From b8f002eaf51a9358fedc591b552856f1014674c4 Mon Sep 17 00:00:00 2001
From: Přemysl Janouch
Date: Sun, 10 Aug 2014 02:22:52 +0200
Subject: kike: add a trivial flood detector
---
kike.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
diff --git a/kike.c b/kike.c
index c390715..32be85c 100644
--- a/kike.c
+++ b/kike.c
@@ -92,6 +92,49 @@ setup_signal_handlers (void)
exit_fatal ("%s: %s", "sigaction", strerror (errno));
}
+// --- Rate limiter ------------------------------------------------------------
+
+struct flood_detector
+{
+ unsigned interval; ///< Interval for the limit
+ unsigned limit; ///< Maximum number of events allowed
+
+ time_t *timestamps; ///< Timestamps of last events
+ unsigned pos; ///< Index of the oldest event
+};
+
+static void
+flood_detector_init (struct flood_detector *self,
+ unsigned interval, unsigned limit)
+{
+ self->interval = interval;
+ self->limit = limit;
+ self->timestamps = xcalloc (limit + 1, sizeof *self->timestamps);
+ self->pos = 0;
+}
+
+static void
+flood_detector_free (struct flood_detector *self)
+{
+ free (self->timestamps);
+}
+
+static bool
+flood_detector_check (struct flood_detector *self)
+{
+ time_t now = time (NULL);
+ self->timestamps[self->pos++] = now;
+ if (self->pos > self->limit)
+ self->pos = 0;
+
+ time_t begin = now - self->interval;
+ size_t count = 0;
+ for (size_t i = 0; i <= self->limit; i++)
+ if (self->timestamps[i] >= begin)
+ count++;
+ return count <= self->limit;
+}
+
// --- IRC token validation ----------------------------------------------------
// Use the enum only if applicable and a simple boolean isn't sufficient.
@@ -277,6 +320,7 @@ struct client
unsigned mode; ///< User's mode
char *away_message; ///< Away message
time_t last_active; ///< Last PRIVMSG, to get idle time
+ struct flood_detector antiflood; ///< Flood detector
};
static void
@@ -287,6 +331,8 @@ client_init (struct client *self)
self->socket_fd = -1;
str_init (&self->read_buffer);
str_init (&self->write_buffer);
+ // TODO: make this configurable and more fine-grained
+ flood_detector_init (&self->antiflood, 10, 20);
}
static void
@@ -306,6 +352,7 @@ client_free (struct client *self)
free (self->hostname);
free (self->away_message);
+ flood_detector_free (&self->antiflood);
}
static void client_close_link (struct client *, const char *);
@@ -2299,6 +2346,12 @@ irc_process_message (const struct irc_message *msg,
if (c->closing_link)
return;
+ if (!flood_detector_check (&c->antiflood))
+ {
+ client_close_link (c, "Excess flood");
+ return;
+ }
+
struct irc_command *cmd = str_map_find (&c->ctx->handlers, msg->command);
if (!cmd)
irc_send_reply (c, IRC_ERR_UNKNOWNCOMMAND, msg->command);
--
cgit v1.2.3-70-g09d2