LIMITS 21 ADDNETBLOCK enforce45 0::/0
LIMITS 22 FORCECOUNT enforce45 yes
LIMITS 23 With the 3 commands above, clones will be counted per /45 even if there are other isps matching it, like videotron's /29 above.
-LIMITS 24 The ACTIVE command will enable/disable glines on an isp. This means that it will count clones, report, but will not issue glines.
-LIMITS 25 Example 4:
-LIMITS 26 ADDISP NewShell 5 64 abuse@NewShell.org
-LIMITS 27 ADDNETBLOCK NewShell 2607:3f00:12:7::/64
-LIMITS 28 ADDNETBLOCK NewShell 2607:3f00:12:8::/64
-LIMITS 29 ADDNETBLOCK NewShell 2607:3f00:12:9::/64
-LIMITS 30 GROUP NewShell yes
-LIMITS 31 In this example, we add multiple netblocks to the same ISP, each netblock is limited to 5 connections per /64.
-LIMITS 32 GROUP ISP yes|no command, will disable the 5 connections per /64 limit from the above example and will instead count the sum of all clients that
-LIMITS 33 match the three netblocks associated with ISP NewShell. In other words, the limit will be 5 total for all three netblocks.
+LIMITS 24 ... However, if the videotron ISP in Example 1 had a limit of 5 connections per /45 instead of per /60, then the forcecount in Example 3 would be ignored.
+LIMITS 25 The ACTIVE command will enable/disable glines on an isp. This means that it will count clones, report, but will not issue glines.
+LIMITS 26 Example 4:
+LIMITS 27 ADDISP NewShell 5 64 abuse@NewShell.org
+LIMITS 28 ADDNETBLOCK NewShell 2607:3f00:12:7::/64
+LIMITS 29 ADDNETBLOCK NewShell 2607:3f00:12:8::/64
+LIMITS 30 ADDNETBLOCK NewShell 2607:3f00:12:9::/64
+LIMITS 31 GROUP NewShell yes
+LIMITS 32 In this example, we add multiple netblocks to the same ISP, each netblock is limited to 5 connections per /64.
+LIMITS 33 GROUP ISP yes|no command, will disable the 5 connections per /64 limit from the above example and will instead count the sum of all clients that
+LIMITS 34 match the three netblocks associated with ISP NewShell. In other words, the limit will be 5 total for all three netblocks.
JUPE 1 ****** JUPE COMMAND ******
JUPE 2 Jupe a server (prevent it connecting to the network)
JUPE 3 Syntax: /msg $BOT$ jupe <servername> <reason>
int widestCidr = 129;
int smallestCidr = 0;
int isv6 = 1;
+ipLnbVectorType tmpVector;
+std::list<int> nonForcecountCidrList;
+
if (!irc_in_addr_valid(&theClient->getIP())) //avoid 0:: (0.0.0.0) ip addresses
return true;
if ((nptr->first < 129) && (nb->getCidr2() < smallestCidr)) { /* cidr/129 means we have forcecount set */
break;
}
- clonecidr = nb->getCloneCidr();
+ tmpVector.push_back(*nptr);
+ if (nptr->first < 129)
+ nonForcecountCidrList.push_back(nb->getCloneCidr());
+ }
+}
+for (ipLnbIterator nptr = tmpVector.begin(); nptr != tmpVector.end(); nptr++) {
+ nb = nptr->second;
+ clonecidr = nb->getCloneCidr();
+
+ /* New code to handle forcecount differently */
+ if ((nptr->first == 129) && (std::find(nonForcecountCidrList.begin(), nonForcecountCidrList.end(), nb->getCloneCidr()) != nonForcecountCidrList.end())) {
+ // This forcecount cloneCidr is already handled by another non-forcecount isp. Skip.
+ continue;
+ }
- int tclonecidr = clonecidr;
- if (nb->getCidr().find(':') == string::npos)
- tclonecidr += 96;
- string m;
+ int tclonecidr = clonecidr;
+ if (nb->getCidr().find(':') == string::npos)
+ tclonecidr += 96;
+ string m;
+ if (nb->ipLisp->isGroup())
+ m = nb->getCidr();
+ else
+ m = IPCIDRMinIP(ip, tclonecidr) + "/" + std::to_string(clonecidr);
+ //elog << "LIMITS DEBUG: " << nb->ipLisp->getName() << ": mask = " << m << endl;
+ ipLclonesMapIterator itr = nb->ipLclonesMap.find(m);
+ if (itr != nb->ipLclonesMap.end()) {
+ int t;
if (nb->ipLisp->isGroup())
- m = nb->getCidr();
+ t = (nb->getLimit() - nb->ipLisp->getCount());
else
- m = IPCIDRMinIP(ip, tclonecidr) + "/" + std::to_string(clonecidr);
- //elog << "LIMITS DEBUG: " << nb->ipLisp->getName() << ": mask = " << m << endl;
- ipLclonesMapIterator itr = nb->ipLclonesMap.find(m);
- if (itr != nb->ipLclonesMap.end()) {
- int t;
- if (nb->ipLisp->isGroup())
- t = (nb->getLimit() - nb->ipLisp->getCount());
- else
- t = (nb->getLimit() - itr->second);
- if ((t < numLeft) && (nb->isActive())) {
- if (nb->getCidr2() < widestCidr) {
- widestCidr = nb->getCidr2();
- }
- numLeft = t;
+ t = (nb->getLimit() - itr->second);
+ if ((t < numLeft) && (nb->isActive())) {
+ if (nb->getCidr2() < widestCidr) {
+ widestCidr = nb->getCidr2();
}
+ numLeft = t;
+ }
- if (incCount) {
- itr->second++;
- nb->incCount(1);
- nb->ipLisp->incCount(1);
- }
- if (t <= 0) {
- ipLretStruct.nb = nb;
- ipLretStruct.type = 'i';
- ipLretStruct.mask = "*@" + m;
- ipLretStruct.limit = nb->getLimit();
- if (nb->ipLisp->isGroup()) {
- ipLretStruct.count = nb->ipLisp->getCount();
- }
- else {
- ipLretStruct.count = itr->second;
- }
- retList.push_back(ipLretStruct);
- }
+ if (incCount) {
+ itr->second++;
+ nb->incCount(1);
+ nb->ipLisp->incCount(1);
}
- else if (incCount) {
- //elog << "D> " << nb->ipLisp->getName() << ": nb->getLimit()=" << nb->getLimit()
- // << ", nb->ipLisp->getCount()=" << nb->ipLisp->getCount() << endl;
- int t;
+ if (t <= 0) {
+ ipLretStruct.nb = nb;
+ ipLretStruct.type = 'i';
+ ipLretStruct.mask = "*@" + m;
+ ipLretStruct.limit = nb->getLimit();
if (nb->ipLisp->isGroup()) {
- t = (nb->getLimit() - nb->ipLisp->getCount());
- if ((t < numLeft) && (nb->isActive())) {
- if (nb->getCidr2() < widestCidr) {
- widestCidr = nb->getCidr2();
- }
- numLeft = t;
- }
+ ipLretStruct.count = nb->ipLisp->getCount();
}
- else
- t = nb->getLimit();
- if (t <= 0) {
- ipLretStruct.nb = nb;
- ipLretStruct.type = 'i';
- ipLretStruct.mask = "*@" + m;
- ipLretStruct.limit = nb->getLimit();
- ipLretStruct.count = nb->ipLisp->isGroup() ? (nb->ipLisp->getCount() + 1) : 1;
- retList.push_back(ipLretStruct);
+ else {
+ ipLretStruct.count = itr->second;
}
- nb->incCount(1);
- nb->ipLisp->incCount(1);
- nb->ipLclonesMap.insert(ipLclonesMapType::value_type(m, 1));
- //elog << "LIMITS DEBUG: ipLclonesMap insert for " << nb->getCidr() << " (/" << nb->getCloneCidr() << "): "
- // << m << endl;
+ retList.push_back(ipLretStruct);
}
- if (incCount) {
- ipLnbList.push_back(nb);
- if (nb->ipLisp->isGlunidented() && theClient->getUserName().substr(0,1) == "~") {
- ipLretStruct.nb = nb;
- ipLretStruct.type = 'd';
- ipLretStruct.mask = "~*@" + m;
- ipLretStruct.limit = 0;
- ipLretStruct.count = 0;
- retList.push_back(ipLretStruct);
+ }
+ else if (incCount) {
+ //elog << "D> " << nb->ipLisp->getName() << ": nb->getLimit()=" << nb->getLimit()
+ // << ", nb->ipLisp->getCount()=" << nb->ipLisp->getCount() << endl;
+ int t;
+ if (nb->ipLisp->isGroup()) {
+ t = (nb->getLimit() - nb->ipLisp->getCount());
+ if ((t < numLeft) && (nb->isActive())) {
+ if (nb->getCidr2() < widestCidr) {
+ widestCidr = nb->getCidr2();
+ }
+ numLeft = t;
}
}
- if ((nb->getCidr2() > smallestCidr) && (nb->isActive()))
- smallestCidr = nb->getCidr2();
+ else
+ t = nb->getLimit();
+ if (t <= 0) {
+ ipLretStruct.nb = nb;
+ ipLretStruct.type = 'i';
+ ipLretStruct.mask = "*@" + m;
+ ipLretStruct.limit = nb->getLimit();
+ ipLretStruct.count = nb->ipLisp->isGroup() ? (nb->ipLisp->getCount() + 1) : 1;
+ retList.push_back(ipLretStruct);
+ }
+ nb->incCount(1);
+ nb->ipLisp->incCount(1);
+ nb->ipLclonesMap.insert(ipLclonesMapType::value_type(m, 1));
+ //elog << "LIMITS DEBUG: ipLclonesMap insert for " << nb->getCidr() << " (/" << nb->getCloneCidr() << "): "
+ // << m << endl;
+ }
+ if (incCount) {
+ ipLnbList.push_back(nb);
+ if (nb->ipLisp->isGlunidented() && theClient->getUserName().substr(0,1) == "~") {
+ ipLretStruct.nb = nb;
+ ipLretStruct.type = 'd';
+ ipLretStruct.mask = "~*@" + m;
+ ipLretStruct.limit = 0;
+ ipLretStruct.count = 0;
+ retList.push_back(ipLretStruct);
+ }
+ }
+ if ((nb->getCidr2() > smallestCidr) && (nb->isActive()))
+ smallestCidr = nb->getCidr2();
- string userip = theClient->getUserName() + "@" + (nb->ipLisp->isGroup() ? nb->ipLisp->getName() : m);
- ipLclonesMapIterator iitr = nb->ipLisp->ipLidentclonesMap.find(userip);
- if (theClient->getIntYY() == getUplink()->getIntYY()) {
- /* It's a virtually not-yet-connected client from iauth, don't count user ident clones */
- }
- else if (iitr != nb->ipLisp->ipLidentclonesMap.end()) {
- int t;
- t = nb->getIdentLimit() - iitr->second;
+ string userip = theClient->getUserName() + "@" + (nb->ipLisp->isGroup() ? nb->ipLisp->getName() : m);
+ ipLclonesMapIterator iitr = nb->ipLisp->ipLidentclonesMap.find(userip);
+ if (theClient->getIntYY() == getUplink()->getIntYY()) {
+ /* It's a virtually not-yet-connected client from iauth, don't count user ident clones */
+ }
+ else if (iitr != nb->ipLisp->ipLidentclonesMap.end()) {
+ int t;
+ t = nb->getIdentLimit() - iitr->second;
- if (incCount) {
- iitr->second++;
- }
- if ((t <= 0) && (nb->getIdentLimit() > 0)) {
- ipLretStruct.nb = nb;
- ipLretStruct.type = 'u';
- ipLretStruct.mask = userip;
- ipLretStruct.count = iitr->second;
- ipLretStruct.limit = nb->getIdentLimit();
- retList.push_back(ipLretStruct);
- }
- }
- else if (incCount) {
- //elog << "D> " << nb->ipLisp->getName() << ": nb->getLimit()=" << nb->getLimit()
- // << ", nb->ipLisp->getCount()=" << nb->ipLisp->getCount() << endl;
- int t;
- t = nb->getIdentLimit();
- if ((t <= 0) && (nb->getIdentLimit() > 0)) {
- ipLretStruct.nb = nb;
- ipLretStruct.type = 'u';
- ipLretStruct.mask = userip;
- ipLretStruct.count = 1;
- ipLretStruct.limit = nb->getIdentLimit();
- retList.push_back(ipLretStruct);
- }
- nb->ipLisp->ipLidentclonesMap.insert(ipLclonesMapType::value_type(userip, 1));
- //elog << "LIMITS DEBUG: ipLclonesMap insert for " << nb->getCidr() << " (/" << nb->getCloneCidr() << "): "
- // << m << endl;
- }
+ if (incCount) {
+ iitr->second++;
+ }
+ if ((t <= 0) && (nb->getIdentLimit() > 0)) {
+ ipLretStruct.nb = nb;
+ ipLretStruct.type = 'u';
+ ipLretStruct.mask = userip;
+ ipLretStruct.count = iitr->second;
+ ipLretStruct.limit = nb->getIdentLimit();
+ retList.push_back(ipLretStruct);
+ }
+ }
+ else if (incCount) {
+ //elog << "D> " << nb->ipLisp->getName() << ": nb->getLimit()=" << nb->getLimit()
+ // << ", nb->ipLisp->getCount()=" << nb->ipLisp->getCount() << endl;
+ int t;
+ t = nb->getIdentLimit();
+ if ((t <= 0) && (nb->getIdentLimit() > 0)) {
+ ipLretStruct.nb = nb;
+ ipLretStruct.type = 'u';
+ ipLretStruct.mask = userip;
+ ipLretStruct.count = 1;
+ ipLretStruct.limit = nb->getIdentLimit();
+ retList.push_back(ipLretStruct);
+ }
+ nb->ipLisp->ipLidentclonesMap.insert(ipLclonesMapType::value_type(userip, 1));
+ //elog << "LIMITS DEBUG: ipLclonesMap insert for " << nb->getCidr() << " (/" << nb->getCloneCidr() << "): "
+ // << m << endl;
}
}
if (incCount)