src/modules/m_connectban.cpp

   1 /*
   2  * InspIRCd -- Internet Relay Chat Daemon
   3  *
   4  *   Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
   5  *
   6  * This file is part of InspIRCd.  InspIRCd is free software: you can
   7  * redistribute it and/or modify it under the terms of the GNU General Public
   8  * License as published by the Free Software Foundation, version 2.
   9  *
  10  * This program is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  12  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  13  * details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17  */
  18
  19
  20 #include "inspircd.h"
  21 #include "xline.h"
  22
  23 /* $ModDesc: Throttles the connections of IP ranges who try to connect flood. */
  24
  25 class ModuleConnectBan : public Module
  26 {
  27         clonemap connects;
  28         unsigned int threshold;
  29         unsigned int banduration;
  30         unsigned int ipv4_cidr;
  31         unsigned int ipv6_cidr;
  32
  33  public:
  34         void init() CXX11_OVERRIDE
  35         {
  36                 Implementation eventlist[] = { I_OnSetUserIP, I_OnGarbageCollect, I_OnRehash };
  37                 ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
  38                 OnRehash(NULL);
  39         }
  40
  41         Version GetVersion() CXX11_OVERRIDE
  42         {
  43                 return Version("Throttles the connections of IP ranges who try to connect flood.", VF_VENDOR);
  44         }
  45
  46         void OnRehash(User* user) CXX11_OVERRIDE
  47         {
  48                 ConfigTag* tag = ServerInstance->Config->ConfValue("connectban");
  49
  50                 ipv4_cidr = tag->getInt("ipv4cidr", 32);
  51                 if (ipv4_cidr == 0)
  52                         ipv4_cidr = 32;
  53
  54                 ipv6_cidr = tag->getInt("ipv6cidr", 128);
  55                 if (ipv6_cidr == 0)
  56                         ipv6_cidr = 128;
  57
  58                 threshold = tag->getInt("threshold", 10);
  59                 if (threshold == 0)
  60                         threshold = 10;
  61
  62                 banduration = InspIRCd::Duration(tag->getString("duration", "10m"));
  63                 if (banduration == 0)
  64                         banduration = 10*60;
  65         }
  66
  67         void OnSetUserIP(LocalUser* u) CXX11_OVERRIDE
  68         {
  69                 if (u->exempt)
  70                         return;
  71
  72                 int range = 32;
  73                 clonemap::iterator i;
  74
  75                 switch (u->client_sa.sa.sa_family)
  76                 {
  77                         case AF_INET6:
  78                                 range = ipv6_cidr;
  79                         break;
  80                         case AF_INET:
  81                                 range = ipv4_cidr;
  82                         break;
  83                 }
  84
  85                 irc::sockets::cidr_mask mask(u->client_sa, range);
  86                 i = connects.find(mask);
  87
  88                 if (i != connects.end())
  89                 {
  90                         i->second++;
  91
  92                         if (i->second >= threshold)
  93                         {
  94                                 // Create zline for set duration.
  95                                 ZLine* zl = new ZLine(ServerInstance->Time(), banduration, ServerInstance->Config->ServerName, "Your IP range has been attempting to connect too many times in too short a duration. Wait a while, and you will be able to connect.", mask.str());
  96                                 if (ServerInstance->XLines->AddLine(zl,NULL))
  97                                         ServerInstance->XLines->ApplyLines();
  98                                 else
  99                                         delete zl;
 100
 101                                 std::string maskstr = mask.str();
 102                                 std::string timestr = ServerInstance->TimeString(zl->expiry);
 103                                 ServerInstance->SNO->WriteGlobalSno('x',"Module m_connectban added Z:line on *@%s to expire on %s: Connect flooding",
 104                                         maskstr.c_str(), timestr.c_str());
 105                                 ServerInstance->SNO->WriteGlobalSno('a', "Connect flooding from IP range %s (%d)", maskstr.c_str(), threshold);
 106                                 connects.erase(i);
 107                         }
 108                 }
 109                 else
 110                 {
 111                         connects[mask] = 1;
 112                 }
 113         }
 114
 115         void OnGarbageCollect()
 116         {
 117                 ServerInstance->Logs->Log("m_connectban",LOG_DEBUG, "Clearing map.");
 118                 connects.clear();
 119         }
 120 };
 121
 122 MODULE_INIT(ModuleConnectBan)