View Issue Details

IDProjectCategoryView StatusLast Update
0005088unrealircdpublic2018-09-02 11:41
ReporterKnuXAssigned Tosyzop 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformUbuntuOSLinuxOS VersionTrusty
Product Version4.0.17 
Target Version4.2.0Fixed in Version4.2.0 
Summary0005088: Allow webirc gateway's IP to bypass max-unknown-connection-per-ip limit
DescriptionHi,

We have a large amount of users connected from webirc gateway. We run this gateway on the same server as the ircd.

When we restart the gateway, we exceed the max-unknown-connection-per-ip limit because users are trying to reconnect in the same time and at this step they all have the 127.0.0.1 IP.

ERROR :Closing Link: [127.0.0.1] (Too many unknown connections from your IP)

Since it's probably a bad idea to globally increase this limit, is it possible to whitelist ips or masks defines in the webirc {} blocks or doing the same as except throttle {} ?
TagsNo tags attached.
3rd party modules

Activities

syzop

2018-04-19 20:08

administrator   ~0020094

Yes, I agree.

syzop

2018-07-14 16:46

administrator   ~0020204

Doing it automagically for webirc is not such a good idea as it may contain wildcards and any authentication has not happened yet at that point.

So, let's add something similar to 'except throttle' but for this.

syzop

2018-07-14 16:46

administrator   ~0020205

Target for 4.0.19.

syzop

2018-09-02 11:32

administrator   ~0020246

Last edited: 2018-09-02 11:32

View 2 revisions

I was thinking about a good name but then actually thinking more about this:
Is there a situation where you'd want to except the unknown connection limit but not except throttle (or vice versa)? I can't think of any.
We could just use the 'except throttle' host list for this as well... after all this is also some kind of throttling :)

syzop

2018-09-02 11:40

administrator   ~0020247

Last edited: 2018-09-02 11:41

View 4 revisions

Added in 4.0.19, https://github.com/unrealircd/unrealircd/commit/883a5fe4135d09e82a7365b6aa51ffb57bc1a5bc

commit 883a5fe4135d09e82a7365b6aa51ffb57bc1a5bc (HEAD -> unreal40, origin/unreal40, origin/HEAD)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Sun Sep 2 11:40:15 2018 +0200

    * The except throttle { } block now also overrides any limitations from
      set::max-unknown-connection-per-ip. Useful for WEBIRC/cgiirc gateways.
    Reported by KnuX https://bugs.unrealircd.org/view.php?id=5088

Issue History

Date Modified Username Field Change
2018-04-19 14:41 KnuX New Issue
2018-04-19 20:08 syzop Assigned To => syzop
2018-04-19 20:08 syzop Status new => acknowledged
2018-04-19 20:08 syzop Note Added: 0020094
2018-07-14 16:46 syzop Target Version => 4.2.0
2018-07-14 16:46 syzop Note Added: 0020204
2018-07-14 16:46 syzop Note Added: 0020205
2018-07-14 16:46 syzop Sticky Issue No => Yes
2018-09-02 11:32 syzop Note Added: 0020246
2018-09-02 11:32 syzop Note Edited: 0020246 View Revisions
2018-09-02 11:40 syzop Status acknowledged => resolved
2018-09-02 11:40 syzop Resolution open => fixed
2018-09-02 11:40 syzop Fixed in Version => 4.2.0
2018-09-02 11:40 syzop Note Added: 0020247
2018-09-02 11:41 syzop Note Edited: 0020247 View Revisions
2018-09-02 11:41 syzop Note Edited: 0020247 View Revisions
2018-09-02 11:41 syzop Note Edited: 0020247 View Revisions