src/modules/m_connectban.cpp

   1 /*
   2  * InspIRCd -- Internet Relay Chat Daemon
   3  *
   4  *   Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
   5  *
   6  * This file is part of InspIRCd.  InspIRCd is free software: you can
   7  * redistribute it and/or modify it under the terms of the GNU General Public
   8  * License as published by the Free Software Foundation, version 2.
   9  *
  10  * This program is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  12  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  13  * details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17  */
  18
  19
  20 #include "inspircd.h"
  21 #include "xline.h"
  22
  23 /* $ModDesc: Throttles the connections of IP ranges who try to connect flood. */
  24
  25 class ModuleConnectBan : public Module
  26 {
  27  private:
  28         clonemap connects;
  29         unsigned int threshold;
  30         unsigned int banduration;
  31         unsigned int ipv4_cidr;
  32         unsigned int ipv6_cidr;
  33  public:
  34         void init()
  35         {
  36                 Implementation eventlist[] = { I_OnUserConnect, I_OnGarbageCollect, I_OnRehash };
  37                 ServerInstance->Modules->Attach(eventlist, this, 3);
  38                 OnRehash(NULL);
  39         }
  40
  41         virtual ~ModuleConnectBan()
  42         {
  43         }
  44
  45         virtual Version GetVersion()
  46         {
  47                 return Version("Throttles the connections of IP ranges who try to connect flood.", VF_VENDOR);
  48         }
  49
  50         virtual void OnRehash(User* user)
  51         {
  52                 ConfigTag* tag = ServerInstance->Config->ConfValue("connectban");
  53
  54                 ipv4_cidr = tag->getInt("ipv4cidr", 32);
  55                 if (ipv4_cidr == 0)
  56                         ipv4_cidr = 32;
  57
  58                 ipv6_cidr = tag->getInt("ipv6cidr", 128);
  59                 if (ipv6_cidr == 0)
  60                         ipv6_cidr = 128;
  61
  62                 threshold = tag->getInt("threshold", 10);
  63                 if (threshold == 0)
  64                         threshold = 10;
  65
  66                 banduration = ServerInstance->Duration(tag->getString("duration", "10m"));
  67                 if (banduration == 0)
  68                         banduration = 10*60;
  69         }
  70
  71         virtual void OnUserConnect(LocalUser *u)
  72         {
  73                 int range = 32;
  74                 clonemap::iterator i;
  75
  76                 switch (u->client_sa.sa.sa_family)
  77                 {
  78                         case AF_INET6:
  79                                 range = ipv6_cidr;
  80                         break;
  81                         case AF_INET:
  82                                 range = ipv4_cidr;
  83                         break;
  84                 }
  85
  86                 irc::sockets::cidr_mask mask(u->client_sa, range);
  87                 i = connects.find(mask);
  88
  89                 if (i != connects.end())
  90                 {
  91                         i->second++;
  92
  93                         if (i->second >= threshold)
  94                         {
  95                                 // Create zline for set duration.
  96                                 ZLine* zl = new ZLine(ServerInstance->Time(), banduration, ServerInstance->Config->ServerName, "Your IP range has been attempting to connect too many times in too short a duration. Wait a while, and you will be able to connect.", mask.str());
  97                                 if (ServerInstance->XLines->AddLine(zl,NULL))
  98                                         ServerInstance->XLines->ApplyLines();
  99                                 else
 100                                         delete zl;
 101
 102                                 std::string maskstr = mask.str();
 103                                 std::string timestr = ServerInstance->TimeString(zl->expiry);
 104                                 ServerInstance->SNO->WriteGlobalSno('x',"Module m_connectban added Z:line on *@%s to expire on %s: Connect flooding",
 105                                         maskstr.c_str(), timestr.c_str());
 106                                 ServerInstance->SNO->WriteGlobalSno('a', "Connect flooding from IP range %s (%d)", maskstr.c_str(), threshold);
 107                                 connects.erase(i);
 108                         }
 109                 }
 110                 else
 111                 {
 112                         connects[mask] = 1;
 113                 }
 114         }
 115
 116         virtual void OnGarbageCollect()
 117         {
 118                 ServerInstance->Logs->Log("m_connectban",DEBUG, "Clearing map.");
 119                 connects.clear();
 120         }
 121 };
 122
 123 MODULE_INIT(ModuleConnectBan)