mirror
/
oragono
mirror of https://github.com/oragono/oragono
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 69 Wiki Activity
Browse Source

PROXY: Check DLINEs and connection limits/throttle on new proxied connections

tags/v0.9.0
Daniel Oaks 6 years ago
parent
38498b752b
commit
acec0e1690
2 changed files with 46 additions and 7 deletions
Split View Show Diff Stats
  1. 9
    0
      irc/dline.go
  2. 37
    7
      irc/server.go

+ 9
- 0
irc/dline.go View File 

@@ -52,6 +52,15 @@ type IPBanInfo struct {
52 52 
 	Time *IPRestrictTime `json:"time"`
53 53 
 }
54 54
55 
+// BanMessage returns the ban message.
56 
+func (info IPBanInfo) BanMessage(message string) string {
57 
+	message = fmt.Sprintf(message, info.Reason)
58 
+	if info.Time != nil {
59 
+		message += fmt.Sprintf(" [%s]", info.Time.Duration.String())
60 
+	}
61 
+	return message
62 
+}
63 
+
55 64 
 // dLineAddr contains the address itself and expiration time for a given network.
56 65 
 type dLineAddr struct {
57 66 
 	// Address is the address that is blocked.

+ 37
- 7
irc/server.go View File 

@@ -445,11 +445,7 @@ func (server *Server) Run() {
445 445 
 			// check DLINEs
446 446 
 			isBanned, info := server.dlines.CheckIP(ipaddr)
447 447 
 			if isBanned {
448 
-				banMessage := fmt.Sprintf(bannedFromServerMsg, info.Reason)
449 
-				if info.Time != nil {
450 
-					banMessage += fmt.Sprintf(" [%s]", info.Time.Duration.String())
451 
-				}
452 
-				conn.Conn.Write([]byte(banMessage))
448 
+				conn.Conn.Write([]byte(info.BanMessage(bannedFromServerMsg)))
453 449 
 				conn.Conn.Close()
454 450 
 				continue
455 451 
 			}
 
@@ -2248,12 +2244,46 @@ func proxyHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
2248 2244 
 				return true
2249 2245 
 			}
2250 2246
2251 
-			//TODO(dan): check DLINEs and connection throttling/limits
2247 
+			// check DLINEs
2248 
+			isBanned, info := server.dlines.CheckIP(parsedProxiedIP)
2249 
+			if isBanned {
2250 
+				client.Quit(info.BanMessage("You are banned from this server (%s)"))
2251 
+				return true
2252 
+			}
2253 
+
2254 
+			// check connection limits
2255 
+			server.connectionLimitsMutex.Lock()
2256 
+			err := server.connectionLimits.AddClient(parsedProxiedIP, false)
2257 
+			server.connectionLimitsMutex.Unlock()
2258 
+			if err != nil {
2259 
+				client.Quit("Too many clients from your network")
2260 
+				return true
2261 
+			}
2262 
+
2263 
+			// check connection throttle
2264 
+			server.connectionThrottleMutex.Lock()
2265 
+			err = server.connectionThrottle.AddClient(parsedProxiedIP)
2266 
+			server.connectionThrottleMutex.Unlock()
2267 
+			if err != nil {
2268 
+				// too many connections too quickly from client, tell them and close the connection
2269 
+				length := &IPRestrictTime{
2270 
+					Duration: server.connectionThrottle.BanDuration,
2271 
+					Expires:  time.Now().Add(server.connectionThrottle.BanDuration),
2272 
+				}
2273 
+				server.dlines.AddIP(parsedProxiedIP, length, server.connectionThrottle.BanMessage, "Exceeded automated connection throttle")
2274 
+
2275 
+				// they're DLINE'd for 15 minutes or whatever, so we can reset the connection throttle now,
2276 
+				// and once their temporary DLINE is finished they can fill up the throttler again
2277 
+				server.connectionThrottle.ResetFor(parsedProxiedIP)
2278 
+
2279 
+				client.Quit(server.connectionThrottle.BanMessage)
2280 
+				return true
2281 
+			}
2252 2282
2253 2283 
 			// override the client's regular IP
2254 2284 
 			client.proxiedIP = msg.Params[1]
2255 
-			client.hostname = LookupHostname(msg.Params[1])
2256 2285 
 			client.rawHostname = LookupHostname(msg.Params[1])
2286 
+			client.hostname = client.rawHostname
2257 2287 
 			return false
2258 2288 
 		}
2259 2289 
 	}

Write Preview
Loading…
Cancel
Save