Переглянути джерело

PROXY: Check DLINEs and connection limits/throttle on new proxied connections

tags/v0.9.0
Daniel Oaks 6 роки тому
джерело
коміт
acec0e1690
2 змінених файлів з 46 додано та 7 видалено
  1. 9
    0
      irc/dline.go
  2. 37
    7
      irc/server.go

+ 9
- 0
irc/dline.go Переглянути файл

@@ -52,6 +52,15 @@ type IPBanInfo struct {
52 52
 	Time *IPRestrictTime `json:"time"`
53 53
 }
54 54
 
55
+// BanMessage returns the ban message.
56
+func (info IPBanInfo) BanMessage(message string) string {
57
+	message = fmt.Sprintf(message, info.Reason)
58
+	if info.Time != nil {
59
+		message += fmt.Sprintf(" [%s]", info.Time.Duration.String())
60
+	}
61
+	return message
62
+}
63
+
55 64
 // dLineAddr contains the address itself and expiration time for a given network.
56 65
 type dLineAddr struct {
57 66
 	// Address is the address that is blocked.

+ 37
- 7
irc/server.go Переглянути файл

@@ -445,11 +445,7 @@ func (server *Server) Run() {
445 445
 			// check DLINEs
446 446
 			isBanned, info := server.dlines.CheckIP(ipaddr)
447 447
 			if isBanned {
448
-				banMessage := fmt.Sprintf(bannedFromServerMsg, info.Reason)
449
-				if info.Time != nil {
450
-					banMessage += fmt.Sprintf(" [%s]", info.Time.Duration.String())
451
-				}
452
-				conn.Conn.Write([]byte(banMessage))
448
+				conn.Conn.Write([]byte(info.BanMessage(bannedFromServerMsg)))
453 449
 				conn.Conn.Close()
454 450
 				continue
455 451
 			}
@@ -2248,12 +2244,46 @@ func proxyHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
2248 2244
 				return true
2249 2245
 			}
2250 2246
 
2251
-			//TODO(dan): check DLINEs and connection throttling/limits
2247
+			// check DLINEs
2248
+			isBanned, info := server.dlines.CheckIP(parsedProxiedIP)
2249
+			if isBanned {
2250
+				client.Quit(info.BanMessage("You are banned from this server (%s)"))
2251
+				return true
2252
+			}
2253
+
2254
+			// check connection limits
2255
+			server.connectionLimitsMutex.Lock()
2256
+			err := server.connectionLimits.AddClient(parsedProxiedIP, false)
2257
+			server.connectionLimitsMutex.Unlock()
2258
+			if err != nil {
2259
+				client.Quit("Too many clients from your network")
2260
+				return true
2261
+			}
2262
+
2263
+			// check connection throttle
2264
+			server.connectionThrottleMutex.Lock()
2265
+			err = server.connectionThrottle.AddClient(parsedProxiedIP)
2266
+			server.connectionThrottleMutex.Unlock()
2267
+			if err != nil {
2268
+				// too many connections too quickly from client, tell them and close the connection
2269
+				length := &IPRestrictTime{
2270
+					Duration: server.connectionThrottle.BanDuration,
2271
+					Expires:  time.Now().Add(server.connectionThrottle.BanDuration),
2272
+				}
2273
+				server.dlines.AddIP(parsedProxiedIP, length, server.connectionThrottle.BanMessage, "Exceeded automated connection throttle")
2274
+
2275
+				// they're DLINE'd for 15 minutes or whatever, so we can reset the connection throttle now,
2276
+				// and once their temporary DLINE is finished they can fill up the throttler again
2277
+				server.connectionThrottle.ResetFor(parsedProxiedIP)
2278
+
2279
+				client.Quit(server.connectionThrottle.BanMessage)
2280
+				return true
2281
+			}
2252 2282
 
2253 2283
 			// override the client's regular IP
2254 2284
 			client.proxiedIP = msg.Params[1]
2255
-			client.hostname = LookupHostname(msg.Params[1])
2256 2285
 			client.rawHostname = LookupHostname(msg.Params[1])
2286
+			client.hostname = client.rawHostname
2257 2287
 			return false
2258 2288
 		}
2259 2289
 	}

Завантаження…
Відмінити
Зберегти