]> git.netwichtig.de Git - user/henk/code/inspircd.git/blob - src/modules/m_connectban.cpp
projects / user / henk / code / inspircd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Replace copyright headers with headers granting specific authors copyright
[user/henk/code/inspircd.git] / src / modules / m_connectban.cpp
1 /*
2  * InspIRCd -- Internet Relay Chat Daemon
3  *
4  *   Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
5  *
6  * This file is part of InspIRCd.  InspIRCd is free software: you can
7  * redistribute it and/or modify it under the terms of the GNU General Public
8  * License as published by the Free Software Foundation, version 2.
9  *
10  * This program is distributed in the hope that it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
12  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
13  * details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
17  */
18
19
20 #include "inspircd.h"
21 #include "xline.h"
22
23 /* $ModDesc: Throttles the connections of any users who try connect flood */
24
25 class ModuleConnectBan : public Module
26 {
27  private:
28         clonemap connects;
29         unsigned int threshold;
30         unsigned int banduration;
31         unsigned int ipv4_cidr;
32         unsigned int ipv6_cidr;
33  public:
34         ModuleConnectBan()      {
35                 Implementation eventlist[] = { I_OnUserConnect, I_OnGarbageCollect, I_OnRehash };
36                 ServerInstance->Modules->Attach(eventlist, this, 3);
37                 OnRehash(NULL);
38         }
39
40         virtual ~ModuleConnectBan()
41         {
42         }
43
44         virtual Version GetVersion()
45         {
46                 return Version("Throttles the connections of any users who try connect flood", VF_VENDOR);
47         }
48
49         virtual void OnRehash(User* user)
50         {
51                 ConfigReader Conf;
52                 std::string duration;
53
54                 ipv4_cidr = Conf.ReadInteger("connectban", "ipv4cidr", 0, true);
55                 if (ipv4_cidr == 0)
56                         ipv4_cidr = 32;
57
58                 ipv6_cidr = Conf.ReadInteger("connectban", "ipv6cidr", 0, true);
59                 if (ipv6_cidr == 0)
60                         ipv6_cidr = 128;
61
62                 threshold = Conf.ReadInteger("connectban", "threshold", 0, true);
63
64                 if (threshold == 0)
65                         threshold = 10;
66
67                 duration = Conf.ReadValue("connectban", "duration", 0, true);
68
69                 if (duration.empty())
70                         duration = "10m";
71
72                 banduration = ServerInstance->Duration(duration);
73         }
74
75         virtual void OnUserConnect(LocalUser *u)
76         {
77                 int range = 32;
78                 clonemap::iterator i;
79
80                 switch (u->client_sa.sa.sa_family)
81                 {
82                         case AF_INET6:
83                                 range = ipv6_cidr;
84                         break;
85                         case AF_INET:
86                                 range = ipv4_cidr;
87                         break;
88                 }
89
90                 irc::sockets::cidr_mask mask(u->client_sa, range);
91                 i = connects.find(mask);
92
93                 if (i != connects.end())
94                 {
95                         i->second++;
96
97                         if (i->second >= threshold)
98                         {
99                                 // Create zline for set duration.
100                                 ZLine* zl = new ZLine(ServerInstance->Time(), banduration, ServerInstance->Config->ServerName, "Your IP range has been attempting to connect too many times in too short a duration. Wait a while, and you will be able to connect.", mask.str());
101                                 if (ServerInstance->XLines->AddLine(zl,NULL))
102                                         ServerInstance->XLines->ApplyLines();
103                                 else
104                                         delete zl;
105
106                                 ServerInstance->SNO->WriteGlobalSno('x',"Module m_connectban added Z:line on *@%s to expire on %s: Connect flooding", 
107                                         mask.str().c_str(), ServerInstance->TimeString(zl->expiry).c_str());
108                                 ServerInstance->SNO->WriteGlobalSno('a', "Connect flooding from IP range %s (%d)", mask.str().c_str(), threshold);
109                                 connects.erase(i);
110                         }
111                 }
112                 else
113                 {
114                         connects[mask] = 1;
115                 }
116         }
117
118         virtual void OnGarbageCollect()
119         {
120                 ServerInstance->Logs->Log("m_connectban",DEBUG, "Clearing map.");
121                 connects.clear();
122         }
123 };
124
125 MODULE_INIT(ModuleConnectBan)