|
@@ -163,8 +163,29 @@ type ClientDetails struct {
|
163
|
163
|
accountName string
|
164
|
164
|
}
|
165
|
165
|
|
166
|
|
-// NewClient sets up a new client and runs its goroutine.
|
167
|
|
-func RunNewClient(server *Server, conn clientConn) {
|
|
166
|
+// RunClient sets up a new client and runs its goroutine.
|
|
167
|
+func (server *Server) RunClient(conn clientConn) {
|
|
168
|
+ var isBanned bool
|
|
169
|
+ var banMsg string
|
|
170
|
+ var realIP net.IP
|
|
171
|
+ if conn.IsTor {
|
|
172
|
+ realIP = utils.IPv4LoopbackAddress
|
|
173
|
+ isBanned, banMsg = server.checkTorLimits()
|
|
174
|
+ } else {
|
|
175
|
+ realIP = utils.AddrToIP(conn.Conn.RemoteAddr())
|
|
176
|
+ isBanned, banMsg = server.checkBans(realIP)
|
|
177
|
+ }
|
|
178
|
+
|
|
179
|
+ if isBanned {
|
|
180
|
+ // this might not show up properly on some clients,
|
|
181
|
+ // but our objective here is just to close the connection out before it has a load impact on us
|
|
182
|
+ conn.Conn.Write([]byte(fmt.Sprintf(errorMsg, banMsg)))
|
|
183
|
+ conn.Conn.Close()
|
|
184
|
+ return
|
|
185
|
+ }
|
|
186
|
+
|
|
187
|
+ server.logger.Info("localconnect-ip", fmt.Sprintf("Client connecting from %v", realIP))
|
|
188
|
+
|
168
|
189
|
now := time.Now().UTC()
|
169
|
190
|
config := server.Config()
|
170
|
191
|
fullLineLenLimit := ircmsg.MaxlenTagsFromClient + config.Limits.LineLen.Rest
|
|
@@ -194,6 +215,7 @@ func RunNewClient(server *Server, conn clientConn) {
|
194
|
215
|
capState: caps.NoneState,
|
195
|
216
|
ctime: now,
|
196
|
217
|
atime: now,
|
|
218
|
+ realIP: realIP,
|
197
|
219
|
}
|
198
|
220
|
session.SetMaxlenRest()
|
199
|
221
|
client.sessions = []*Session{session}
|
|
@@ -204,19 +226,17 @@ func RunNewClient(server *Server, conn clientConn) {
|
204
|
226
|
client.certfp, _ = socket.CertFP()
|
205
|
227
|
}
|
206
|
228
|
|
207
|
|
- remoteAddr := conn.Conn.RemoteAddr()
|
208
|
229
|
if conn.IsTor {
|
209
|
230
|
client.SetMode(modes.TLS, true)
|
210
|
|
- session.realIP = utils.AddrToIP(remoteAddr)
|
211
|
231
|
// cover up details of the tor proxying infrastructure (not a user privacy concern,
|
212
|
232
|
// but a hardening measure):
|
213
|
233
|
session.proxiedIP = utils.IPv4LoopbackAddress
|
214
|
234
|
session.rawHostname = config.Server.TorListeners.Vhost
|
215
|
235
|
} else {
|
216
|
|
- session.realIP = utils.AddrToIP(remoteAddr)
|
217
|
236
|
// set the hostname for this client (may be overridden later by PROXY or WEBIRC)
|
218
|
237
|
session.rawHostname = utils.LookupHostname(session.realIP.String())
|
219
|
238
|
client.cloakedHostname = config.Server.Cloaks.ComputeCloak(session.realIP)
|
|
239
|
+ remoteAddr := conn.Conn.RemoteAddr()
|
220
|
240
|
if utils.AddrIsLocal(remoteAddr) {
|
221
|
241
|
// treat local connections as secure (may be overridden later by WEBIRC)
|
222
|
242
|
client.SetMode(modes.TLS, true)
|