trusts: Throttle trusted clients if they disconnect too soon.

--HG--
branch : throttle

diff --git a/trusts/trusts.h b/trusts/trusts.h
index bbaa9b6ce449c0f220caa11c65823e7684247d57..88190a82b4b3ac85ec9b115b294af1aec2aedd49 100644 (file)
--- a/trusts/trusts.h
+++ b/trusts/trusts.h
@@ -51,6 +51,8 @@
 #define TRUST_MIN_UNPRIVILEGED_NODEBITS_IPV4 (96 + 24)
 #define TRUST_MIN_UNPRIVILEGED_NODEBITS_IPV6 48
 
+#define TRUST_MIN_TIME_RETHROTTLE 120
+
 struct trustmigration;
 
 struct trusthost;

diff --git a/trusts/trusts_policy.c b/trusts/trusts_policy.c
index fba1c4cfc09ebb6cb18c36473abc1db540a8a597..71c49a99cbcb258d6199de8099b2ee0b83953473 100644 (file)
--- a/trusts/trusts_policy.c
+++ b/trusts/trusts_policy.c
@@ -482,15 +482,16 @@ static void policycheck_irc(int hooknum, void *arg) {
   nick *np = args[0];
   long moving = (long)args[1];
   char message[512];
-  int verdict;
+  int verdict, unthrottle;
   struct irc_in_addr ipaddress_canonical;
+  trustsocket *ts;
 
   if(moving)
     return;
 
   ip_canonicalize_tunnel(&ipaddress_canonical, &np->ipaddress);
 
-  verdict = checkconnectionth(np->ident, &ipaddress_canonical, gettrusthost(np), hooknum, 0, message, sizeof(message), NULL);
+  verdict = checkconnectionth(np->ident, &ipaddress_canonical, gettrusthost(np), hooknum, 0, message, sizeof(message), &unthrottle);
     
   if(!enforcepolicy_irc)
     verdict = POLICY_SUCCESS;
@@ -506,6 +507,11 @@ static void policycheck_irc(int hooknum, void *arg) {
       glinebynick(np, POLICY_GLINE_DURATION, message, GLINE_ALWAYS_USER|GLINE_IGNORE_TRUST, "trusts_policy");
       break;
   }
+
+  if (unthrottle && hooknum == HOOK_NICK_LOSTNICK && np->timestamp > getnettime() - TRUST_MIN_TIME_RETHROTTLE) {
+    for (ts = tslist; ts; ts = ts->next)
+      trustdowrite(ts, "THROTTLE %s", IPtostr(np->ipaddress));
+  }
 }
 
 static int trusts_cmdtrustpolicyirc(void *source, int cargc, char **cargv) {