1
0
mirror of https://github.com/osmarks/ngircd.git synced 2025-01-23 05:46:51 +00:00

Implement new configuration option "MaxPenaltyTime" (#251)

This option configures the maximum penalty time increase in seconds, per
penalty event. Set to -1 for no limit (the default), 0 to disable
penalties altogether. ngIRCd doesn't use penalty increases higher than 2
seconds during normal operation, so values higher than 1 rarely make
sense.

Disabling (or reducing) penalties can greatly speed up "make check" runs
for example, see below, but are mostly a debugging feature and normally
not meant to be used on production systems!

Some example timings running "make check" from my macOS workstation:

- MaxPenaltyTime not set: 4:41,79s
- "MaxPenaltyTime = 1":   3:14,71s
- "MaxPenaltyTime = 0":     25,46s

Closes #249.
This commit is contained in:
Alexander Barton 2018-11-28 14:13:09 +01:00 committed by GitHub
parent 7690716e4f
commit 456eea6f18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 39 additions and 0 deletions

View File

@ -117,6 +117,12 @@
# maximum nickname length! # maximum nickname length!
;MaxNickLength = 9 ;MaxNickLength = 9
# Maximum penalty time increase in seconds, per penalty event. Set to -1
# for no limit (the default), 0 to disable penalties altogether. The
# daemon doesn't use penalty increases higher than 2 seconds during
# normal operation, so values greater than 1 rarely make sense.
;MaxPenaltyTime = -1
# Maximum number of channels returned in response to a /list # Maximum number of channels returned in response to a /list
# command (0: unlimited): # command (0: unlimited):
;MaxListSize = 100 ;MaxListSize = 100

View File

@ -201,6 +201,12 @@ Maximum length of an user nickname (Default: 9, as in RFC 2812). Please
note that all servers in an IRC network MUST use the same maximum nickname note that all servers in an IRC network MUST use the same maximum nickname
length! length!
.TP .TP
\fBMaxPenaltyTime\fR (number)
Maximum penalty time increase in seconds, per penalty event. Set to -1 for no
limit (the default), 0 to disable penalties altogether. ngIRCd doesn't use
penalty increases higher than 2 seconds during normal operation, so values
greater than 1 rarely make sense.
.TP
\fBMaxListSize\fR (number) \fBMaxListSize\fR (number)
Maximum number of channels returned in response to a LIST command. Default: 100. Maximum number of channels returned in response to a LIST command. Default: 100.
.TP .TP

View File

@ -388,6 +388,7 @@ Conf_Test( void )
printf(" MaxConnectionsIP = %d\n", Conf_MaxConnectionsIP); printf(" MaxConnectionsIP = %d\n", Conf_MaxConnectionsIP);
printf(" MaxJoins = %d\n", Conf_MaxJoins > 0 ? Conf_MaxJoins : -1); printf(" MaxJoins = %d\n", Conf_MaxJoins > 0 ? Conf_MaxJoins : -1);
printf(" MaxNickLength = %u\n", Conf_MaxNickLength - 1); printf(" MaxNickLength = %u\n", Conf_MaxNickLength - 1);
printf(" MaxPenaltyTime = %ld\n", Conf_MaxPenaltyTime);
printf(" MaxListSize = %d\n", Conf_MaxListSize); printf(" MaxListSize = %d\n", Conf_MaxListSize);
printf(" PingTimeout = %d\n", Conf_PingTimeout); printf(" PingTimeout = %d\n", Conf_PingTimeout);
printf(" PongTimeout = %d\n", Conf_PongTimeout); printf(" PongTimeout = %d\n", Conf_PongTimeout);
@ -765,6 +766,7 @@ Set_Defaults(bool InitServers)
Conf_MaxConnectionsIP = 5; Conf_MaxConnectionsIP = 5;
Conf_MaxJoins = 10; Conf_MaxJoins = 10;
Conf_MaxNickLength = CLIENT_NICK_LEN_DEFAULT; Conf_MaxNickLength = CLIENT_NICK_LEN_DEFAULT;
Conf_MaxPenaltyTime = -1;
Conf_MaxListSize = 100; Conf_MaxListSize = 100;
Conf_PingTimeout = 120; Conf_PingTimeout = 120;
Conf_PongTimeout = 20; Conf_PongTimeout = 20;
@ -1641,6 +1643,12 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg)
Config_Error_NaN(File, Line, Var); Config_Error_NaN(File, Line, Var);
return; return;
} }
if (strcasecmp(Var, "MaxPenaltyTime") == 0) {
Conf_MaxPenaltyTime = atol(Arg);
if (Conf_MaxPenaltyTime < -1)
Conf_MaxPenaltyTime = -1; /* "unlimited" */
return;
}
if (strcasecmp(Var, "PingTimeout") == 0) { if (strcasecmp(Var, "PingTimeout") == 0) {
Conf_PingTimeout = atoi(Arg); Conf_PingTimeout = atoi(Arg);
if (Conf_PingTimeout < 5) { if (Conf_PingTimeout < 5) {
@ -2281,6 +2289,11 @@ Validate_Config(bool Configtest, bool Rehash)
"This server uses PAM, \"Password\" in [Global] section will be ignored!"); "This server uses PAM, \"Password\" in [Global] section will be ignored!");
#endif #endif
if (Conf_MaxPenaltyTime != -1)
Config_Error(LOG_WARNING,
"Maximum penalty increase ('MaxPenaltyTime') is set to %ld, this is not recommended!",
Conf_MaxPenaltyTime);
#ifdef DEBUG #ifdef DEBUG
servers = servers_once = 0; servers = servers_once = 0;
for (i = 0; i < MAX_SERVERS; i++) { for (i = 0; i < MAX_SERVERS; i++) {

View File

@ -239,6 +239,9 @@ GLOBAL unsigned int Conf_MaxNickLength;
/** Maximum number of channels returned to /list */ /** Maximum number of channels returned to /list */
GLOBAL int Conf_MaxListSize; GLOBAL int Conf_MaxListSize;
/** Maximium seconds to add per "penalty". -1 = unlimited. */
GLOBAL time_t Conf_MaxPenaltyTime;
#ifndef STRICT_RFC #ifndef STRICT_RFC
/** Require "AUTH PING-PONG" on login */ /** Require "AUTH PING-PONG" on login */

View File

@ -26,6 +26,7 @@
#endif #endif
#include "conn.h" #include "conn.h"
#include "conf.h"
#include "conn-func.h" #include "conn-func.h"
/** /**
@ -97,6 +98,14 @@ Conn_SetPenalty(CONN_ID Idx, time_t Seconds)
assert(Idx > NONE); assert(Idx > NONE);
assert(Seconds >= 0); assert(Seconds >= 0);
/* Limit new penalty to maximum configured, when less than 10 seconds. *
The latter is used to limit brute force attacks, therefore we don't *
want to limit that! */
if (Conf_MaxPenaltyTime >= 0
&& Seconds > Conf_MaxPenaltyTime
&& Seconds < 10)
Seconds = Conf_MaxPenaltyTime;
t = time(NULL); t = time(NULL);
if (My_Connections[Idx].delaytime < t) if (My_Connections[Idx].delaytime < t)
My_Connections[Idx].delaytime = t; My_Connections[Idx].delaytime = t;

View File

@ -12,6 +12,7 @@
[Limits] [Limits]
MaxConnectionsIP = 0 MaxConnectionsIP = 0
MaxJoins = 4 MaxJoins = 4
MaxPenaltyTime = 1
[Options] [Options]
OperCanUseMode = yes OperCanUseMode = yes

View File

@ -12,6 +12,7 @@
[Limits] [Limits]
MaxConnectionsIP = 0 MaxConnectionsIP = 0
MaxJoins = 4 MaxJoins = 4
MaxPenaltyTime = 1
[Options] [Options]
OperCanUseMode = yes OperCanUseMode = yes