src/modules/m_connectban.cpp

   1 /*
   2  * InspIRCd -- Internet Relay Chat Daemon
   3  *
   4  *   Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
   5  *
   6  * This file is part of InspIRCd.  InspIRCd is free software: you can
   7  * redistribute it and/or modify it under the terms of the GNU General Public
   8  * License as published by the Free Software Foundation, version 2.
   9  *
  10  * This program is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  12  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  13  * details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17  */
  18
  19
  20 #include "inspircd.h"
  21 #include "xline.h"
  22
  23 class ModuleConnectBan : public Module
  24 {
  25         clonemap connects;
  26         unsigned int threshold;
  27         unsigned int banduration;
  28         unsigned int ipv4_cidr;
  29         unsigned int ipv6_cidr;
  30
  31  public:
  32         void init() CXX11_OVERRIDE
  33         {
  34                 OnRehash(NULL);
  35         }
  36
  37         Version GetVersion() CXX11_OVERRIDE
  38         {
  39                 return Version("Throttles the connections of IP ranges who try to connect flood.", VF_VENDOR);
  40         }
  41
  42         void OnRehash(User* user) CXX11_OVERRIDE
  43         {
  44                 ConfigTag* tag = ServerInstance->Config->ConfValue("connectban");
  45
  46                 ipv4_cidr = tag->getInt("ipv4cidr", 32, 1, 32);
  47                 ipv6_cidr = tag->getInt("ipv6cidr", 128, 1, 128);
  48                 threshold = tag->getInt("threshold", 10, 1);
  49                 banduration = InspIRCd::Duration(tag->getString("duration", "10m"));
  50                 if (banduration == 0)
  51                         banduration = 10*60;
  52         }
  53
  54         void OnSetUserIP(LocalUser* u) CXX11_OVERRIDE
  55         {
  56                 if (u->exempt)
  57                         return;
  58
  59                 int range = 32;
  60                 clonemap::iterator i;
  61
  62                 switch (u->client_sa.sa.sa_family)
  63                 {
  64                         case AF_INET6:
  65                                 range = ipv6_cidr;
  66                         break;
  67                         case AF_INET:
  68                                 range = ipv4_cidr;
  69                         break;
  70                 }
  71
  72                 irc::sockets::cidr_mask mask(u->client_sa, range);
  73                 i = connects.find(mask);
  74
  75                 if (i != connects.end())
  76                 {
  77                         i->second++;
  78
  79                         if (i->second >= threshold)
  80                         {
  81                                 // Create zline for set duration.
  82                                 ZLine* zl = new ZLine(ServerInstance->Time(), banduration, ServerInstance->Config->ServerName, "Your IP range has been attempting to connect too many times in too short a duration. Wait a while, and you will be able to connect.", mask.str());
  83                                 if (!ServerInstance->XLines->AddLine(zl, NULL))
  84                                 {
  85                                         delete zl;
  86                                         return;
  87                                 }
  88                                 ServerInstance->XLines->ApplyLines();
  89                                 std::string maskstr = mask.str();
  90                                 std::string timestr = ServerInstance->TimeString(zl->expiry);
  91                                 ServerInstance->SNO->WriteGlobalSno('x',"Module m_connectban added Z:line on *@%s to expire on %s: Connect flooding",
  92                                         maskstr.c_str(), timestr.c_str());
  93                                 ServerInstance->SNO->WriteGlobalSno('a', "Connect flooding from IP range %s (%d)", maskstr.c_str(), threshold);
  94                                 connects.erase(i);
  95                         }
  96                 }
  97                 else
  98                 {
  99                         connects[mask] = 1;
 100                 }
 101         }
 102
 103         void OnGarbageCollect()
 104         {
 105                 ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "Clearing map.");
 106                 connects.clear();
 107         }
 108 };
 109
 110 MODULE_INIT(ModuleConnectBan)