Mercurial > thymian
annotate server/flood_check.h @ 0:a4671277546c tip
created the repository for the thymian project
| author | ferencd |
|---|---|
| date | Tue, 17 Aug 2021 11:19:54 +0200 |
| parents | |
| children |
| rev | line source |
|---|---|
| ferencd@0 | 1 #ifndef FLOOD_CHECK |
| ferencd@0 | 2 #define FLOOD_CHECK |
| ferencd@0 | 3 |
| ferencd@0 | 4 #include <string> |
| ferencd@0 | 5 #include <map> |
| ferencd@0 | 6 #include <chrono> |
| ferencd@0 | 7 #include <mutex> |
| ferencd@0 | 8 |
| ferencd@0 | 9 /** |
| ferencd@0 | 10 * @brief The flood_check class will check if there is a flood attempt from some specific |
| ferencd@0 | 11 * IP. The following is the method: If it can identify that in a given second a given IP |
| ferencd@0 | 12 * has tried more than 100 (configurable) requests it will reject the requests without |
| ferencd@0 | 13 * going further. |
| ferencd@0 | 14 */ |
| ferencd@0 | 15 class flood_check |
| ferencd@0 | 16 { |
| ferencd@0 | 17 public: |
| ferencd@0 | 18 |
| ferencd@0 | 19 static void attempt(std::string ip); |
| ferencd@0 | 20 |
| ferencd@0 | 21 private: |
| ferencd@0 | 22 |
| ferencd@0 | 23 static std::mutex locker; |
| ferencd@0 | 24 |
| ferencd@0 | 25 // holds the flood attempts and when they have first occured |
| ferencd@0 | 26 struct count_started |
| ferencd@0 | 27 { |
| ferencd@0 | 28 int count = 0; |
| ferencd@0 | 29 std::time_t first_time = std::chrono::duration_cast<std::chrono::seconds>(std::chrono::system_clock::now().time_since_epoch()).count(); |
| ferencd@0 | 30 }; |
| ferencd@0 | 31 |
| ferencd@0 | 32 // structures used to determine the flood rate / second |
| ferencd@0 | 33 using flood_map = std::map<std::string, int>; |
| ferencd@0 | 34 static std::map<std::time_t, flood_map> floods; |
| ferencd@0 | 35 |
| ferencd@0 | 36 // holds the flood attempts of a host. For each IP we have an attempt counter |
| ferencd@0 | 37 // how many times it tried to flood us and when the last attempt happened |
| ferencd@0 | 38 static std::map<std::string, count_started> hostd_flood; |
| ferencd@0 | 39 |
| ferencd@0 | 40 // holds the evil hosts that are flooding the system and how long they are locked out |
| ferencd@0 | 41 // the content of this map is determined based on the content of the hostd_flood |
| ferencd@0 | 42 // map. If a count from there reaches over 10 and the first_time of the |
| ferencd@0 | 43 // entry is < 1 minute then we consider the host flooding us. |
| ferencd@0 | 44 static std::map<std::string, std::time_t> rejected_hosts; |
| ferencd@0 | 45 |
| ferencd@0 | 46 // holds how many times the given host was suspended. Each suspension will give another minute to the host |
| ferencd@0 | 47 static std::map<std::string, int> suspension_times; |
| ferencd@0 | 48 }; |
| ferencd@0 | 49 |
| ferencd@0 | 50 #endif // FLOOD_CHECK |
| ferencd@0 | 51 |