src/modules/m_connectban.cpp

   1 /*
   2  * InspIRCd -- Internet Relay Chat Daemon
   3  *
   4  *   Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
   5  *
   6  * This file is part of InspIRCd.  InspIRCd is free software: you can
   7  * redistribute it and/or modify it under the terms of the GNU General Public
   8  * License as published by the Free Software Foundation, version 2.
   9  *
  10  * This program is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  12  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  13  * details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17  */
  18
  19
  20 #include "inspircd.h"
  21 #include "xline.h"
  22
  23 class ModuleConnectBan : public Module
  24 {
  25         typedef std::map<irc::sockets::cidr_mask, unsigned int> ConnectMap;
  26         ConnectMap connects;
  27         unsigned int threshold;
  28         unsigned int banduration;
  29         unsigned int ipv4_cidr;
  30         unsigned int ipv6_cidr;
  31         std::string banmessage;
  32
  33  public:
  34         Version GetVersion() CXX11_OVERRIDE
  35         {
  36                 return Version("Throttles the connections of IP ranges who try to connect flood.", VF_VENDOR);
  37         }
  38
  39         void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
  40         {
  41                 ConfigTag* tag = ServerInstance->Config->ConfValue("connectban");
  42
  43                 ipv4_cidr = tag->getUInt("ipv4cidr", 32, 1, 32);
  44                 ipv6_cidr = tag->getUInt("ipv6cidr", 128, 1, 128);
  45                 threshold = tag->getUInt("threshold", 10, 1);
  46                 banduration = tag->getDuration("duration", 10*60, 1);
  47                 banmessage = tag->getString("banmessage", "Your IP range has been attempting to connect too many times in too short a duration. Wait a while, and you will be able to connect.");
  48         }
  49
  50         void OnSetUserIP(LocalUser* u) CXX11_OVERRIDE
  51         {
  52                 if (u->exempt)
  53                         return;
  54
  55                 unsigned char range = 32;
  56
  57                 switch (u->client_sa.family())
  58                 {
  59                         case AF_INET6:
  60                                 range = ipv6_cidr;
  61                         break;
  62                         case AF_INET:
  63                                 range = ipv4_cidr;
  64                         break;
  65                 }
  66
  67                 irc::sockets::cidr_mask mask(u->client_sa, range);
  68                 ConnectMap::iterator i = connects.find(mask);
  69
  70                 if (i != connects.end())
  71                 {
  72                         i->second++;
  73
  74                         if (i->second >= threshold)
  75                         {
  76                                 // Create zline for set duration.
  77                                 ZLine* zl = new ZLine(ServerInstance->Time(), banduration, ServerInstance->Config->ServerName, banmessage, mask.str());
  78                                 if (!ServerInstance->XLines->AddLine(zl, NULL))
  79                                 {
  80                                         delete zl;
  81                                         return;
  82                                 }
  83                                 ServerInstance->XLines->ApplyLines();
  84                                 std::string maskstr = mask.str();
  85                                 std::string timestr = InspIRCd::TimeString(zl->expiry);
  86                                 ServerInstance->SNO->WriteGlobalSno('x',"Module m_connectban added Z:line on *@%s to expire on %s: Connect flooding",
  87                                         maskstr.c_str(), timestr.c_str());
  88                                 ServerInstance->SNO->WriteGlobalSno('a', "Connect flooding from IP range %s (%d)", maskstr.c_str(), threshold);
  89                                 connects.erase(i);
  90                         }
  91                 }
  92                 else
  93                 {
  94                         connects[mask] = 1;
  95                 }
  96         }
  97
  98         void OnGarbageCollect() CXX11_OVERRIDE
  99         {
 100                 ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Clearing map.");
 101                 connects.clear();
 102         }
 103 };
 104
 105 MODULE_INIT(ModuleConnectBan)