New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[s->] WHOIS <nick> #715

Open
michaelortmann opened this Issue Oct 16, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@michaelortmann
Member

michaelortmann commented Oct 16, 2018

I see the following log after jumping to a server:

[23:27:34] [@] zen.localdomain 001 linux :Welcome to the AthemeNET Internet Relay Chat Network linux
[23:27:34] [!s] WHOIS linux
[23:27:34] triggering bind evnt:init_server
[23:27:34] [!m] MODE linux +i-ws
[23:27:34] [m->] MODE linux +i-ws
[23:27:34] triggered bind evnt:init_server, user 0.072ms sys 0.071ms
[23:27:34] [@] zen.localdomain 002 linux :Your host is zen.localdomain[zen.localdomain/6677], running version ircd-seven-1.1.7
[23:27:34] [@] zen.localdomain 003 linux :This server was created Sat Oct 6 2018 at 00:22:30 CEST
[23:27:34] [@] zen.localdomain 004 linux zen.localdomain ircd-seven-1.1.7 DOQRSZaghilopswz CFILMPQbcefgijklmnopqrstvz bkloveqjfI
[23:27:34] [@] zen.localdomain 005 linux CHANTYPES=&# EXCEPTS INVEX CHANMODES=eIbq,k,flj,CFLMPQcgimnprstz CHANLIMIT=&#:15 PREFIX=(ov)@+ MAXLIST=bqeI:100 MODES=4 NETWORK=AthemeNET STATUSMSG=@+ CALLERID=g CASEMAPPING=rfc1459 :are supported by this server
[23:27:34] [@] zen.localdomain 005 linux CHARSET=ascii NICKLEN=15 CHANNELLEN=50 TOPICLEN=390 DEAF=D FNC TARGMAX=NAMES:1,LIST:1,KICK:1,WHOIS:1,PRIVMSG:4,NOTICE:4,ACCEPT:,MONITOR: CLIENTVER=3.0 KNOCK CPRIVMSG CNOTICE SAFELIST :are supported by this server
[23:27:34] [@] zen.localdomain 005 linux ELIST=CTU WHOX ETRACE MONITOR=100 :are supported by this server
[23:27:34] [@] zen.localdomain 251 linux :There are 0 users and 11 invisible on 2 servers
[23:27:34] [@] zen.localdomain 255 linux :I have 2 clients and 1 servers
[23:27:34] [@] zen.localdomain 265 linux 2 2 :Current local users 2, max 2
[23:27:34] [@] zen.localdomain 266 linux 11 11 :Current global users 11, max 11
[23:27:34] [@] zen.localdomain 250 linux :Highest connection count: 3 (2 clients) (163 connections received)
[23:27:34] [@] zen.localdomain 375 linux :- zen.localdomain Message of the Day -
[23:27:34] [@] zen.localdomain 372 linux :- This is charybdis MOTD you might replace it, but if not your friends will
[23:27:34] [@] zen.localdomain 372 linux :- laugh at you.
[23:27:34] [@] zen.localdomain 376 linux :End of /MOTD command.
[23:27:34] [@] linux MODE linux :+i
[23:27:34] [!s] WHOIS linux
[23:27:40] [s->] WHOIS linux
[23:27:40] [@] zen.localdomain 311 linux linux ~linux 127.0.0.1 * :/msg linux hello
[23:27:40] [@] zen.localdomain 312 linux linux zen.localdomain :charybdis test server
[23:27:40] [@] zen.localdomain 378 linux linux :is connecting from *@127.0.0.1 127.0.0.1
[23:27:40] [@] zen.localdomain 317 linux linux 6 1539725254 :seconds idle, signon time
[23:27:40] [@] zen.localdomain 330 linux linux sasluser :is logged in as
[23:27:40] [@] zen.localdomain 318 linux linux :End of /WHOIS list.
[23:27:42] [s->] WHOIS linux
[23:27:42] [@] zen.localdomain 311 linux linux ~linux 127.0.0.1 * :/msg linux hello
[23:27:42] [@] zen.localdomain 312 linux linux zen.localdomain :charybdis test server
[23:27:42] [@] zen.localdomain 378 linux linux :is connecting from *@127.0.0.1 127.0.0.1
[23:27:42] [@] zen.localdomain 317 linux linux 8 1539725254 :seconds idle, signon time
[23:27:42] [@] zen.localdomain 330 linux linux sasluser :is logged in as
[23:27:42] [@] zen.localdomain 318 linux linux :End of /WHOIS list.

tcpdump also shows:

21:28:14.385507 IP (tos 0x2,ECT(0), ttl 64, id 64288, offset 0, flags [DF], proto TCP (6), length 65)
    127.0.0.1.39181 > 127.0.0.1.6677: Flags [P.], seq 151:164, ack 2355, win 1391, options [nop,nop,TS val 1729473739 ecr 1729467733], length 13
	0x0000:  4502 0041 fb20 4000 4006 4192 7f00 0001  E..A..@.@.A.....
	0x0010:  7f00 0001 990d 1a15 c0a7 b3ee fba7 1b75  ...............u
	0x0020:  8018 056f fe35 0000 0101 080a 6715 accb  ...o.5......g...
	0x0030:  6715 9555 5748 4f49 5320 6c69 6e75 780d  g..UWHOIS.linux.
	0x0040:  0a                                       .
[...]
21:28:16.388293 IP (tos 0x2,ECT(0), ttl 64, id 64294, offset 0, flags [DF], proto TCP (6), length 65)
    127.0.0.1.39181 > 127.0.0.1.6677: Flags [P.], seq 164:177, ack 2704, win 1391, options [nop,nop,TS val 1729475742 ecr 1729473739], length 13
	0x0000:  4502 0041 fb26 4000 4006 418c 7f00 0001  E..A.&@.@.A.....
	0x0010:  7f00 0001 990d 1a15 c0a7 b3fb fba7 1cd2  ................
	0x0020:  8018 056f fe35 0000 0101 080a 6715 b49e  ...o.5......g...
	0x0030:  6715 accb 5748 4f49 5320 6c69 6e75 780d  g...WHOIS.linux.
	0x0040:  0a                                       .

OK, eggdrop is double queing here, but lets analyze.

eggdrop.conf default setting:

# Allow identical messages in the mode queue?                                    
set double-mode 1 

thats fine. we dont want to change it.

if we lookinto servmsg.c a WHOIS is put into queue after 001, OK

another one after gotmode to uncloak a potentially cloaked host.

when gotmode happens, we cant check if the mode really cloaked os, we dont know the flags.

Now, what i propose is:
https://github.com/eggheads/eggdrop/blob/develop/src/mod/server.mod/servmsg.c#L966
here we need to check if there already/still a whois in the queue
the one stuffed in after 001 may still be in here, and this is the case as shown in the log.
which means, eggdrop will be sending one, regardless if we tell it again to do so or not,
its a machine, it wont forget,
so we don't put a second one in in this case.

Draft fix:
https://github.com/eggheads/eggdrop/blob/develop/src/mod/server.mod/server.c#L869
should be put into a separate function, to detect if an element is already queued
then we can call the new function from within
https://github.com/eggheads/eggdrop/blob/develop/src/mod/server.mod/servmsg.c#L966
and only queue the whois if none is in.

This would leave eggdrop to still execure the 001 whoid, to still catch every potential cloak mode and to issue new whois whenever is need.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment