Mercurial > prosody-modules
annotate mod_c2s_conn_throttle/mod_c2s_conn_throttle.lua @ 737:e4ea03b060ed
mod_archive: switch from/to
The XEP-0136 is not very explicit about the meening of <from> and <to>
elements, but the examples are clear: <from> means it comes from the user in
the 'with' attribute of the collection.
That is the opposite of what is currently implemented in that module.
So for better compatibility with complient clients, this switch the 'from' and
'to' fields
| author | Olivier Goffart <ogoffart@woboq.com> |
|---|---|
| date | Wed, 04 Jul 2012 14:08:43 +0200 |
| parents | 15763c1d085c |
| children | 9eefbaba274d |
| rev | line source |
|---|---|
|
612
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
1 -- Clients Connection Throttler. |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
2 -- Usage: |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
3 -- Add the module into modules loaded into the virtual host section |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
4 -- |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
5 -- cthrottler_logins_count = 3 -> number of logins attempt allowed |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
6 -- cthrottler_time = 120 -> in x seconds |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
7 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
8 local time = os.time |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
9 local in_count = {} |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
10 local logins_count = module:get_option_number("cthrottler_logins_count", 3) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
11 local throttle_time = module:get_option_number("cthrottler_time", 60) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
12 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
13 local function handle_sessions(event) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
14 local session = event.origin |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
15 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
16 if not in_count[session.ip] and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
17 in_count[session.ip] = { t = time(), c = 1 } |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
18 elseif in_count[session.ip] and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
19 if in_count[session.ip].starttls_c then in_count[session.ip].c = in_count[session.ip].starttls_c else in_count[session.ip].c = in_count[session.ip].c + 1 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
20 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
21 if in_count[session.ip].c > logins_count and time() - in_count[session.ip].t < throttle_time then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
22 module:log("error", "Exceeded login count for %s, closing connection", session.ip) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
23 session:close{ condition = "policy-violation", text = "You exceeded the number of connections/logins allowed in "..throttle_time.." seconds, good bye." } |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
24 return true |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
25 elseif time() - in_count[session.ip].t > throttle_time then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
26 in_count[session.ip] = nil ; return |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
27 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
28 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
29 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
30 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
31 local function check_starttls(event) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
32 local session = event.origin |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
33 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
34 if in_count[session.ip] and type(in_count[session.ip].starttls_c) ~= "number" and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
35 in_count[session.ip].starttls_c = 1 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
36 elseif in_count[session.ip] and type(in_count[session.ip].starttls_c) == "number" and session.type == "c2s_unauthed" then |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
37 in_count[session.ip].starttls_c = in_count[session.ip].starttls_c + 1 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
38 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
39 end |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
40 |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
41 module:hook("stream-features", handle_sessions, 100) |
|
15763c1d085c
mod_c2s_conn_throttle: renamed mod_c2s_auth_throttle, hooks at features and takes in account stream renegotiation.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
42 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", check_starttls, 100) |