CVSROOT : /cvsroot/undernet-ircu
Module : ircu2.10
Branch tags: u2_10_11_06
Commit time: 2003-11-22 12:56:07 UTC
Modified files:
Tag: u2_10_11_06
ChangeLog doc/example.conf doc/readme.features
include/ircd_features.h ircd/IPcheck.c ircd/ircd_features.c
Log message:
Author: Spike <[EMAIL PROTECTED]>
Log message:
Pompom.
---------------------- diff included ----------------------
Index: ircu2.10/ChangeLog
diff -u ircu2.10/ChangeLog:1.290.2.129.2.18 ircu2.10/ChangeLog:1.290.2.129.2.19
--- ircu2.10/ChangeLog:1.290.2.129.2.18 Sat Nov 22 04:39:52 2003
+++ ircu2.10/ChangeLog Sat Nov 22 04:55:56 2003
@@ -1,3 +1,6 @@
+2003-11-23 Spike <[EMAIL PROTECTED]>
+ * ircd/IPcheck.c: Make IPcheck constants configurable
+
2003-11-18 Isomer <[EMAIL PROTECTED]>
* ircd/gline.c: Fix broken test that causes core dumps on realname
glines.
Index: ircu2.10/doc/example.conf
diff -u ircu2.10/doc/example.conf:1.15.2.9.2.1 ircu2.10/doc/example.conf:1.15.2.9.2.2
--- ircu2.10/doc/example.conf:1.15.2.9.2.1 Tue Nov 18 02:05:14 2003
+++ ircu2.10/doc/example.conf Sat Nov 22 04:55:56 2003
@@ -507,6 +507,9 @@
# F:IRCD_RES_TIMEOUTS:4
# F:IRCD_RES_RETRIES:2
# F:AUTH_TIMEOUT:9
+# F:IPCHECK_CLONE_LIMIT:4
+# F:IPCHECK_CLONE_PERIOD:40
+# F:IPCHECK_CLONE_DELAY:600
# F:CRYPT_OPER_PASSWORD:TRUE
# F:OPER_NO_CHAN_LIMIT:TRUE
# F:OPER_MODE_LCHAN:TRUE
Index: ircu2.10/doc/readme.features
diff -u ircu2.10/doc/readme.features:1.2.2.10.6.1
ircu2.10/doc/readme.features:1.2.2.10.6.2
--- ircu2.10/doc/readme.features:1.2.2.10.6.1 Tue Nov 18 02:05:15 2003
+++ ircu2.10/doc/readme.features Sat Nov 22 04:55:56 2003
@@ -486,6 +486,34 @@
the DNS query to succeed. On older (pre 2.10.11.06) servers this was
hard coded to 60 seconds.
+IPCHECK_CLONE_LIMIT
+ * Type: integer
+ * Default: 4
+
+The number of times you are allowed to connect within IPCHECK_CLONE_PERIOD
+seconds before you are considered abusing the server and throttled.
+
+IPCHECK_CLONE_PERIOD
+ * Type: integer
+ * Defualt: 40
+
+The number of seconds you are allowed to connect IPCHECK_CLONE_LIMIT times
+within before you are considered abusing the server and throttled.
+For instance if you set IPCHECK_CLONE_LIMIT to 1, and IPCHECK_CLONE_PERIOD
+to 10, then a user is only allowed to connect once in 10s, if they connect
+again within 10s, then they are considered to be connecting too fast and
+they are throttled.
+
+IPCHECK_CLONE_DELAY
+ * Type: integer
+ * Default: 600
+
+The number of seconds grace after restarting the server before the throttle
+code kicks in. Even if a user connects repeditively during this period,
+they will never get throttled. This is so after a restart users on a
+multiuser box can all connect to a server simultaniously without being
+considered an attack.
+
CRYPT_OPER_PASSWORD
* Type: boolean
* Default: TRUE
Index: ircu2.10/include/ircd_features.h
diff -u ircu2.10/include/ircd_features.h:1.11.2.11.2.1
ircu2.10/include/ircd_features.h:1.11.2.11.2.2
--- ircu2.10/include/ircd_features.h:1.11.2.11.2.1 Tue Nov 18 02:05:15 2003
+++ ircu2.10/include/ircd_features.h Sat Nov 22 04:55:56 2003
@@ -18,7 +18,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
- * $Id: ircd_features.h,v 1.11.2.11.2.1 2003/11/18 10:05:15 isomer Exp $
+ * $Id: ircd_features.h,v 1.11.2.11.2.2 2003/11/22 12:55:56 isomer Exp $
*/
struct Client;
@@ -67,6 +67,9 @@
FEAT_GLINEMAXUSERCOUNT,
FEAT_SOCKSENDBUF,
FEAT_SOCKRECVBUF,
+ FEAT_IPCHECK_CLONE_LIMIT,
+ FEAT_IPCHECK_CLONE_PERIOD,
+ FEAT_IPCHECK_CLONE_DELAY,
/* Some misc. default paths */
FEAT_MPATH,
Index: ircu2.10/ircd/IPcheck.c
diff -u ircu2.10/ircd/IPcheck.c:1.26.2.3 ircu2.10/ircd/IPcheck.c:1.26.2.3.2.1
--- ircu2.10/ircd/IPcheck.c:1.26.2.3 Sat Nov 1 02:19:08 2003
+++ ircu2.10/ircd/IPcheck.c Sat Nov 22 04:55:57 2003
@@ -16,7 +16,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
- * $Id: IPcheck.c,v 1.26.2.3 2003/11/01 10:19:08 isomer Exp $
+ * $Id: IPcheck.c,v 1.26.2.3.2.1 2003/11/22 12:55:57 isomer Exp $
*
*
* This file should be edited in a window with a width of 141 characters
@@ -34,6 +34,8 @@
#include "s_debug.h" /* Debug */
#include "s_user.h" /* TARGET_DELAY */
#include "send.h"
+#include "ircd_features.h"
+
#include <assert.h>
#include <string.h>
@@ -64,9 +66,9 @@
#define NOW ((unsigned short)(CurrentTime & MASK_16))
#define CONNECTED_SINCE(x) (NOW - (x))
-#define IPCHECK_CLONE_LIMIT 4
-#define IPCHECK_CLONE_PERIOD 40
-#define IPCHECK_CLONE_DELAY 600
+#define IPCHECK_CLONE_LIMIT feature_int(FEAT_IPCHECK_CLONE_LIMIT)
+#define IPCHECK_CLONE_PERIOD feature_int(FEAT_IPCHECK_CLONE_PERIOD)
+#define IPCHECK_CLONE_DELAY feature_int(FEAT_IPCHECK_CLONE_DELAY)
static struct IPRegistryEntry* hashTable[IP_REGISTRY_TABLE_SIZE];
Index: ircu2.10/ircd/ircd_features.c
diff -u ircu2.10/ircd/ircd_features.c:1.15.2.12.2.1
ircu2.10/ircd/ircd_features.c:1.15.2.12.2.2
--- ircu2.10/ircd/ircd_features.c:1.15.2.12.2.1 Tue Nov 18 02:05:16 2003
+++ ircu2.10/ircd/ircd_features.c Sat Nov 22 04:55:57 2003
@@ -16,7 +16,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
- * $Id: ircd_features.c,v 1.15.2.12.2.1 2003/11/18 10:05:16 isomer Exp $
+ * $Id: ircd_features.c,v 1.15.2.12.2.2 2003/11/22 12:55:57 isomer Exp $
*/
#include "config.h"
@@ -274,6 +274,9 @@
F_I(GLINEMAXUSERCOUNT, 0, 20, 0),
F_I(SOCKSENDBUF, 0, 61440, 0),
F_I(SOCKRECVBUF, 0, 61440, 0),
+ F_I(IPCHECK_CLONE_LIMIT, 0, 4, 0),
+ F_I(IPCHECK_CLONE_PERIOD, 0, 40, 0),
+ F_I(IPCHECK_CLONE_DELAY, 0, 600, 0),
/* Some misc. default paths */
F_S(MPATH, FEAT_CASE | FEAT_MYOPER, "ircd.motd", motd_init),
----------------------- End of diff -----------------------
