47:43 +02:00
Bram Matthys f062d3f178 Fix memory leak if using sni blocks 2023-07-16 18:52:32 +02:00
Bram Matthys 3e2f668f10 Revert antimixedutf8 changes from earlier, back to 6.1.1(.1) version again. 2023-07-16 17:27:47 +02:00
Bram Matthys 11bd657e8a Fix set unknown-users { } not working
Repoerted by BlackBishop in https://bugs.unrealircd.org/view.php?id=6292
2023-07-16 12:22:16 +02:00
Bram Matthys b272b6700a Add security-group::rule support, see https://www.unrealircd.org/docs/Crule 2023-07-16 12:09:01 +02:00
Bram Matthys 59c6c99ba3 spamfilter::rule: add destination('#xyz') support (supports wildcards) 2023-07-16 11:29:53 +02:00
Bram Matthys 13bb09aa4b crule: add inchannel('#xyz'), and inchannel('@#needopshere') works too 2023-07-16 11:22:02 +02:00
Bram Matthys b1d0a05638 Make 'channel' work in security groups. 2023-07-16 11:06:42 +02:00
Bram Matthys 9b11366a8e crule: code cleanups / conform a bit more to unrealircd style 2023-07-16 10:52:03 +02:00
Bram Matthys b325f88795 crule/spamfilter: pass text in crule context, not used yet, but could
be useful in some future crule function.
[skip ci]
2023-07-16 10:46:39 +02:00
Bram Matthys 2beefcd2ee crule: remove CR_DEBUG, bump some limits and remove collapse() call 2023-07-16 10:40:11 +02:00
Bram Matthys 08cb0fc05d Move crule to a module, so we can hot-patch if needed in the future.
This is a mandatory module to load, and included in modules.default.conf.

This also meant that the crule_test() etc efunctions are available
before running config test routines, so we now have a flag for
early efuncs. I guess we could consider doing that for all efuncs
though, so not sure if this flag is really needed.
2023-07-16 10:33:25 +02:00
Bram Matthys 36fc839022 Support single quotes in spamfilter::rule, for like xyz('bla/bla') 2023-07-16 09:31:02 +02:00