#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
+#include <netinet/tcp.h>
#ifndef __USE_MISC
#define __USE_MISC /* inet_aton */
time_t timeout;
int accepted;
int rejected;
+ int unthrottled;
struct trustsocket *next;
} trustsocket;
snprintf(message, messagelen, "Trust has %d out of %d allowed connections.", tg->count + usercountadjustment, tg->trustedfor);
if(unthrottle && (tg->flags & TRUST_UNTHROTTLE))
- *unthrottle = 1; /* TODO: Do _some_ kind of rate-limiting */
+ *unthrottle = 1;
return POLICY_SUCCESS;
}
int verdict, unthrottle;
struct irc_in_addr ipaddress;
unsigned char bits;
- trustsocket *ts;
-
+
if(!ipmask_parse(host, &ipaddress, &bits)) {
sock->accepted++;
return trustdowrite(sock, "PASS %s", sequence_id);
sock->accepted++;
if (unthrottle) {
- for (ts = tslist; ts; ts = ts->next)
- trustdowrite(ts, "UNTHROTTLE %s", IPtostr(ipaddress));
+ sock->unthrottled++;
+ trustdowrite(sock, "UNTHROTTLE %s", sequence_id);
}
if(message[0])
return;
}
- pnext = &tslist;
-
- for(ts=*pnext;*pnext;pnext=&((*pnext)->next)) {
+ for(pnext=&tslist;*pnext;pnext=&((*pnext)->next)) {
+ ts=*pnext;
if(ts == sock) {
*pnext = sock->next;
trustfreeconnection(sock, 0);
unsigned char digest[16];
char noncehexbuf[NONCELEN * 2 + 1];
char hexbuf[sizeof(digest) * 2 + 1];
+ trustsocket *ts, **pnext;
for(i=0;i<MAXSERVERS;i++) {
if(trustaccounts[i].used && strcmp(trustaccounts[i].server, server_name) == 0) {
return trustkillconnection(sock, "Bad MAC.");
}
+ for(pnext=&tslist;*pnext;pnext=&((*pnext)->next)) {
+ ts = *pnext;
+ if(ts->authed && strcmp(ts->authuser, server_name) == 0) {
+ trustkillconnection(ts, "New connection with same server name.");
+ *pnext = ts->next;
+ trustfreeconnection(ts, 0);
+ break;
+ }
+ }
+
sock->authed = 1;
strncpy(sock->authuser, server_name, SERVERLEN);
time_t t = time(NULL);
trustsocket **pnext, *sock;
- pnext = &tslist;
-
- for(sock=*pnext;*pnext;pnext=&((*pnext)->next)) {
+ for(pnext=&tslist;*pnext;pnext=&((*pnext)->next)) {
+ sock = *pnext;
if(!sock->authed && t >= sock->timeout) {
trustkillconnection(sock, "Auth timeout.");
*pnext = sock->next;
if(events & POLLIN) {
trustsocket *sock;
char buf[NONCELEN * 2 + 1];
+ int optval;
int newfd = accept(fd, NULL, NULL), flags;
if(newfd == -1)
return;
}
+ optval = 1;
+ setsockopt(newfd, SOL_SOCKET, SO_KEEPALIVE, &optval, sizeof(optval));
+ optval = 10;
+ setsockopt(newfd, IPPROTO_TCP, TCP_KEEPIDLE, &optval, sizeof(optval));
+ optval = 3;
+ setsockopt(newfd, IPPROTO_TCP, TCP_KEEPCNT, &optval, sizeof(optval));
+ optval = 10;
+ setsockopt(newfd, IPPROTO_TCP, TCP_KEEPINTVL, &optval, sizeof(optval));
+
registerhandler(newfd, POLLIN|POLLERR|POLLHUP, processtrustclient);
sock = nsmalloc(POOL_TRUSTS, sizeof(trustsocket));
sock->timeout = time(NULL) + 30;
sock->accepted = 0;
sock->rejected = 0;
+ sock->unthrottled = 0;
if(!trustdowrite(sock, "AUTH %s", hmac_printhex(sock->nonce, buf, NONCELEN))) {
Error("trusts_policy", ERR_WARNING, "Error writing auth to fd %d.", newfd);
deregisterhandler(newfd, 1);
long moving = (long)args[1];
char message[512];
int verdict, unthrottle;
- trustsocket *ts;
if(moving)
return;
break;
}
- if (unthrottle && hooknum == HOOK_NICK_LOSTNICK && np->timestamp > getnettime() - TRUST_MIN_TIME_RETHROTTLE) {
- for (ts = tslist; ts; ts = ts->next)
- trustdowrite(ts, "THROTTLE %s", IPtostr(np->ipaddress));
- }
}
static int trusts_cmdtrustpolicyirc(void *source, int cargc, char **cargv) {
time(&now);
- controlreply(sender, "Server Connected for Accepted Rejected");
+ controlreply(sender, "Server Connected for Accepted Rejected Unthrottled");
for(sock=tslist;sock;sock=sock->next)
- controlreply(sender, "%-35s %-20s %-15d %-15d", sock->authed?sock->authuser:"<unauthenticated connection>", longtoduration(now - sock->connected, 0), sock->accepted, sock->rejected);
+ controlreply(sender, "%-35s %-20s %-15d %-15d %-15d", sock->authed?sock->authuser:"<unauthenticated connection>", longtoduration(now - sock->connected, 0), sock->accepted, sock->rejected, sock->unthrottled);
controlreply(sender, "-- End of list.");
return CMD_OK;