[Patches] [CVS] Module ircu2.10: Change committed

Entrope Sat, 15 May 2004 07:07:55 -0700

Committer  : entrope
CVSROOT    : /cvsroot/undernet-ircu
Module     : ircu2.10
Commit time: 2004-05-15 14:02:01 UTC


Modified files:
     ChangeLog doc/example.conf doc/readme.features
     include/ircd_features.h ircd/IPcheck.c ircd/ircd_features.c
     ircd/parse.c ircd/res_adns.c ircd/res_libresolv.c ircd/s_auth.c

Log message:

Forward port IPCHECK_CLONE_LIMIT, IPCHECK_CLONE_PERIOD,
IPCHECK_CLONE_DELAY, IRCD_RES_RETRIES, IRCD_RES_TIMEOUT, and
AUTH_TIMEOUT features from 2.10.11.

---------------------- diff included ----------------------
Index: ircu2.10/ChangeLog
diff -u ircu2.10/ChangeLog:1.398 ircu2.10/ChangeLog:1.399
--- ircu2.10/ChangeLog:1.398    Fri May 14 06:17:07 2004
+++ ircu2.10/ChangeLog  Sat May 15 07:01:45 2004
@@ -1,3 +1,18 @@
+2004-05-15  Isomer <[EMAIL PROTECTED]>
+
+       [Original ChangeLog date: 2003-11-18 -MDP]
+
+       * ircd/s_auth.c, ircd/res_libresolv.c, ircd/res_adns.c: Clean up
+       the preregistration subsystem allowing customisation of timers,
+       make the dns resolver stats oper only, and make it much more clear
+       what all the numbers are.
+
+2004-05-15  Spike <[EMAIL PROTECTED]>
+
+       [Original ChangeLog date: 2003-11-23 -MDP]
+
+       * ircd/IPcheck.c: Make IPcheck constants configurable
+
 2004-05-14  Kevin L Mitchell  <[EMAIL PROTECTED]>
 
        [Original ChangeLog date: 2003-11-22 -MDP]
Index: ircu2.10/doc/example.conf
diff -u ircu2.10/doc/example.conf:1.25 ircu2.10/doc/example.conf:1.26
--- ircu2.10/doc/example.conf:1.25      Fri May 14 06:17:07 2004
+++ ircu2.10/doc/example.conf   Sat May 15 07:01:47 2004
@@ -742,6 +742,12 @@
 # "TOS_SERVER" = "0x08";
 # "TOS_CLIENT" = "0x08";
 # "POLLS_PER_LOOP" = "200";
+# "IRCD_RES_TIMEOUTS" = "4";
+# "IRCD_RES_RETRIES" = "2";
+# "AUTH_TIMEOUT" = "9";
+# "IPCHECK_CLONE_LIMIT" = "4";
+# "IPCHECK_CLONE_PERIOD" = "40";
+# "IPCHECK_CLONE_DELAY" = "600";
 # "CRYPT_OPER_PASSWORD" = "TRUE";
 # "OPER_NO_CHAN_LIMIT" = "TRUE";
 # "OPER_MODE_LCHAN" = "TRUE";
Index: ircu2.10/doc/readme.features
diff -u ircu2.10/doc/readme.features:1.8 ircu2.10/doc/readme.features:1.9
--- ircu2.10/doc/readme.features:1.8    Fri May 14 06:17:07 2004
+++ ircu2.10/doc/readme.features        Sat May 15 07:01:47 2004
@@ -1077,3 +1077,57 @@
 larger than the NICKLEN #define, and should usually be the same
 length.  The real purpose of this feature is to permit easy increases
 in nickname length for a network.
+
+IRCD_RES_RETRIES
+ * Type: integer
+ * Default: 2
+
+This is the number of attempts the irc daemon's resolver will have at 
+trying to solicit a response from the DNS server.
+NOTE: Has no effect when using the adns resolver.
+
+IRCD_RES_TIMEOUT
+ * Type: integer
+ * Default: 4
+
+When a DNS query is sent, the irc daemon's resolver will wait this many
+seconds for a reply.  After this timeout has expired, it will retry again,
+for as many retries as IRCD_RES_RETRIES allows.  This can be cut short by
+AUTH_TIMEOUT expiring.
+NOTE: Has no effect when using the adns resolver.
+
+AUTH_TIMEOUT
+ * Type: integer
+ * Default: 9
+
+This is the maximum number of seconds to wait for the ident lookup and 
+the DNS query to succeed.  On older (pre 2.10.11.06) servers this was
+hard coded to 60 seconds.
+
+IPCHECK_CLONE_LIMIT
+ * Type: integer
+ * Default: 4
+
+The number of times you are allowed to connect within IPCHECK_CLONE_PERIOD
+seconds before you are considered abusing the server and throttled.
+
+IPCHECK_CLONE_PERIOD
+ * Type: integer
+ * Defualt: 40
+
+The number of seconds you are allowed to connect IPCHECK_CLONE_LIMIT times
+within before you are considered abusing the server and throttled.  
+For instance if you set IPCHECK_CLONE_LIMIT to 1, and IPCHECK_CLONE_PERIOD
+to 10, then a user is only allowed to connect once in 10s, if they connect
+again within 10s, then they are considered to be connecting too fast and
+they are throttled.
+
+IPCHECK_CLONE_DELAY
+ * Type: integer
+ * Default: 600
+
+The number of seconds grace after restarting the server before the throttle
+code kicks in.  Even if a user connects repeditively during this period, 
+they will never get throttled.  This is so after a restart users on a 
+multiuser box can all connect to a server simultaniously without being 
+considered an attack.
Index: ircu2.10/include/ircd_features.h
diff -u ircu2.10/include/ircd_features.h:1.22 ircu2.10/include/ircd_features.h:1.23
--- ircu2.10/include/ircd_features.h:1.22       Fri May 14 06:17:08 2004
+++ ircu2.10/include/ircd_features.h    Sat May 15 07:01:48 2004
@@ -18,7 +18,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- * $Id: ircd_features.h,v 1.22 2004/05/14 13:17:08 entrope Exp $
+ * $Id: ircd_features.h,v 1.23 2004/05/15 14:01:48 entrope Exp $
  */
 
 struct Client;
@@ -68,6 +68,9 @@
   FEAT_CONNECTFREQUENCY,
   FEAT_DEFAULTMAXSENDQLENGTH,
   FEAT_GLINEMAXUSERCOUNT,
+  FEAT_IPCHECK_CLONE_LIMIT,
+  FEAT_IPCHECK_CLONE_PERIOD,
+  FEAT_IPCHECK_CLONE_DELAY,
 
   /* Some misc. default paths */
   FEAT_MPATH,
@@ -79,6 +82,9 @@
   FEAT_TOS_SERVER,
   FEAT_TOS_CLIENT,
   FEAT_POLLS_PER_LOOP,
+  FEAT_IRCD_RES_RETRIES,
+  FEAT_IRCD_RES_TIMEOUT,
+  FEAT_AUTH_TIMEOUT,
 
   /* features that affect all operators */
   FEAT_CRYPT_OPER_PASSWORD,
Index: ircu2.10/ircd/IPcheck.c
diff -u ircu2.10/ircd/IPcheck.c:1.28 ircu2.10/ircd/IPcheck.c:1.29
--- ircu2.10/ircd/IPcheck.c:1.28        Tue Jan  7 02:06:42 2003
+++ ircu2.10/ircd/IPcheck.c     Sat May 15 07:01:49 2004
@@ -16,7 +16,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- * $Id: IPcheck.c,v 1.28 2003/01/07 10:06:42 a1kmm Exp $
+ * $Id: IPcheck.c,v 1.29 2004/05/15 14:01:49 entrope Exp $
  *
  * 
  * This file should be edited in a window with a width of 141 characters
@@ -31,6 +31,7 @@
 #include "numnicks.h"       /* NumNick, NumServ (GODMODE) */
 #include "ircd_alloc.h"
 #include "ircd_events.h"
+#include "ircd_features.h"
 #include "s_debug.h"        /* Debug */
 #include "s_user.h"         /* TARGET_DELAY */
 #include "send.h"
@@ -64,9 +65,9 @@
 #define NOW ((unsigned short)(CurrentTime & MASK_16))
 #define CONNECTED_SINCE(x) (NOW - (x))
 
-#define IPCHECK_CLONE_LIMIT 4
-#define IPCHECK_CLONE_PERIOD 40
-#define IPCHECK_CLONE_DELAY 600
+#define IPCHECK_CLONE_LIMIT feature_int(FEAT_IPCHECK_CLONE_LIMIT)
+#define IPCHECK_CLONE_PERIOD feature_int(FEAT_IPCHECK_CLONE_PERIOD)
+#define IPCHECK_CLONE_DELAY feature_int(FEAT_IPCHECK_CLONE_DELAY)
 
 
 static struct IPRegistryEntry* hashTable[IP_REGISTRY_TABLE_SIZE];
Index: ircu2.10/ircd/ircd_features.c
diff -u ircu2.10/ircd/ircd_features.c:1.28 ircu2.10/ircd/ircd_features.c:1.29
--- ircu2.10/ircd/ircd_features.c:1.28  Fri May 14 06:17:08 2004
+++ ircu2.10/ircd/ircd_features.c       Sat May 15 07:01:49 2004
@@ -16,7 +16,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- * $Id: ircd_features.c,v 1.28 2004/05/14 13:17:08 entrope Exp $
+ * $Id: ircd_features.c,v 1.29 2004/05/15 14:01:49 entrope Exp $
  */
 #include "config.h"
 
@@ -274,6 +274,9 @@
   F_I(CONNECTFREQUENCY, 0, 600, init_class),
   F_I(DEFAULTMAXSENDQLENGTH, 0, 40000, init_class),
   F_I(GLINEMAXUSERCOUNT, 0, 20, 0),
+  F_I(IPCHECK_CLONE_LIMIT, 0, 4, 0),
+  F_I(IPCHECK_CLONE_PERIOD, 0, 40, 0),
+  F_I(IPCHECK_CLONE_DELAY, 0, 600, 0),
 
   /* Some misc. default paths */
   F_S(MPATH, FEAT_CASE | FEAT_MYOPER, "ircd.motd", motd_init),
@@ -285,6 +288,9 @@
   F_I(TOS_SERVER, 0, 0x08, 0),
   F_I(TOS_CLIENT, 0, 0x08, 0),
   F_I(POLLS_PER_LOOP, 0, 200, 0),
+  F_I(IRCD_RES_RETRIES, 0, 2, 0),
+  F_I(IRCD_RES_TIMEOUT, 0, 4, 0),
+  F_I(AUTH_TIMEOUT, 0, 9, 0),
 
   /* features that affect all operators */
   F_B(CRYPT_OPER_PASSWORD, FEAT_MYOPER | FEAT_READ, 1, 0),
Index: ircu2.10/ircd/parse.c
diff -u ircu2.10/ircd/parse.c:1.39 ircu2.10/ircd/parse.c:1.40
--- ircu2.10/ircd/parse.c:1.39  Sun May  9 20:08:14 2004
+++ ircu2.10/ircd/parse.c       Sat May 15 07:01:49 2004
@@ -17,7 +17,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- * $Id: parse.c,v 1.39 2004/05/10 03:08:14 entrope Exp $
+ * $Id: parse.c,v 1.40 2004/05/15 14:01:49 entrope Exp $
  */
 #include "config.h"
 
@@ -544,7 +544,7 @@
     TOK_DNS,
     0, MAXPARA, MFLG_SLOW, 0, NULL,
     /* UNREG, CLIENT, SERVER, OPER, SERVICE */
-    { m_unregistered, m_dns, m_dns, m_dns, m_ignore }
+    { m_unregistered, m_ignore, m_ignore, m_dns, m_ignore }
   },
   {
     MSG_REHASH,
Index: ircu2.10/ircd/res_adns.c
diff -u ircu2.10/ircd/res_adns.c:1.3 ircu2.10/ircd/res_adns.c:1.4
--- ircu2.10/ircd/res_adns.c:1.3        Tue Jun 17 13:12:00 2003
+++ ircu2.10/ircd/res_adns.c    Sat May 15 07:01:50 2004
@@ -4,7 +4,7 @@
  * shape or form. The author takes no responsibility for any damage or loss
  * of property which results from the use of this software.
  *
- * $Id: res_adns.c,v 1.3 2003/06/17 20:12:00 decampos Exp $
+ * $Id: res_adns.c,v 1.4 2004/05/15 14:01:50 entrope Exp $
  *
  * July 1999 - Rewrote a bunch of stuff here. Change hostent builder code,
  *     added callbacks and reference counting of returned hostents.
@@ -796,17 +796,14 @@
 int m_dns(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
 {
 #if !defined(NDEBUG)
-  if (parv[1] && *parv[1] == 'd') {
-    sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :ResolverFileDescriptor = %d", 
-                 sptr, ResolverFileDescriptor);
-    return 0;
-  }
-  sendcmdto_one(&me, CMD_NOTICE, sptr,"%C :Re %d Rl %d/%d Rp %d Rq %d",
+  sendcmdto_one(&me, CMD_NOTICE, sptr,"%C :Errors %d Lookups %d/%d Replies %d 
Requests %d",
                sptr, reinfo.re_errors, reinfo.re_nu_look,
                reinfo.re_na_look, reinfo.re_replies, reinfo.re_requests);
-  sendcmdto_one(&me, CMD_NOTICE, sptr,"%C :Ru %d Rsh %d Rs %d(%d) Rt %d", sptr,
+  sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :Unknown Reply %d Short TTL(<10m) %d Sent 
%d Resends %d Timeouts %d", sptr,
                reinfo.re_unkrep, reinfo.re_shortttl, reinfo.re_sent,
                reinfo.re_resends, reinfo.re_timeouts);
+  sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :ResolverFileDescriptor = %d", 
+                sptr, ResolverFileDescriptor);
 #endif
   return 0;
 }
Index: ircu2.10/ircd/res_libresolv.c
diff -u ircu2.10/ircd/res_libresolv.c:1.2 ircu2.10/ircd/res_libresolv.c:1.3
--- ircu2.10/ircd/res_libresolv.c:1.2   Fri Jan 10 21:46:51 2003
+++ ircu2.10/ircd/res_libresolv.c       Sat May 15 07:01:50 2004
@@ -4,7 +4,7 @@
  * shape or form. The author takes no responsibility for any damage or loss
  * of property which results from the use of this software.
  *
- * $Id: res_libresolv.c,v 1.2 2003/01/11 05:46:51 bleepster Exp $
+ * $Id: res_libresolv.c,v 1.3 2004/05/15 14:01:50 entrope Exp $
  *
  * July 1999 - Rewrote a bunch of stuff here. Change hostent builder code,
  *     added callbacks and reference counting of returned hostents.
@@ -17,6 +17,7 @@
 #include "ircd.h"
 #include "ircd_alloc.h"
 #include "ircd_events.h"
+#include "ircd_features.h"
 #include "ircd_log.h"
 #include "ircd_osdep.h"
 #include "ircd_reply.h"
@@ -431,9 +432,9 @@
   memset(request, 0, sizeof(struct ResRequest));
 
   request->sentat           = CurrentTime;
-  request->retries          = 3;
+  request->retries          = feature_int(FEAT_IRCD_RES_RETRIES);
   request->resend           = 1;
-  request->timeout          = 5;    /* start at 5 per RFC1123 */
+  request->timeout          = feature_int(FEAT_IRCD_RES_TIMEOUT);
   request->addr.s_addr      = INADDR_NONE;
   request->he.h_addrtype    = AF_INET;
   request->he.h_length      = sizeof(struct in_addr);
@@ -1166,18 +1167,14 @@
 int m_dns(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
 {
 #if !defined(NDEBUG)
-  if (parv[1] && *parv[1] == 'd') {
-    sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :ResolverFileDescriptor = %d", 
-                 sptr, ResolverFileDescriptor);
-    return 0;
-  }
-  
-  sendcmdto_one(&me, CMD_NOTICE, sptr,"%C :Re %d Rl %d/%d Rp %d Rq %d",
+  sendcmdto_one(&me, CMD_NOTICE, sptr,"%C :Errors %d Lookups %d/%d Replies %d 
Requests %d",
                sptr, reinfo.re_errors, reinfo.re_nu_look,
                reinfo.re_na_look, reinfo.re_replies, reinfo.re_requests);
-  sendcmdto_one(&me, CMD_NOTICE, sptr,"%C :Ru %d Rsh %d Rs %d(%d) Rt %d", sptr,
+  sendcmdto_one(&me, CMD_NOTICE, sptr,"%C :Unknown Reply %d Short TTL(<10m) %d Sent 
%d Resends %d Timeouts %d", sptr,
                reinfo.re_unkrep, reinfo.re_shortttl, reinfo.re_sent,
                reinfo.re_resends, reinfo.re_timeouts);
+  sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :ResolverFileDescriptor = %d", 
+                sptr, ResolverFileDescriptor);
 #endif
   return 0;
 }
Index: ircu2.10/ircd/s_auth.c
diff -u ircu2.10/ircd/s_auth.c:1.25 ircu2.10/ircd/s_auth.c:1.26
--- ircu2.10/ircd/s_auth.c:1.25 Sat Jan 11 04:49:27 2003
+++ ircu2.10/ircd/s_auth.c      Sat May 15 07:01:50 2004
@@ -16,7 +16,7 @@
  *   along with this program; if not, write to the Free Software
  *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  *
- *   $Id: s_auth.c,v 1.25 2003/01/11 12:49:27 bleepster Exp $
+ *   $Id: s_auth.c,v 1.26 2004/05/15 14:01:50 entrope Exp $
  *
  * Changes:
  *   July 6, 1999 - Rewrote most of the code here. When a client connects
@@ -103,8 +103,6 @@
 struct AuthRequest* AuthPollList = 0; /* GLOBAL - auth queries pending io */
 static struct AuthRequest* AuthIncompleteList = 0;
 
-enum { AUTH_TIMEOUT = 60 };
-
 static void release_auth_client(struct Client* client);
 static void unlink_auth_request(struct AuthRequest* request,
                                 struct AuthRequest** list);
@@ -250,7 +248,7 @@
   auth->client  = client;
   cli_auth(client) = auth;
   timer_add(timer_init(&auth->timeout), auth_timeout_callback, (void*) auth,
-           TT_RELATIVE, AUTH_TIMEOUT);
+           TT_RELATIVE, feature_int(FEAT_AUTH_TIMEOUT));
   return auth;
 }
 
----------------------- End of diff -----------------------

[Patches] [CVS] Module ircu2.10: Change committed

Reply via email to