Forward port of server link DDoS/oper flood fix

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@4045 e03df62e-2008-0410-955e-edbf42e46eb7
author: special <special@e03df62e-2008-0410-955e-edbf42e46eb7> 2006-06-22 13:32:52 +0000
committer: special <special@e03df62e-2008-0410-955e-edbf42e46eb7> 2006-06-22 13:32:52 +0000
commit: 2054f42afc803494b08cbb7b645a4bbfe4ed330a (patch)
tree: ddce53a0dc5a3016ad439b9b668e14e40078d354 /src/modules/m_spanningtree.cpp
parent: c1958b1235538eaea2d2e165253a912e0561e1dd (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/src/modules/m_spanningtree.cpp b/src/modules/m_spanningtree.cpp
index f5f0861ff..18f92c025 100644
--- a/src/modules/m_spanningtree.cpp
+++ b/src/modules/m_spanningtree.cpp
@@ -2700,6 +2700,26 @@ class TreeSocket : public InspSocket
 
 	virtual int OnIncomingConnection(int newsock, char* ip)
 	{
+		/* To prevent anyone from attempting to flood opers/DDoS by connecting to the server port,
+		 * or discovering if this port is the server port, we don't allow connections from any
+		 * IPs for which we don't have a link block.
+		 */
+		bool found = false;
+		vector<Link>::iterator i;
+		for (i = LinkBlocks.begin(); i != LinkBlocks.end(); i++)
+		{
+			if (i->IPAddr == ip)
+			{
+				found = true;
+				break;
+			}
+		}
+		if (!found)
+		{
+			WriteOpers("Server connection from %s denied (no link blocks with that IP address)", ip);
+			close(newsock);
+			return false;
+		}
 		TreeSocket* s = new TreeSocket(newsock, ip);
 		Srv->AddSocket(s);
 		return true;
author	special <special@e03df62e-2008-0410-955e-edbf42e46eb7>	2006-06-22 13:32:52 +0000
committer	special <special@e03df62e-2008-0410-955e-edbf42e46eb7>	2006-06-22 13:32:52 +0000
commit	2054f42afc803494b08cbb7b645a4bbfe4ed330a (patch)
tree	ddce53a0dc5a3016ad439b9b668e14e40078d354 /src/modules/m_spanningtree.cpp
parent	c1958b1235538eaea2d2e165253a912e0561e1dd (diff)