src/modules/m_connectban.cpp

   1 /*
   2  * InspIRCd -- Internet Relay Chat Daemon
   3  *
   4  *   Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
   5  *
   6  * This file is part of InspIRCd.  InspIRCd is free software: you can
   7  * redistribute it and/or modify it under the terms of the GNU General Public
   8  * License as published by the Free Software Foundation, version 2.
   9  *
  10  * This program is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  12  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  13  * details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17  */
  18
  19
  20 #include "inspircd.h"
  21 #include "xline.h"
  22
  23 /* $ModDesc: Throttles the connections of IP ranges who try to connect flood. */
  24
  25 class ModuleConnectBan : public Module
  26 {
  27  private:
  28         clonemap connects;
  29         unsigned int threshold;
  30         unsigned int banduration;
  31         unsigned int ipv4_cidr;
  32         unsigned int ipv6_cidr;
  33  public:
  34         void init()
  35         {
  36                 Implementation eventlist[] = { I_OnSetUserIP, I_OnGarbageCollect, I_OnRehash };
  37                 ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
  38                 OnRehash(NULL);
  39         }
  40
  41         virtual ~ModuleConnectBan()
  42         {
  43         }
  44
  45         virtual Version GetVersion()
  46         {
  47                 return Version("Throttles the connections of IP ranges who try to connect flood.", VF_VENDOR);
  48         }
  49
  50         virtual void OnRehash(User* user)
  51         {
  52                 ConfigTag* tag = ServerInstance->Config->ConfValue("connectban");
  53
  54                 ipv4_cidr = tag->getInt("ipv4cidr", 32);
  55                 if (ipv4_cidr == 0)
  56                         ipv4_cidr = 32;
  57
  58                 ipv6_cidr = tag->getInt("ipv6cidr", 128);
  59                 if (ipv6_cidr == 0)
  60                         ipv6_cidr = 128;
  61
  62                 threshold = tag->getInt("threshold", 10);
  63                 if (threshold == 0)
  64                         threshold = 10;
  65
  66                 banduration = ServerInstance->Duration(tag->getString("duration", "10m"));
  67                 if (banduration == 0)
  68                         banduration = 10*60;
  69         }
  70
  71         virtual void OnSetUserIP(LocalUser* u)
  72         {
  73                 if (u->exempt)
  74                         return;
  75
  76                 int range = 32;
  77                 clonemap::iterator i;
  78
  79                 switch (u->client_sa.sa.sa_family)
  80                 {
  81                         case AF_INET6:
  82                                 range = ipv6_cidr;
  83                         break;
  84                         case AF_INET:
  85                                 range = ipv4_cidr;
  86                         break;
  87                 }
  88
  89                 irc::sockets::cidr_mask mask(u->client_sa, range);
  90                 i = connects.find(mask);
  91
  92                 if (i != connects.end())
  93                 {
  94                         i->second++;
  95
  96                         if (i->second >= threshold)
  97                         {
  98                                 // Create zline for set duration.
  99                                 ZLine* zl = new ZLine(ServerInstance->Time(), banduration, ServerInstance->Config->ServerName, "Your IP range has been attempting to connect too many times in too short a duration. Wait a while, and you will be able to connect.", mask.str());
 100                                 if (!ServerInstance->XLines->AddLine(zl, NULL))
 101                                 {
 102                                         delete zl;
 103                                         return;
 104                                 }
 105                                 ServerInstance->XLines->ApplyLines();
 106                                 std::string maskstr = mask.str();
 107                                 std::string timestr = ServerInstance->TimeString(zl->expiry);
 108                                 ServerInstance->SNO->WriteGlobalSno('x',"Module m_connectban added Z:line on *@%s to expire on %s: Connect flooding",
 109                                         maskstr.c_str(), timestr.c_str());
 110                                 ServerInstance->SNO->WriteGlobalSno('a', "Connect flooding from IP range %s (%d)", maskstr.c_str(), threshold);
 111                                 connects.erase(i);
 112                         }
 113                 }
 114                 else
 115                 {
 116                         connects[mask] = 1;
 117                 }
 118         }
 119
 120         virtual void OnGarbageCollect()
 121         {
 122                 ServerInstance->Logs->Log("m_connectban",DEBUG, "Clearing map.");
 123                 connects.clear();
 124         }
 125 };
 126
 127 MODULE_INIT(ModuleConnectBan)