mirror of
https://github.com/osmarks/ngircd.git
synced 2025-01-23 05:46:51 +00:00
New configuration option "MaxConnectionsIP".
This commit is contained in:
parent
20d002e155
commit
2981fe9eb7
@ -12,6 +12,10 @@
|
|||||||
|
|
||||||
ngIRCd CVS-HEAD
|
ngIRCd CVS-HEAD
|
||||||
|
|
||||||
|
- New configuration variable "MaxConnectionsIP" to limit the number of
|
||||||
|
simultaneous connections from a single IP that the server will accept.
|
||||||
|
This configuration options lowers the risk of denial of service attacks
|
||||||
|
(DoS), the default is 5 connections per client IP.
|
||||||
- Fixed build problems under Mac OS X 10.3.
|
- Fixed build problems under Mac OS X 10.3.
|
||||||
- Use "-pipe" when compiling with gcc, speeds things up a little :-)
|
- Use "-pipe" when compiling with gcc, speeds things up a little :-)
|
||||||
- Added new configuration variable "Listen" to bind all listening
|
- Added new configuration variable "Listen" to bind all listening
|
||||||
@ -468,4 +472,4 @@ ngIRCd 0.0.1, 31.12.2001
|
|||||||
|
|
||||||
|
|
||||||
--
|
--
|
||||||
$Id: ChangeLog,v 1.213 2003/11/04 00:41:06 alex Exp $
|
$Id: ChangeLog,v 1.214 2003/11/05 21:41:01 alex Exp $
|
||||||
|
6
NEWS
6
NEWS
@ -12,6 +12,10 @@
|
|||||||
|
|
||||||
ngIRCd CVS-HEAD
|
ngIRCd CVS-HEAD
|
||||||
|
|
||||||
|
- New configuration variable "MaxConnectionsIP" to limit the number of
|
||||||
|
simultaneous connections from a single IP that the server will accept.
|
||||||
|
This configuration options lowers the risk of denial of service attacks
|
||||||
|
(DoS), the default is 5 connections per client IP.
|
||||||
- Added new configuration variable "Listen" to bind all listening
|
- Added new configuration variable "Listen" to bind all listening
|
||||||
sockets of the server to a single IP address.
|
sockets of the server to a single IP address.
|
||||||
|
|
||||||
@ -170,4 +174,4 @@ ngIRCd 0.0.1, 31.12.2001
|
|||||||
|
|
||||||
|
|
||||||
--
|
--
|
||||||
$Id: NEWS,v 1.58 2003/09/11 12:05:28 alex Exp $
|
$Id: NEWS,v 1.59 2003/11/05 21:41:01 alex Exp $
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# $Id: sample-ngircd.conf,v 1.23 2003/09/11 12:05:28 alex Exp $
|
# $Id: sample-ngircd.conf,v 1.24 2003/11/05 21:41:02 alex Exp $
|
||||||
|
|
||||||
#
|
#
|
||||||
# This is a sample configuration file for the ngIRCd, which must adept to
|
# This is a sample configuration file for the ngIRCd, which must adept to
|
||||||
@ -77,6 +77,10 @@
|
|||||||
# to accept (<=0: unlimited):
|
# to accept (<=0: unlimited):
|
||||||
;MaxConnections = -1
|
;MaxConnections = -1
|
||||||
|
|
||||||
|
# Maximum number of simultaneous connections from a single IP address
|
||||||
|
# the server will accept (<=0: unlimited):
|
||||||
|
;MaxConnectionsIP = 5
|
||||||
|
|
||||||
# Maximum number of channels a user can be member of (<=0: no limit):
|
# Maximum number of channels a user can be member of (<=0: no limit):
|
||||||
;MaxJoins = 10
|
;MaxJoins = 10
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" $Id: ngircd.conf.5,v 1.11 2003/09/11 12:05:28 alex Exp $
|
.\" $Id: ngircd.conf.5,v 1.12 2003/11/05 21:41:02 alex Exp $
|
||||||
.\"
|
.\"
|
||||||
.TH ngircd.conf 5 "Mai 2003" ngircd "ngIRCd Manual"
|
.TH ngircd.conf 5 "Mai 2003" ngircd "ngIRCd Manual"
|
||||||
.SH NAME
|
.SH NAME
|
||||||
@ -118,6 +118,11 @@ not(!) channel-operators? Default: no.
|
|||||||
Maximum number of simultaneous connection the server is allowed to accept
|
Maximum number of simultaneous connection the server is allowed to accept
|
||||||
(<=0: unlimited). Default: -1.
|
(<=0: unlimited). Default: -1.
|
||||||
.TP
|
.TP
|
||||||
|
\fBMaxConnectionsIP\fR
|
||||||
|
Maximum number of simultaneous connections from a single IP address that
|
||||||
|
the server will accept (<=0: unlimited). This configuration options lowers
|
||||||
|
the risk of denial of service attacks (DoS). Default: 5.
|
||||||
|
.TP
|
||||||
\fBMaxJoins\fR
|
\fBMaxJoins\fR
|
||||||
Maximum number of channels a user can be member of (<=0: no limit).
|
Maximum number of channels a user can be member of (<=0: no limit).
|
||||||
Default: 10.
|
Default: 10.
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
|
|
||||||
#include "portab.h"
|
#include "portab.h"
|
||||||
|
|
||||||
static char UNUSED id[] = "$Id: conf.c,v 1.60 2003/09/11 12:05:28 alex Exp $";
|
static char UNUSED id[] = "$Id: conf.c,v 1.61 2003/11/05 21:41:02 alex Exp $";
|
||||||
|
|
||||||
#include "imp.h"
|
#include "imp.h"
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
@ -133,6 +133,8 @@ Conf_Test( VOID )
|
|||||||
printf( " OperCanUseMode = %s\n", Conf_OperCanMode == TRUE ? "yes" : "no" );
|
printf( " OperCanUseMode = %s\n", Conf_OperCanMode == TRUE ? "yes" : "no" );
|
||||||
if( Conf_MaxConnections > 0 ) printf( " MaxConnections = %ld\n", Conf_MaxConnections );
|
if( Conf_MaxConnections > 0 ) printf( " MaxConnections = %ld\n", Conf_MaxConnections );
|
||||||
else printf( " MaxConnections = -1\n" );
|
else printf( " MaxConnections = -1\n" );
|
||||||
|
if( Conf_MaxConnectionsIP > 0 ) printf( " MaxConnectionsIP = %d\n", Conf_MaxConnectionsIP );
|
||||||
|
else printf( " MaxConnectionsIP = -1\n" );
|
||||||
if( Conf_MaxJoins > 0 ) printf( " MaxJoins = %d\n", Conf_MaxJoins );
|
if( Conf_MaxJoins > 0 ) printf( " MaxJoins = %d\n", Conf_MaxJoins );
|
||||||
else printf( " MaxJoins = -1\n" );
|
else printf( " MaxJoins = -1\n" );
|
||||||
puts( "" );
|
puts( "" );
|
||||||
@ -356,6 +358,7 @@ Set_Defaults( BOOLEAN InitServers )
|
|||||||
Conf_OperCanMode = FALSE;
|
Conf_OperCanMode = FALSE;
|
||||||
|
|
||||||
Conf_MaxConnections = -1;
|
Conf_MaxConnections = -1;
|
||||||
|
Conf_MaxConnectionsIP = 5;
|
||||||
Conf_MaxJoins = 10;
|
Conf_MaxJoins = 10;
|
||||||
|
|
||||||
/* Initialize server configuration structures */
|
/* Initialize server configuration structures */
|
||||||
@ -691,6 +694,16 @@ Handle_GLOBAL( INT Line, CHAR *Var, CHAR *Arg )
|
|||||||
Conf_MaxConnections = atol( Arg );
|
Conf_MaxConnections = atol( Arg );
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if( strcasecmp( Var, "MaxConnectionsIP" ) == 0 )
|
||||||
|
{
|
||||||
|
/* Maximum number of simoultanous connections from one IP. Values <= 0 are equal to "no limit". */
|
||||||
|
#ifdef HAVE_ISDIGIT
|
||||||
|
if( ! isdigit( *Arg )) Config_Error( LOG_WARNING, "%s, line %d: Value of \"MaxConnectionsIP\" is not a number!", NGIRCd_ConfFile, Line );
|
||||||
|
else
|
||||||
|
#endif
|
||||||
|
Conf_MaxConnectionsIP = atoi( Arg );
|
||||||
|
return;
|
||||||
|
}
|
||||||
if( strcasecmp( Var, "MaxJoins" ) == 0 )
|
if( strcasecmp( Var, "MaxJoins" ) == 0 )
|
||||||
{
|
{
|
||||||
/* Maximum number of channels a user can join. Values <= 0 are equal to "no limit". */
|
/* Maximum number of channels a user can join. Values <= 0 are equal to "no limit". */
|
||||||
@ -707,8 +720,8 @@ Handle_GLOBAL( INT Line, CHAR *Var, CHAR *Arg )
|
|||||||
if( strlcpy( Conf_ListenAddress, Arg, sizeof( Conf_ListenAddress )) >= sizeof( Conf_ListenAddress ))
|
if( strlcpy( Conf_ListenAddress, Arg, sizeof( Conf_ListenAddress )) >= sizeof( Conf_ListenAddress ))
|
||||||
{
|
{
|
||||||
Config_Error( LOG_WARNING, "%s, line %d: Value of \"Listen\" too long!", NGIRCd_ConfFile, Line );
|
Config_Error( LOG_WARNING, "%s, line %d: Value of \"Listen\" too long!", NGIRCd_ConfFile, Line );
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
Config_Error( LOG_ERR, "%s, line %d (section \"Global\"): Unknown variable \"%s\"!", NGIRCd_ConfFile, Line, Var );
|
Config_Error( LOG_ERR, "%s, line %d (section \"Global\"): Unknown variable \"%s\"!", NGIRCd_ConfFile, Line, Var );
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
* (at your option) any later version.
|
* (at your option) any later version.
|
||||||
* Please read the file COPYING, README and AUTHORS for more information.
|
* Please read the file COPYING, README and AUTHORS for more information.
|
||||||
*
|
*
|
||||||
* $Id: conf.h,v 1.27 2003/09/11 12:05:28 alex Exp $
|
* $Id: conf.h,v 1.28 2003/11/05 21:41:02 alex Exp $
|
||||||
*
|
*
|
||||||
* Configuration management (header)
|
* Configuration management (header)
|
||||||
*/
|
*/
|
||||||
@ -110,6 +110,9 @@ GLOBAL LONG Conf_MaxConnections;
|
|||||||
/* Maximum number of channels a user can join */
|
/* Maximum number of channels a user can join */
|
||||||
GLOBAL INT Conf_MaxJoins;
|
GLOBAL INT Conf_MaxJoins;
|
||||||
|
|
||||||
|
/* Maximum number of connections per IP address */
|
||||||
|
GLOBAL INT Conf_MaxConnectionsIP;
|
||||||
|
|
||||||
|
|
||||||
GLOBAL VOID Conf_Init PARAMS((VOID ));
|
GLOBAL VOID Conf_Init PARAMS((VOID ));
|
||||||
GLOBAL VOID Conf_Rehash PARAMS((VOID ));
|
GLOBAL VOID Conf_Rehash PARAMS((VOID ));
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
|
|
||||||
#include "portab.h"
|
#include "portab.h"
|
||||||
|
|
||||||
static char UNUSED id[] = "$Id: conn.c,v 1.125 2003/09/11 12:05:28 alex Exp $";
|
static char UNUSED id[] = "$Id: conn.c,v 1.126 2003/11/05 21:41:02 alex Exp $";
|
||||||
|
|
||||||
#include "imp.h"
|
#include "imp.h"
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
@ -87,6 +87,7 @@ LOCAL BOOLEAN Init_Socket PARAMS(( INT Sock ));
|
|||||||
LOCAL VOID New_Server PARAMS(( INT Server, CONN_ID Idx ));
|
LOCAL VOID New_Server PARAMS(( INT Server, CONN_ID Idx ));
|
||||||
LOCAL VOID Read_Resolver_Result PARAMS(( INT r_fd ));
|
LOCAL VOID Read_Resolver_Result PARAMS(( INT r_fd ));
|
||||||
LOCAL VOID Simple_Message PARAMS(( INT Sock, CHAR *Msg ));
|
LOCAL VOID Simple_Message PARAMS(( INT Sock, CHAR *Msg ));
|
||||||
|
LOCAL INT Count_Connections PARAMS(( struct sockaddr_in addr ));
|
||||||
|
|
||||||
LOCAL fd_set My_Listeners;
|
LOCAL fd_set My_Listeners;
|
||||||
LOCAL fd_set My_Sockets;
|
LOCAL fd_set My_Sockets;
|
||||||
@ -904,7 +905,7 @@ New_Connection( INT Sock )
|
|||||||
CONN_ID idx;
|
CONN_ID idx;
|
||||||
CLIENT *c;
|
CLIENT *c;
|
||||||
POINTER *ptr;
|
POINTER *ptr;
|
||||||
LONG new_size;
|
LONG new_size, cnt;
|
||||||
|
|
||||||
assert( Sock > NONE );
|
assert( Sock > NONE );
|
||||||
|
|
||||||
@ -933,6 +934,17 @@ New_Connection( INT Sock )
|
|||||||
/* Socket initialisieren */
|
/* Socket initialisieren */
|
||||||
Init_Socket( new_sock );
|
Init_Socket( new_sock );
|
||||||
|
|
||||||
|
/* Check IP-based connection limit */
|
||||||
|
cnt = Count_Connections( new_addr );
|
||||||
|
if(( Conf_MaxConnectionsIP > 0 ) && ( cnt >= Conf_MaxConnectionsIP ))
|
||||||
|
{
|
||||||
|
/* Access denied, too many connections from this IP! */
|
||||||
|
Log( LOG_ERR, "Refused connection from %s: too may connections (%ld) from this IP!", inet_ntoa( new_addr.sin_addr ), cnt);
|
||||||
|
Simple_Message( new_sock, "ERROR :Connection refused, too many connections from your IP!" );
|
||||||
|
close( new_sock );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/* Freie Connection-Struktur suchen */
|
/* Freie Connection-Struktur suchen */
|
||||||
for( idx = 0; idx < Pool_Size; idx++ ) if( My_Connections[idx].sock == NONE ) break;
|
for( idx = 0; idx < Pool_Size; idx++ ) if( My_Connections[idx].sock == NONE ) break;
|
||||||
if( idx >= Pool_Size )
|
if( idx >= Pool_Size )
|
||||||
@ -1599,4 +1611,18 @@ Simple_Message( INT Sock, CHAR *Msg )
|
|||||||
} /* Simple_Error */
|
} /* Simple_Error */
|
||||||
|
|
||||||
|
|
||||||
|
LOCAL INT
|
||||||
|
Count_Connections( struct sockaddr_in addr_in )
|
||||||
|
{
|
||||||
|
INT i, cnt;
|
||||||
|
|
||||||
|
cnt = 0;
|
||||||
|
for( i = 0; i < Pool_Size; i++ )
|
||||||
|
{
|
||||||
|
if(( My_Connections[i].sock > NONE ) && ( My_Connections[i].addr.sin_addr.s_addr == addr_in.sin_addr.s_addr )) cnt++;
|
||||||
|
}
|
||||||
|
return cnt;
|
||||||
|
} /* Count_Connections */
|
||||||
|
|
||||||
|
|
||||||
/* -eof- */
|
/* -eof- */
|
||||||
|
Loading…
Reference in New Issue
Block a user