Add autobanSuccessfulConnections flag. #4087
Conversation
|
Will fix! What does prefix my commit message mean? |
|
Oh, I think I see what you're talking about from one of your commit messages. I'll try to emulate that! |
|
Just add a Prefix to your commit message like so: This makes it easier for us if we need to process commits programmatically as we can then find out which parts of the code was modified. |
|
Looks good now. I'll have to use my real pc tomorrow though to have a deeper look at the current implementation to verify that this fits in nicely :) |
|
Thanks! |
|
For your reference tomorrow, I think the ban logic all lives here: https://github.com/mumble-voip/mumble/blob/master/src/murmur/Meta.cpp#L750. Seems like Meta keeps track of a hash table from client IP to a list of timers representing how long ago they tried to connect. |
The idea here is that sometimes you really do have a lot of folks connecting from a single IP, and if those connections are successful you don't want to ban any of them. However, in cases where the server needs to guard against malicious users attempting a DDOS by reconnecting their valid user account over and over, we need to be able to configure the server to still ban those successful attempts.
Instead, we'll turn off the autoban feature if either are negative.
The idea here is that sometimes you really do have a lot of folks connecting from a single IP,
and if those connections are successful you don't want to ban any of them.
However, in cases where the server needs to guard against malicious users attempting a DDOS
by reconnecting their valid user account over and over, we need to be able to configure the
server to still ban those successful attempts.
How does this idea sound, and how does this code look for solving it? Thanks!
Changelog