src/modules/m_connflood.cpp

   1 /*
   2  * InspIRCd -- Internet Relay Chat Daemon
   3  *
   4  *   Copyright (C) 2013, 2018-2021 Sadie Powell <sadie@witchery.services>
   5  *   Copyright (C) 2012-2013 Attila Molnar <attilamolnar@hush.com>
   6  *   Copyright (C) 2012 Robby <robby@chatbelgie.be>
   7  *   Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org>
   8  *   Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
   9  *   Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
  10  *   Copyright (C) 2006-2007, 2010 Craig Edwards <brain@inspircd.org>
  11  *
  12  * This file is part of InspIRCd.  InspIRCd is free software: you can
  13  * redistribute it and/or modify it under the terms of the GNU General Public
  14  * License as published by the Free Software Foundation, version 2.
  15  *
  16  * This program is distributed in the hope that it will be useful, but WITHOUT
  17  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
  18  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
  19  * details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  23  */
  24
  25
  26 #include "inspircd.h"
  27
  28 class ModuleConnFlood : public Module
  29 {
  30  private:
  31         unsigned int seconds;
  32         unsigned int timeout;
  33         unsigned int boot_wait;
  34         unsigned int conns;
  35         unsigned int maxconns;
  36         bool throttled;
  37         time_t first;
  38         std::string quitmsg;
  39
  40         static bool IsExempt(LocalUser* user)
  41         {
  42                 // E-lined and already banned users shouldn't be hit.
  43                 if (user->exempt || user->quitting)
  44                         return true;
  45
  46                 // Users in an exempt class shouldn't be hit.
  47                 return user->GetClass() && !user->GetClass()->config->getBool("useconnflood", true);
  48         }
  49
  50 public:
  51         ModuleConnFlood()
  52                 : conns(0), throttled(false)
  53         {
  54         }
  55
  56         Version GetVersion() CXX11_OVERRIDE
  57         {
  58                 return Version("Throttles excessive connections to the server.", VF_VENDOR);
  59         }
  60
  61         void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
  62         {
  63                 /* read configuration variables */
  64                 ConfigTag* tag = ServerInstance->Config->ConfValue("connflood");
  65                 /* throttle configuration */
  66                 seconds = tag->getDuration("period", tag->getDuration("seconds", 30));
  67                 maxconns = tag->getUInt("maxconns", 3);
  68                 timeout = tag->getDuration("timeout", 30);
  69                 quitmsg = tag->getString("quitmsg");
  70
  71                 /* seconds to wait when the server just booted */
  72                 boot_wait = tag->getDuration("bootwait", 60*2);
  73
  74                 first = ServerInstance->Time();
  75         }
  76
  77         ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE
  78         {
  79                 if (IsExempt(user))
  80                         return MOD_RES_PASSTHRU;
  81
  82                 time_t next = ServerInstance->Time();
  83
  84                 if ((ServerInstance->startup_time + boot_wait) > next)
  85                         return MOD_RES_PASSTHRU;
  86
  87                 /* time difference between first and latest connection */
  88                 time_t tdiff = next - first;
  89
  90                 /* increase connection count */
  91                 conns++;
  92
  93                 if (throttled)
  94                 {
  95                         if (tdiff > seconds + timeout)
  96                         {
  97                                 /* expire throttle */
  98                                 throttled = false;
  99                                 ServerInstance->SNO->WriteGlobalSno('a', "Connection throttle deactivated");
 100                                 return MOD_RES_PASSTHRU;
 101                         }
 102
 103                         ServerInstance->Users->QuitUser(user, quitmsg);
 104                         return MOD_RES_DENY;
 105                 }
 106
 107                 if (tdiff <= seconds)
 108                 {
 109                         if (conns >= maxconns)
 110                         {
 111                                 throttled = true;
 112                                 ServerInstance->SNO->WriteGlobalSno('a', "Connection throttle activated");
 113                                 ServerInstance->Users->QuitUser(user, quitmsg);
 114                                 return MOD_RES_DENY;
 115                         }
 116                 }
 117                 else
 118                 {
 119                         conns = 1;
 120                         first = next;
 121                 }
 122                 return MOD_RES_PASSTHRU;
 123         }
 124 };
 125
 126 MODULE_INIT(ModuleConnFlood)