dgl [Tue, 12 Nov 2002 08:40:57 +0000 (08:40 +0000)]
Serious bug fix. Due to a lack of checking some messages would be
treated as server notices when in fact they came from user input.
This can result in a user being able to scan any host or possibily
cause bopm to segfault.
dgl [Fri, 1 Nov 2002 10:26:42 +0000 (10:26 +0000)]
Removed u_char so _BSD_SOURCE doesn't have to be defined in some cases.
(Namely running bopm under dietlibc - the static file is smaller than a
dynamic file from glibc :)).
dgl [Thu, 24 Oct 2002 20:18:47 +0000 (20:18 +0000)]
scan:
- HTTP Post proxies are now scanned
- Code to not connect to a port more than once and won't try again if
it's closed (probably helps with limited connections too)
This adds a stage field into the protocol struct:
0 = scan first time
1 = scan second time only if port is open.
andy [Fri, 6 Sep 2002 09:28:56 +0000 (09:28 +0000)]
bopm.conf.sample:
Some people STILL don't get what BINDIRC and BINDSCAN do and like
to invent IP addresses to put there, then wonder why it does not
work.
andy [Fri, 23 Aug 2002 05:42:15 +0000 (05:42 +0000)]
src/negcache.[ch]:
Implementation of a patricia trie for storing IP addresses and
timestamps. This data structure will allow searches for nodes
with only log_2 N bit comparisons where N is the current number of
nodes. It also only requires as many nodes as there are IP
addresses to store.
Each node stores a key (the IP address), a timestamp, the bit
index, and left and right branches. The bit index is what makes
this different from a radix search tree, it tells us at which bit
this node's key differs from those above it in the trie.
Properties of the trie:
1) The bit index always decreases as we follow the tree from the head
to an external node.
2) Each branch of an external node points to the only node that can
contain keys that match the bit pattern. All searches terminate
at external nodes.
3) When trying to search for a bit pattern that is not present in the
tree, you will hit an external node at the place where your bit
pattern first deviates from all current nodes. You can tell this
has happened because the next node's bit index will be larger than
the current, which would be contrary to point (1).
4) Because the bit increments in each node store information about
where each node's bit pattern differs from all others in the tree,
extra nodes are not needed - unlike in a radix tree.
5) As for a radix tree, a patricia trie will always end up the
same no matter what order the nodes are inserted.
andy [Fri, 23 Aug 2002 04:41:24 +0000 (04:41 +0000)]
src/scan.c:
scans_active_for_addr() - walk the scan list and check if there are
any other scans in progress for a given IP address (as specified in
dot quad format).
When a scan fails and negative caching is enabled, check if there
are other scans in progress for the same address. If not, all
scans have failed and an entry should be added in the negcache.
Walking the list after every scan seems inefficient but I can't see
any other way to tell if there are no more scans active. So, at
the moment this is a good reason for not using negative caching.
andy [Fri, 23 Aug 2002 04:28:00 +0000 (04:28 +0000)]
src/main.c:
Periodically rebuild the negcache (if enabled) to remove entries
that are too old. Note that even though this might only happen
every 12 hours or so, old entries are ignored by nc_search()
anyway. This is just to free up some memory.
andy [Fri, 23 Aug 2002 04:17:31 +0000 (04:17 +0000)]
src/irc.c:
Upon connection to the IRC server, initialise our negative cache
(if negative caching is enabled).
When a user connection is detected, search for their IP in our
negative cache (if negative caching is enabled). If it is present,
say so in the logfile and don't bother to scan them.
Note that negative caching is only implemented for IPv4 at the
moment -- shouldn't be hard to extend it to IPv6 though.
andy [Fri, 23 Aug 2002 04:08:47 +0000 (04:08 +0000)]
bopm.conf.sample:
Documentation for new NEG_CACHE directive which determines how long
to cache negative results for (if at all). WE DO NOT RECOMMEND THE
USE OF NEGATIVE CACHING!
andy [Thu, 15 Aug 2002 17:16:16 +0000 (17:16 +0000)]
README:
Added a requirements section, specifically something about transparent
proxies. This has been mentioned on the lists before but should
probably be in the README since we have just discovered a host whose
BOPM K:lined 100% of users due to it being behind a transparent web
proxy. (!)
src/config/h:
Added new config directive type, TYPE_WILDLIST. This will be like a
linked list, but specifically for wildcards (which is the only use we
had for lists before now). They are special because they a) need
wildcards collapsed and b) don't allow duplicate wildcards.
Normal linked lists will be of TYPE_LIST.
src/config.c:
Rewrote add_to_list() and general linked list implementation as we
believe it has never worked.
Added CONF_SCAN_WARNING to hold linked list of notices from the
SCAN_WARNING config directive.
New linked list code needs an init_lists() function to allocate the
heads of all linked lists.
src/extern.h:
Added CONF_SCAN_WARNING.
src/irc.c:
Updated CONF_EXCLUDE code to match new linked list implementation.
Removed some left over debug code.
src/main.c:
Added a new function, scanwarn_timer(), in the alarm loop. This
function will get called once a second and will empty the notice
queue (described later).
src/options.h:
Added option for how many notices to send per second.
src/dlclist.[ch]:
Implementation of generic doubly-linked circular lists.
src/scanwarn.[ch]:
Maintain a queue of pending notices to be sent regarding scanning.
A doubly-linked circular list is used as a queue, new notices added
after the head and removed from before the head.
andy [Sat, 10 Aug 2002 19:07:39 +0000 (19:07 +0000)]
src/opercmd.c:
Stupidly missed a parameter off the format, which causes segfault
when a command expires (virtually never, in practice). Also got
the args to dissect_time wrong!
andy [Fri, 2 Aug 2002 19:38:30 +0000 (19:38 +0000)]
Apparently this just was not obvious enough, nicks changed to protect the
stupid:
<User> [Aug 02 19:16:23 2002] MAIN -> BOPM 2.3 started.
<User> [Aug 02 19:16:23 2002] MAIN -> Reading configuration file...
<User> [Aug 02 19:16:24 2002] IRC -> connect(): Unknown error connecting to (some.random.net)
<User> then it just ends =\
<grifferz> [andy@fullers services]$ telnet some.random.net 6667
<grifferz> Trying 4.5.6.7...
<grifferz> no response
<User> yea
<User> thats not real
<User> wait
<User> that might be why
<User> hang on
<grifferz> how did you expect it to work then?
<grifferz> ...
<User> u should make it more clear
andy [Sun, 26 May 2002 05:07:31 +0000 (05:07 +0000)]
src/main.c:
Remove option '-v' which used to be for changing the "vardir" where
config and log would go. This is now controlled by ./configure
settings.
andy [Sat, 25 May 2002 15:19:12 +0000 (15:19 +0000)]
irc.c:
Oper up after doing the other "on connect" things in an attempt to
play nice with some starnge ircd that wants all opers to be
identified to their nick first..
andy [Tue, 30 Apr 2002 23:24:38 +0000 (23:24 +0000)]
opercmd.c:
Reformatting.
opercmd.h:
Reformatting, moved some global variable declarations to opercmd.c
irc.c:
Needed an extern to get access to LAST_REAP_TIME.