2 * IRC - Internet Relay Chat, ircd/IPcheck.c
3 * Copyright (C) 1998 Carlo Wood ( Run @ undernet.org )
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2, or (at your option)
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 * This file should be edited in a window with a width of 141 characters
28 #include "numnicks.h" /* NumNick, NumServ (GODMODE) */
29 #include "ircd_alloc.h"
30 #include "s_bsd.h" /* SetIPChecked */
31 #include "s_debug.h" /* Debug */
32 #include "s_user.h" /* TARGET_DELAY */
36 #include <stdio.h> /* NULL ... bleah */
39 struct IPTargetEntry {
41 unsigned char targets[MAXTARGETS];
44 struct IPRegistryEntry {
45 struct IPRegistryEntry* next;
46 struct IPTargetEntry* target;
48 unsigned short last_connect;
49 unsigned char connected;
50 unsigned char attempts;
54 * Hash table for IPv4 address registry
56 * Hash table size must be a power of 2
57 * Use 64K hash table to conserve memory
59 #define IP_REGISTRY_TABLE_SIZE 0x10000
60 #define MASK_16 0xffff
62 #define NOW ((unsigned short)(CurrentTime & MASK_16))
63 #define CONNECTED_SINCE(x) (NOW - (x))
65 #define IPCHECK_CLONE_LIMIT 2
66 #define IPCHECK_CLONE_PERIOD 20
67 #define IPCHECK_CLONE_DELAY 600
70 static struct IPRegistryEntry* hashTable[IP_REGISTRY_TABLE_SIZE];
71 static struct IPRegistryEntry* freeList = 0;
73 static unsigned int ip_registry_hash(unsigned int ip)
75 return ((ip >> 16) ^ ip) & (IP_REGISTRY_TABLE_SIZE - 1);
78 static struct IPRegistryEntry* ip_registry_find(unsigned int ip)
80 struct IPRegistryEntry* entry = hashTable[ip_registry_hash(ip)];
81 for ( ; entry; entry = entry->next) {
82 if (entry->addr == ip)
88 static void ip_registry_add(struct IPRegistryEntry* entry)
90 unsigned int bucket = ip_registry_hash(entry->addr);
91 entry->next = hashTable[bucket];
92 hashTable[bucket] = entry;
95 static void ip_registry_remove(struct IPRegistryEntry* entry)
97 unsigned int bucket = ip_registry_hash(entry->addr);
98 if (hashTable[bucket] == entry)
99 hashTable[bucket] = entry->next;
101 struct IPRegistryEntry* prev = hashTable[bucket];
102 for ( ; prev; prev = prev->next) {
103 if (prev->next == entry) {
104 prev->next = entry->next;
111 static struct IPRegistryEntry* ip_registry_new_entry()
113 struct IPRegistryEntry* entry = freeList;
115 freeList = entry->next;
117 entry = (struct IPRegistryEntry*) MyMalloc(sizeof(struct IPRegistryEntry));
120 memset(entry, 0, sizeof(struct IPRegistryEntry));
121 entry->last_connect = NOW; /* Seconds since last connect attempt */
122 entry->connected = 1; /* connected clients for this IP */
123 entry->attempts = 1; /* Number attempts for this IP */
127 static void ip_registry_delete_entry(struct IPRegistryEntry* entry)
130 MyFree(entry->target);
131 entry->next = freeList;
135 static unsigned int ip_registry_update_free_targets(struct IPRegistryEntry* entry)
137 unsigned int free_targets = STARTTARGETS;
140 free_targets = entry->target->count + (CONNECTED_SINCE(entry->last_connect) / TARGET_DELAY);
141 if (free_targets > STARTTARGETS)
142 free_targets = STARTTARGETS;
143 entry->target->count = free_targets;
148 static void ip_registry_expire_entry(struct IPRegistryEntry* entry)
151 * Don't touch this number, it has statistical significance
152 * XXX - blah blah blah
154 if (CONNECTED_SINCE(entry->last_connect) > 600) {
158 ip_registry_remove(entry);
159 ip_registry_delete_entry(entry);
161 else if (CONNECTED_SINCE(entry->last_connect) > 120 && 0 != entry->target) {
163 * Expire storage of targets
165 MyFree(entry->target);
173 static void ip_registry_expire()
176 struct IPRegistryEntry* entry;
177 struct IPRegistryEntry* entry_next;
179 for (i = 0; i < IP_REGISTRY_TABLE_SIZE; ++i) {
180 for (entry = hashTable[i]; entry; entry = entry_next) {
181 entry_next = entry->next;
182 if (0 == entry->connected)
183 ip_registry_expire_entry(entry);
189 * IPcheck_local_connect
192 * A new connection was accept()-ed with IP number `cptr->ip.s_addr'.
195 * Update the IPcheck registry.
197 * 1 : You're allowed to connect.
198 * 0 : You're not allowed to connect.
202 * A connection should be rejected when a connection from the same IP number was
203 * received IPCHECK_CLONE_LIMIT times before this connect attempt, with
204 * reconnect intervals of IPCHECK_CLONE_PERIOD seconds or less.
206 * Free target inheritance:
208 * When the client is accepted, then the number of Free Targets
209 * of the cptr is set to the value stored in the found IPregistry
210 * structure, or left at STARTTARGETS. This can be done by changing
211 * cptr->nexttarget to be `now - (TARGET_DELAY * (FREE_TARGETS - 1))',
212 * where FREE_TARGETS may range from 0 till STARTTARGETS.
214 int ip_registry_check_local(unsigned int addr, time_t* next_target_out)
216 struct IPRegistryEntry* entry = ip_registry_find(addr);
217 unsigned int free_targets = STARTTARGETS;
220 entry = ip_registry_new_entry();
221 entry->addr = addr; /* The IP number of registry entry */
222 ip_registry_add(entry);
225 /* Note that this also connects server connects.
226 * It is hard and not interesting, to change that.
228 * Don't allow more then 255 connects from one IP number, ever
230 if (0 == ++entry->connected)
233 if (CONNECTED_SINCE(entry->last_connect) > IPCHECK_CLONE_PERIOD)
236 free_targets = ip_registry_update_free_targets(entry);
237 entry->last_connect = NOW;
239 if (0 == ++entry->attempts) /* Check for overflow */
242 if (entry->attempts < IPCHECK_CLONE_LIMIT) {
244 *next_target_out = CurrentTime - (TARGET_DELAY * free_targets - 1);
246 else if ((CurrentTime - me.since) > IPCHECK_CLONE_DELAY) {
248 * Don't refuse connection when we just rebooted the server
260 * IPcheck_remote_connect
263 * A remote client connected to Undernet, with IP number `cptr->ip.s_addr'
264 * and hostname `hostname'.
267 * Update the IPcheck registry.
268 * Return 0 on failure, 1 on success.
270 int ip_registry_check_remote(struct Client* cptr, int is_burst)
272 struct IPRegistryEntry* entry = ip_registry_find(cptr->ip.s_addr);
275 * Mark that we did add/update an IPregistry entry
279 entry = ip_registry_new_entry();
280 entry->addr = cptr->ip.s_addr;
283 ip_registry_add(entry);
286 if (0 == ++entry->connected) {
288 * Don't allow more then 255 connects from one IP number, ever
292 if (CONNECTED_SINCE(entry->last_connect) > IPCHECK_CLONE_PERIOD)
295 if (0 == ++entry->attempts) {
301 ip_registry_update_free_targets(entry);
302 entry->last_connect = NOW;
309 * IPcheck_connect_fail
312 * This local client failed to connect due to legal reasons.
315 * Neutralize the effect of calling IPcheck_local_connect, in such
316 * a way that the client won't be penalized when trying to reconnect
319 void ip_registry_connect_fail(unsigned int addr)
321 struct IPRegistryEntry* entry = ip_registry_find(addr);
327 * IPcheck_connect_succeeded
330 * A client succeeded to finish the registration.
332 * Finish IPcheck registration of a successfully, locally connected client.
334 void ip_registry_connect_succeeded(struct Client *cptr)
337 unsigned int free_targets = STARTTARGETS;
338 struct IPRegistryEntry* entry = ip_registry_find(cptr->ip.s_addr);
341 Debug((DEBUG_ERROR, "Missing registry entry for: %s", cptr->sock_ip));
345 memcpy(cptr->targets, entry->target->targets, MAXTARGETS);
346 free_targets = entry->target->count;
349 sendto_one(cptr, ":%s NOTICE %s :on %u ca %u(%u) ft %u(%u)%s",
350 me.name, cptr->name, entry->connected, entry->attempts,
351 IPCHECK_CLONE_LIMIT, free_targets, STARTTARGETS, tr);
358 * A local client disconnected or a remote client left Undernet.
361 * Update the IPcheck registry.
362 * Remove all expired IPregistry structures from the hash bucket
363 * that belongs to this clients IP number.
365 void ip_registry_disconnect(struct Client *cptr)
367 struct IPRegistryEntry* entry = ip_registry_find(cptr->ip.s_addr);
370 * trying to find an entry for a server causes this to happen,
371 * servers should never have FLAGS_IPCHECK set
376 * If this was the last one, set `last_connect' to disconnect time (used for expiration)
378 if (0 == --entry->connected) {
379 if (CONNECTED_SINCE(entry->last_connect) > IPCHECK_CLONE_LIMIT * IPCHECK_CLONE_PERIOD) {
381 * Otherwise we'd penetalize for this old value if the client reconnects within 20 seconds
385 ip_registry_update_free_targets(entry);
386 entry->last_connect = NOW;
388 if (MyConnect(cptr)) {
389 unsigned int free_targets;
391 * Copy the clients targets
393 if (0 == entry->target) {
394 entry->target = (struct IPTargetEntry*) MyMalloc(sizeof(struct IPTargetEntry));
395 entry->target->count = STARTTARGETS;
397 assert(0 != entry->target);
399 memcpy(entry->target->targets, cptr->targets, MAXTARGETS);
401 * This calculation can be pretty unfair towards large multi-user hosts, but
402 * there is "nothing" we can do without also allowing spam bots to send more
403 * messages or by drastically increasing the ammount of memory used in the IPregistry.
405 * The problem is that when a client disconnects, leaving no free targets, then
406 * the next client from that IP number has to pay for it (getting no free targets).
407 * But ALSO the next client, and the next client, and the next client etc - until
408 * another client disconnects that DOES leave free targets. The reason for this
409 * is that if there are 10 SPAM bots, and they all disconnect at once, then they
410 * ALL should get no free targets when reconnecting. We'd need to store an entry
411 * per client (instead of per IP number) to avoid this.
413 if (cptr->nexttarget < CurrentTime) {
415 * Number of free targets
417 free_targets = (CurrentTime - cptr->nexttarget) / TARGET_DELAY + 1;
422 * Add bonus, this is pretty fuzzy, but it will help in some cases.
424 if ((CurrentTime - cptr->firsttime) > 600)
426 * Was longer then 10 minutes online?
428 free_targets += (CurrentTime - cptr->firsttime - 600) / TARGET_DELAY;
430 * Finally, store smallest value for Judgement Day
432 if (free_targets < entry->target->count)
433 entry->target->count = free_targets;
440 * Returns number of clients with the same IP number
442 int ip_registry_count(unsigned int addr)
444 struct IPRegistryEntry* entry = ip_registry_find(addr);
445 return (entry) ? entry->connected : 0;
449 * IPcheck_local_connect
452 * A new connection was accept()-ed with IP number `cptr->ip.s_addr'.
455 * Update the IPcheck registry.
457 * 1 : You're allowed to connect.
458 * 0 : You're not allowed to connect.
462 * A connection should be rejected when a connection from the same IP number was
463 * received IPCHECK_CLONE_LIMIT times before this connect attempt, with
464 * reconnect intervals of IPCHECK_CLONE_PERIOD seconds or less.
466 * Free target inheritance:
468 * When the client is accepted, then the number of Free Targets
469 * of the cptr is set to the value stored in the found IPregistry
470 * structure, or left at STARTTARGETS. This can be done by changing
471 * cptr->nexttarget to be `now - (TARGET_DELAY * (FREE_TARGETS - 1))',
472 * where FREE_TARGETS may range from 0 till STARTTARGETS.
474 int IPcheck_local_connect(struct in_addr a, time_t* next_target_out)
476 assert(0 != next_target_out);
477 return ip_registry_check_local(a.s_addr, next_target_out);
481 * IPcheck_remote_connect
484 * A remote client connected to Undernet, with IP number `cptr->ip.s_addr'
485 * and hostname `hostname'.
488 * Update the IPcheck registry.
489 * Return 0 on failure, 1 on success.
491 int IPcheck_remote_connect(struct Client *cptr, const char *hostname, int is_burst)
494 return ip_registry_check_remote(cptr, is_burst);
498 * IPcheck_connect_fail
501 * This local client failed to connect due to legal reasons.
504 * Neutralize the effect of calling IPcheck_local_connect, in such
505 * a way that the client won't be penalized when trying to reconnect
508 void IPcheck_connect_fail(struct in_addr a)
510 ip_registry_connect_fail(a.s_addr);
514 * IPcheck_connect_succeeded
517 * A client succeeded to finish the registration.
519 * Finish IPcheck registration of a successfully, locally connected client.
521 void IPcheck_connect_succeeded(struct Client *cptr)
524 ip_registry_connect_succeeded(cptr);
531 * A local client disconnected or a remote client left Undernet.
534 * Update the IPcheck registry.
535 * Remove all expired IPregistry structures from the hash bucket
536 * that belongs to this clients IP number.
538 void IPcheck_disconnect(struct Client *cptr)
541 ip_registry_disconnect(cptr);
547 * Returns number of clients with the same IP number
549 unsigned short IPcheck_nr(struct Client *cptr)
552 return ip_registry_count(cptr->ip.s_addr);
555 void IPcheck_expire()
557 static time_t next_expire = 0;
558 if (next_expire < CurrentTime) {
559 ip_registry_expire();
560 next_expire = CurrentTime + 60;
565 struct IPregistry_vector {
566 unsigned short length;
567 unsigned short allocated_length;
568 struct IPregistry *vector;
571 #define HASHTABSIZE 0x2000 /* Must be power of 2 */
572 static struct IPregistry_vector IPregistry_hashtable[HASHTABSIZE];
575 * Calculate a `hash' value between 0 and HASHTABSIZE, from the internet address `in_addr'.
576 * Apply it immedeately to the table, effectively hiding the table itself.
578 #define CALCULATE_HASH(in_addr) \
579 struct IPregistry_vector *hash; \
580 do { unsigned int ip = (in_addr).s_addr; \
581 hash = &IPregistry_hashtable[((ip >> 14) + (ip >> 7) + ip) & (HASHTABSIZE - 1)]; } while(0)
584 * Fit `now' in an unsigned short, the advantage is that we use less memory
585 * `struct IPregistry::last_connect' can be smaller while the only disadvantage
586 * is that if someone reconnects after exactly 18 hours and 12 minutes, and NOBODY with the
587 * same _hash_ value for this IP-number did disconnect in the meantime, then the server
588 * will think he reconnected immedeately. In other words: No disadvantage at all.
590 #define BITMASK 0xffff /* Same number of bits as `struct IPregistry::last_connect' */
591 #define HAS_TARGETS_MAGIC 15
592 #define HAS_TARGETS(entry) ((entry)->free_targets == HAS_TARGETS_MAGIC)
594 #if STARTTARGETS >= HAS_TARGETS_MAGIC
595 #error "That doesn't fit in 4 bits, does it?"
598 /* IP(entry) returns the `struct in_addr' of the IPregistry. */
599 #define IP(entry) (HAS_TARGETS(entry) ? (entry)->ip_targets.ptr->ip : (entry)->ip_targets.ip)
600 #define FREE_TARGETS(entry) (HAS_TARGETS(entry) ? (entry)->ip_targets.ptr->free_targets : (entry)->free_targets)
602 static unsigned short count = 10000, average_length = 4;
604 static struct IPregistry *IPregistry_add(struct IPregistry_vector *iprv)
607 if (iprv->length == iprv->allocated_length)
609 iprv->allocated_length += 4;
612 (struct IPregistry*) MyRealloc(iprv->vector,
613 iprv->allocated_length * sizeof(struct IPregistry));
617 (struct IPregistry*) MyMalloc(
618 iprv->allocated_length * sizeof(struct IPregistry));
621 return &iprv->vector[iprv->length++];
624 static struct IPregistry *IPregistry_find(struct IPregistry_vector *iprv,
627 if (iprv->length > 0)
629 struct IPregistry *i, *end = &iprv->vector[iprv->length];
630 for (i = &iprv->vector[0]; i < end; ++i)
631 if (IP(i).s_addr == ip.s_addr)
637 static struct IPregistry *IPregistry_find_with_expire(struct IPregistry_vector
638 *iprv, struct in_addr ip)
640 struct IPregistry *last;
641 struct IPregistry *curr;
642 struct IPregistry *retval = NULL;
645 * if the vector is empty, IPcheck_disconnect will cause the server
646 * to core when NDEBUG is defined
648 if (iprv->length < 1)
651 last = &iprv->vector[iprv->length - 1];
653 for (curr = &iprv->vector[0]; curr < last;)
655 if (IP(curr).s_addr == ip.s_addr)
656 /* `curr' is element we looked for */
658 else if (curr->connected == 0)
660 if (CONNECTED_SINCE(curr) > 600U) /* Don't touch this number, it has statistical significance */
663 if (HAS_TARGETS(curr))
664 MyFree(curr->ip_targets.ptr);
669 /* Make ever 10000 disconnects an estimation of the average vector length */
672 (UserStats.clients + UserStats.unknowns + UserStats.local_servers) / HASHTABSIZE;
674 /* Now check the new element (last) that was moved to this position */
677 else if (CONNECTED_SINCE(curr) > 120U && HAS_TARGETS(curr))
679 /* Expire storage of targets */
680 struct in_addr ip1 = curr->ip_targets.ptr->ip;
681 curr->free_targets = curr->ip_targets.ptr->free_targets;
682 MyFree(curr->ip_targets.ptr);
683 curr->ip_targets.ip = ip1;
686 /* Did not expire, check next element */
689 /* Now check the last element in the list (curr == last) */
690 if (IP(curr).s_addr == ip.s_addr)
691 /* `curr' is element we looked for */
693 else if (curr->connected == 0)
695 if (CONNECTED_SINCE(curr) > 600U) /* Don't touch this number, it has statistical significance */
698 if (HAS_TARGETS(curr))
699 MyFree(curr->ip_targets.ptr);
703 /* Make ever 10000 disconnects an estimation of the average vector length */
706 (UserStats.clients + UserStats.unknowns + UserStats.local_servers) / HASHTABSIZE;
709 else if (CONNECTED_SINCE(curr) > 120U && HAS_TARGETS(curr))
711 /* Expire storage of targets */
712 struct in_addr ip1 = curr->ip_targets.ptr->ip;
713 curr->free_targets = curr->ip_targets.ptr->free_targets;
714 MyFree(curr->ip_targets.ptr);
715 curr->ip_targets.ip = ip1;
718 /* Do we need to shrink the vector? */
719 if (iprv->allocated_length > average_length
720 && iprv->allocated_length - iprv->length >= 4)
722 struct IPregistry *newpos;
723 iprv->allocated_length = iprv->length;
725 (struct IPregistry *)MyRealloc(iprv->vector,
726 iprv->allocated_length * sizeof(struct IPregistry));
727 if (newpos != iprv->vector) /* Is this ever true? */
730 (struct IPregistry *)((char *)retval + ((char *)newpos -
731 (char *)iprv->vector));
732 iprv->vector = newpos;
738 static void reset_connect_time(struct IPregistry *entry)
740 unsigned int previous_free_targets;
743 previous_free_targets =
744 FREE_TARGETS(entry) + CONNECTED_SINCE(entry) / TARGET_DELAY;
745 if (previous_free_targets > STARTTARGETS)
746 previous_free_targets = STARTTARGETS;
747 if (HAS_TARGETS(entry))
748 entry->ip_targets.ptr->free_targets = previous_free_targets;
750 entry->free_targets = previous_free_targets;
752 entry->last_connect = NOW;
756 * IPcheck_local_connect
759 * A new connection was accept()-ed with IP number `cptr->ip.s_addr'.
762 * Update the IPcheck registry.
764 * 1 : You're allowed to connect.
765 * 0 : You're not allowed to connect.
769 * A connection should be rejected when a connection from the same IP number was
770 * received IPCHECK_CLONE_LIMIT times before this connect attempt, with
771 * reconnect intervals of IPCHECK_CLONE_PERIOD seconds or less.
773 * Free target inheritance:
775 * When the client is accepted, then the number of Free Targets
776 * of the cptr is set to the value stored in the found IPregistry
777 * structure, or left at STARTTARGETS. This can be done by changing
778 * cptr->nexttarget to be `now - (TARGET_DELAY * (FREE_TARGETS - 1))',
779 * where FREE_TARGETS may range from 0 till STARTTARGETS.
781 int IPcheck_local_connect(struct in_addr a, time_t* next_target_out)
783 struct IPregistry *entry;
785 assert(0 != next_target_out);
787 if (!(entry = IPregistry_find(hash, a)))
789 entry = IPregistry_add(hash);
790 entry->ip_targets.ip = a; /* The IP number of registry entry */
791 entry->last_connect = NOW; /* Seconds since last connect attempt */
792 entry->connected = 1; /* connected clients for this IP */
793 entry->connect_attempts = 1; /* Number attempts for this IP */
794 entry->free_targets = STARTTARGETS; /* free targets a client gets */
797 /* Note that this also connects server connects.
798 * It is hard and not interesting, to change that.
800 * Don't allow more then 255 connects from one IP number, ever
802 if (0 == ++entry->connected)
805 if (CONNECTED_SINCE(entry) > IPCHECK_CLONE_PERIOD)
806 entry->connect_attempts = 0;
808 reset_connect_time(entry);
810 if (0 == ++entry->connect_attempts) /* Check for overflow */
811 --entry->connect_attempts;
813 if (entry->connect_attempts <= IPCHECK_CLONE_LIMIT)
814 *next_target_out = CurrentTime - (TARGET_DELAY * (FREE_TARGETS(entry) - 1));
816 /* Don't refuse connection when we just rebooted the server */
817 else if (CurrentTime - me.since > IPCHECK_CLONE_DELAY)
827 * IPcheck_remote_connect
830 * A remote client connected to Undernet, with IP number `cptr->ip.s_addr'
831 * and hostname `hostname'.
834 * Update the IPcheck registry.
835 * Return -1 on failure, 0 on success.
837 int IPcheck_remote_connect(struct Client *cptr, const char *hostname,
840 struct IPregistry *entry;
841 CALCULATE_HASH(cptr->ip);
842 SetIPChecked(cptr); /* Mark that we did add/update an IPregistry entry */
843 if (!(entry = IPregistry_find(hash, cptr->ip)))
845 entry = IPregistry_add(hash);
846 entry->ip_targets.ip = cptr->ip; /* The IP number of registry entry */
847 entry->last_connect = NOW; /* Seconds since last connect (attempt) */
848 entry->connected = 1; /* Number of currently connected clients with this IP number */
849 entry->connect_attempts = is_burst ? 1 : 0; /* Number of clients that connected with this IP number */
850 entry->free_targets = STARTTARGETS; /* Number of free targets that a client gets on connect */
856 "%s NOTICE %s%s :I saw your face before my friend (connected: %u; connect_attempts %u; free_targets %u)",
857 NumServ(&me), NumNick(cptr), entry->connected, entry->connect_attempts,
858 FREE_TARGETS(entry));
860 if (++(entry->connected) == 0) /* Don't allow more then 255 connects from one IP number, ever */
862 if (CONNECTED_SINCE(entry) > IPCHECK_CLONE_PERIOD)
863 entry->connect_attempts = 0;
866 if (++(entry->connect_attempts) == 0) /* Check for overflow */
867 --(entry->connect_attempts);
868 reset_connect_time(entry);
875 * IPcheck_connect_fail
878 * This local client failed to connect due to legal reasons.
881 * Neutralize the effect of calling IPcheck_local_connect, in such
882 * a way that the client won't be penalized when trying to reconnect
885 void IPcheck_connect_fail(struct in_addr a)
887 struct IPregistry *entry;
889 if ((entry = IPregistry_find(hash, a)))
890 --entry->connect_attempts;
894 * IPcheck_connect_succeeded
897 * A client succeeded to finish the registration.
899 * Finish IPcheck registration of a successfully, locally connected client.
901 void IPcheck_connect_succeeded(struct Client *cptr)
903 struct IPregistry *entry;
905 CALCULATE_HASH(cptr->ip);
906 entry = IPregistry_find(hash, cptr->ip);
907 if (HAS_TARGETS(entry))
909 memcpy(cptr->targets, entry->ip_targets.ptr->targets, MAXTARGETS);
912 sendto_one(cptr, ":%s NOTICE %s :on %u ca %u(%u) ft %u(%u)%s",
913 me.name, cptr->name, entry->connected, entry->connect_attempts,
914 IPCHECK_CLONE_LIMIT, FREE_TARGETS(entry), STARTTARGETS, tr);
921 * A local client disconnected or a remote client left Undernet.
924 * Update the IPcheck registry.
925 * Remove all expired IPregistry structures from the hash bucket
926 * that belongs to this clients IP number.
928 void IPcheck_disconnect(struct Client *cptr)
930 struct IPregistry *entry;
931 CALCULATE_HASH(cptr->ip);
932 entry = IPregistry_find_with_expire(hash, cptr->ip);
935 * trying to find an entry for a server causes this to happen,
936 * servers should never have FLAGS_IPCHECK set
942 * If this was the last one, set `last_connect' to disconnect time (used for expiration)
944 if (--(entry->connected) == 0) {
945 if (CONNECTED_SINCE(entry) > IPCHECK_CLONE_LIMIT * IPCHECK_CLONE_PERIOD)
947 * Otherwise we'd penetalize for this old value if the client reconnects within 20 seconds
949 entry->connect_attempts = 0;
950 reset_connect_time(entry);
952 if (MyConnect(cptr)) {
953 unsigned int inheritance;
955 * Copy the clients targets
957 if (HAS_TARGETS(entry)) {
958 entry->free_targets = entry->ip_targets.ptr->free_targets;
959 MyFree(entry->ip_targets.ptr);
961 entry->ip_targets.ptr =
962 (struct ip_targets_st*) MyMalloc(sizeof(struct ip_targets_st));
964 assert(0 != entry->ip_targets.ptr);
965 entry->ip_targets.ptr->ip = cptr->ip;
966 entry->ip_targets.ptr->free_targets = entry->free_targets;
967 entry->free_targets = HAS_TARGETS_MAGIC;
968 memcpy(entry->ip_targets.ptr->targets, cptr->targets, MAXTARGETS);
970 * This calculation can be pretty unfair towards large multi-user hosts, but
971 * there is "nothing" we can do without also allowing spam bots to send more
972 * messages or by drastically increasing the ammount of memory used in the IPregistry.
974 * The problem is that when a client disconnects, leaving no free targets, then
975 * the next client from that IP number has to pay for it (getting no free targets).
976 * But ALSO the next client, and the next client, and the next client etc - until
977 * another client disconnects that DOES leave free targets. The reason for this
978 * is that if there are 10 SPAM bots, and they all disconnect at once, then they
979 * ALL should get no free targets when reconnecting. We'd need to store an entry
980 * per client (instead of per IP number) to avoid this.
982 if (cptr->nexttarget <= CurrentTime)
984 * Number of free targets
986 inheritance = (CurrentTime - cptr->nexttarget) / TARGET_DELAY + 1;
990 * Add bonus, this is pretty fuzzy, but it will help in some cases.
992 if (CurrentTime - cptr->firsttime > 600)
994 * Was longer then 10 minutes online?
996 inheritance += (CurrentTime - cptr->firsttime - 600) / TARGET_DELAY;
998 * Finally, store smallest value for Judgement Day
1000 if (inheritance < entry->ip_targets.ptr->free_targets)
1001 entry->ip_targets.ptr->free_targets = inheritance;
1008 * Returns number of clients with the same IP number
1010 unsigned short IPcheck_nr(struct Client *cptr)
1012 struct IPregistry *entry;
1013 CALCULATE_HASH(cptr->ip);
1014 entry = IPregistry_find(hash, cptr->ip);
1015 return (entry ? entry->connected : 0);
projects / ircu2.10.12-pk.git / blob