mirror of
https://github.com/osmarks/ngircd.git
synced 2025-01-21 21:06:52 +00:00
Implement new configuration option "MaxPenaltyTime" (#251)
This option configures the maximum penalty time increase in seconds, per penalty event. Set to -1 for no limit (the default), 0 to disable penalties altogether. ngIRCd doesn't use penalty increases higher than 2 seconds during normal operation, so values higher than 1 rarely make sense. Disabling (or reducing) penalties can greatly speed up "make check" runs for example, see below, but are mostly a debugging feature and normally not meant to be used on production systems! Some example timings running "make check" from my macOS workstation: - MaxPenaltyTime not set: 4:41,79s - "MaxPenaltyTime = 1": 3:14,71s - "MaxPenaltyTime = 0": 25,46s Closes #249.
This commit is contained in:
parent
7690716e4f
commit
456eea6f18
@ -117,6 +117,12 @@
|
|||||||
# maximum nickname length!
|
# maximum nickname length!
|
||||||
;MaxNickLength = 9
|
;MaxNickLength = 9
|
||||||
|
|
||||||
|
# Maximum penalty time increase in seconds, per penalty event. Set to -1
|
||||||
|
# for no limit (the default), 0 to disable penalties altogether. The
|
||||||
|
# daemon doesn't use penalty increases higher than 2 seconds during
|
||||||
|
# normal operation, so values greater than 1 rarely make sense.
|
||||||
|
;MaxPenaltyTime = -1
|
||||||
|
|
||||||
# Maximum number of channels returned in response to a /list
|
# Maximum number of channels returned in response to a /list
|
||||||
# command (0: unlimited):
|
# command (0: unlimited):
|
||||||
;MaxListSize = 100
|
;MaxListSize = 100
|
||||||
|
@ -201,6 +201,12 @@ Maximum length of an user nickname (Default: 9, as in RFC 2812). Please
|
|||||||
note that all servers in an IRC network MUST use the same maximum nickname
|
note that all servers in an IRC network MUST use the same maximum nickname
|
||||||
length!
|
length!
|
||||||
.TP
|
.TP
|
||||||
|
\fBMaxPenaltyTime\fR (number)
|
||||||
|
Maximum penalty time increase in seconds, per penalty event. Set to -1 for no
|
||||||
|
limit (the default), 0 to disable penalties altogether. ngIRCd doesn't use
|
||||||
|
penalty increases higher than 2 seconds during normal operation, so values
|
||||||
|
greater than 1 rarely make sense.
|
||||||
|
.TP
|
||||||
\fBMaxListSize\fR (number)
|
\fBMaxListSize\fR (number)
|
||||||
Maximum number of channels returned in response to a LIST command. Default: 100.
|
Maximum number of channels returned in response to a LIST command. Default: 100.
|
||||||
.TP
|
.TP
|
||||||
|
@ -388,6 +388,7 @@ Conf_Test( void )
|
|||||||
printf(" MaxConnectionsIP = %d\n", Conf_MaxConnectionsIP);
|
printf(" MaxConnectionsIP = %d\n", Conf_MaxConnectionsIP);
|
||||||
printf(" MaxJoins = %d\n", Conf_MaxJoins > 0 ? Conf_MaxJoins : -1);
|
printf(" MaxJoins = %d\n", Conf_MaxJoins > 0 ? Conf_MaxJoins : -1);
|
||||||
printf(" MaxNickLength = %u\n", Conf_MaxNickLength - 1);
|
printf(" MaxNickLength = %u\n", Conf_MaxNickLength - 1);
|
||||||
|
printf(" MaxPenaltyTime = %ld\n", Conf_MaxPenaltyTime);
|
||||||
printf(" MaxListSize = %d\n", Conf_MaxListSize);
|
printf(" MaxListSize = %d\n", Conf_MaxListSize);
|
||||||
printf(" PingTimeout = %d\n", Conf_PingTimeout);
|
printf(" PingTimeout = %d\n", Conf_PingTimeout);
|
||||||
printf(" PongTimeout = %d\n", Conf_PongTimeout);
|
printf(" PongTimeout = %d\n", Conf_PongTimeout);
|
||||||
@ -765,6 +766,7 @@ Set_Defaults(bool InitServers)
|
|||||||
Conf_MaxConnectionsIP = 5;
|
Conf_MaxConnectionsIP = 5;
|
||||||
Conf_MaxJoins = 10;
|
Conf_MaxJoins = 10;
|
||||||
Conf_MaxNickLength = CLIENT_NICK_LEN_DEFAULT;
|
Conf_MaxNickLength = CLIENT_NICK_LEN_DEFAULT;
|
||||||
|
Conf_MaxPenaltyTime = -1;
|
||||||
Conf_MaxListSize = 100;
|
Conf_MaxListSize = 100;
|
||||||
Conf_PingTimeout = 120;
|
Conf_PingTimeout = 120;
|
||||||
Conf_PongTimeout = 20;
|
Conf_PongTimeout = 20;
|
||||||
@ -1641,6 +1643,12 @@ Handle_LIMITS(const char *File, int Line, char *Var, char *Arg)
|
|||||||
Config_Error_NaN(File, Line, Var);
|
Config_Error_NaN(File, Line, Var);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
if (strcasecmp(Var, "MaxPenaltyTime") == 0) {
|
||||||
|
Conf_MaxPenaltyTime = atol(Arg);
|
||||||
|
if (Conf_MaxPenaltyTime < -1)
|
||||||
|
Conf_MaxPenaltyTime = -1; /* "unlimited" */
|
||||||
|
return;
|
||||||
|
}
|
||||||
if (strcasecmp(Var, "PingTimeout") == 0) {
|
if (strcasecmp(Var, "PingTimeout") == 0) {
|
||||||
Conf_PingTimeout = atoi(Arg);
|
Conf_PingTimeout = atoi(Arg);
|
||||||
if (Conf_PingTimeout < 5) {
|
if (Conf_PingTimeout < 5) {
|
||||||
@ -2281,6 +2289,11 @@ Validate_Config(bool Configtest, bool Rehash)
|
|||||||
"This server uses PAM, \"Password\" in [Global] section will be ignored!");
|
"This server uses PAM, \"Password\" in [Global] section will be ignored!");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (Conf_MaxPenaltyTime != -1)
|
||||||
|
Config_Error(LOG_WARNING,
|
||||||
|
"Maximum penalty increase ('MaxPenaltyTime') is set to %ld, this is not recommended!",
|
||||||
|
Conf_MaxPenaltyTime);
|
||||||
|
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
servers = servers_once = 0;
|
servers = servers_once = 0;
|
||||||
for (i = 0; i < MAX_SERVERS; i++) {
|
for (i = 0; i < MAX_SERVERS; i++) {
|
||||||
|
@ -239,6 +239,9 @@ GLOBAL unsigned int Conf_MaxNickLength;
|
|||||||
/** Maximum number of channels returned to /list */
|
/** Maximum number of channels returned to /list */
|
||||||
GLOBAL int Conf_MaxListSize;
|
GLOBAL int Conf_MaxListSize;
|
||||||
|
|
||||||
|
/** Maximium seconds to add per "penalty". -1 = unlimited. */
|
||||||
|
GLOBAL time_t Conf_MaxPenaltyTime;
|
||||||
|
|
||||||
#ifndef STRICT_RFC
|
#ifndef STRICT_RFC
|
||||||
|
|
||||||
/** Require "AUTH PING-PONG" on login */
|
/** Require "AUTH PING-PONG" on login */
|
||||||
|
@ -26,6 +26,7 @@
|
|||||||
#endif
|
#endif
|
||||||
#include "conn.h"
|
#include "conn.h"
|
||||||
|
|
||||||
|
#include "conf.h"
|
||||||
#include "conn-func.h"
|
#include "conn-func.h"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -97,6 +98,14 @@ Conn_SetPenalty(CONN_ID Idx, time_t Seconds)
|
|||||||
assert(Idx > NONE);
|
assert(Idx > NONE);
|
||||||
assert(Seconds >= 0);
|
assert(Seconds >= 0);
|
||||||
|
|
||||||
|
/* Limit new penalty to maximum configured, when less than 10 seconds. *
|
||||||
|
The latter is used to limit brute force attacks, therefore we don't *
|
||||||
|
want to limit that! */
|
||||||
|
if (Conf_MaxPenaltyTime >= 0
|
||||||
|
&& Seconds > Conf_MaxPenaltyTime
|
||||||
|
&& Seconds < 10)
|
||||||
|
Seconds = Conf_MaxPenaltyTime;
|
||||||
|
|
||||||
t = time(NULL);
|
t = time(NULL);
|
||||||
if (My_Connections[Idx].delaytime < t)
|
if (My_Connections[Idx].delaytime < t)
|
||||||
My_Connections[Idx].delaytime = t;
|
My_Connections[Idx].delaytime = t;
|
||||||
|
@ -12,6 +12,7 @@
|
|||||||
[Limits]
|
[Limits]
|
||||||
MaxConnectionsIP = 0
|
MaxConnectionsIP = 0
|
||||||
MaxJoins = 4
|
MaxJoins = 4
|
||||||
|
MaxPenaltyTime = 1
|
||||||
|
|
||||||
[Options]
|
[Options]
|
||||||
OperCanUseMode = yes
|
OperCanUseMode = yes
|
||||||
|
@ -12,6 +12,7 @@
|
|||||||
[Limits]
|
[Limits]
|
||||||
MaxConnectionsIP = 0
|
MaxConnectionsIP = 0
|
||||||
MaxJoins = 4
|
MaxJoins = 4
|
||||||
|
MaxPenaltyTime = 1
|
||||||
|
|
||||||
[Options]
|
[Options]
|
||||||
OperCanUseMode = yes
|
OperCanUseMode = yes
|
||||||
|
Loading…
Reference in New Issue
Block a user