author | Matthew Wild <mwild1@gmail.com> |
Fri, 23 Sep 2022 22:40:54 +0100 | |
changeset 5057 | 00e8cc6860cb |
parent 3545 | 4d8a68557941 |
permissions | -rw-r--r-- |
2086
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 |
local st = require"util.stanza"; |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
local jid_split = require "util.jid".split; |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
local jid_bare = require "util.jid".bare; |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
local is_contact_subscribed = require "core.rostermanager".is_contact_subscribed; |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 |
local throttle = require "util.throttle"; |
2124
f6dcfe263b85
mod_throttle_unsolicited: Mark sessions so they can be matched with 'ORIGIN_MARKED: throttle_unsolicited' by mod_firewall
Kim Alvefur <zash@zash.se>
parents:
2086
diff
changeset
|
6 |
local gettime = require "socket".gettime; |
2086
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
|
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 |
local max = module:get_option_number("unsolicited_messages_per_minute", 10); |
2328
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
9 |
local s2s_max = module:get_option_number("unsolicited_s2s_messages_per_minute"); |
2086
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
local multiplier = module:get_option_number("throttle_unsolicited_burst", 1); |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 |
|
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
function check_subscribed(event) |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
local stanza, origin = event.stanza, event.origin; |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 |
local log = origin.log or module._log; |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 |
if stanza.attr.type == "error" then return end |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 |
|
2146
d6fbb57a216c
mod_throttle_unsolicited: Skip checking messages to self
Kim Alvefur <zash@zash.se>
parents:
2124
diff
changeset
|
17 |
local to_orig = stanza.attr.to; |
d6fbb57a216c
mod_throttle_unsolicited: Skip checking messages to self
Kim Alvefur <zash@zash.se>
parents:
2124
diff
changeset
|
18 |
if to_orig == nil or to_orig == origin.full_jid then return end -- to self |
d6fbb57a216c
mod_throttle_unsolicited: Skip checking messages to self
Kim Alvefur <zash@zash.se>
parents:
2124
diff
changeset
|
19 |
|
d6fbb57a216c
mod_throttle_unsolicited: Skip checking messages to self
Kim Alvefur <zash@zash.se>
parents:
2124
diff
changeset
|
20 |
local to_bare = jid_bare(to_orig); |
d6fbb57a216c
mod_throttle_unsolicited: Skip checking messages to self
Kim Alvefur <zash@zash.se>
parents:
2124
diff
changeset
|
21 |
local from_jid = jid_bare(stanza.attr.from); |
d6fbb57a216c
mod_throttle_unsolicited: Skip checking messages to self
Kim Alvefur <zash@zash.se>
parents:
2124
diff
changeset
|
22 |
if to_bare == from_jid then return end -- to own resource |
d6fbb57a216c
mod_throttle_unsolicited: Skip checking messages to self
Kim Alvefur <zash@zash.se>
parents:
2124
diff
changeset
|
23 |
|
2086
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 |
-- Check if it's a message to a joined room |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
25 |
local rooms = origin.rooms_joined; |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 |
if rooms and rooms[to_bare] then |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 |
return |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 |
end |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 |
|
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
-- Retrieve or create throttle object |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
31 |
local lim = origin.throttle_unsolicited; |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
if not lim then |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 |
lim = throttle.create(max * multiplier, 60 * multiplier); |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
origin.throttle_unsolicited = lim; |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
end |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 |
|
2146
d6fbb57a216c
mod_throttle_unsolicited: Skip checking messages to self
Kim Alvefur <zash@zash.se>
parents:
2124
diff
changeset
|
37 |
local to_user, to_host = jid_split(to_orig); |
2086
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 |
if to_user and not is_contact_subscribed(to_user, to_host, from_jid) then |
3545
4d8a68557941
mod_throttle_unsolicited: reduce debug logs, rename firewall mark
Georg Lukas <georg@op-co.de>
parents:
2365
diff
changeset
|
39 |
log("debug", "[unsolicited] %s is not subscribed to %s@%s", from_jid, to_user, to_host); |
2086
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
40 |
if not lim:poll(1) then |
3545
4d8a68557941
mod_throttle_unsolicited: reduce debug logs, rename firewall mark
Georg Lukas <georg@op-co.de>
parents:
2365
diff
changeset
|
41 |
log("warn", "[unsolicited] Sent too many messages to non-contacts, bouncing message"); |
4d8a68557941
mod_throttle_unsolicited: reduce debug logs, rename firewall mark
Georg Lukas <georg@op-co.de>
parents:
2365
diff
changeset
|
42 |
origin.firewall_mark_unsolicited = gettime(); |
2365
231d47e61c81
mod_throttle_unsolicited: Use existing local reference to origin
Kim Alvefur <zash@zash.se>
parents:
2328
diff
changeset
|
43 |
origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); |
2086
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
44 |
return true; |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
45 |
end |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
end |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 |
end |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
|
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
49 |
module:hook("pre-message/bare", check_subscribed, 200); |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
module:hook("pre-message/full", check_subscribed, 200); |
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 |
|
2328
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
52 |
local full_sessions = prosody.full_sessions; |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
53 |
|
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
54 |
-- Rooms and throttle creation will differ for s2s |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
55 |
function check_subscribed_s2s(event) |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
56 |
local stanza, origin = event.stanza, event.origin; |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
57 |
local log = origin.log or module._log; |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
58 |
|
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
59 |
if origin.type ~= "s2sin" then return end |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
60 |
|
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
61 |
local to_orig = stanza.attr.to; |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
62 |
local from_orig = stanza.attr.from; |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
63 |
local from_bare = jid_bare(from_orig); |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
64 |
|
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
65 |
local target = full_sessions[to_orig]; |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
66 |
if target then |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
67 |
local rooms = target.rooms_joined; |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
68 |
if rooms and rooms[from_bare] then |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
69 |
log("debug", "Message to joined room, no limit"); |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
70 |
return |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
71 |
end |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
72 |
end |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
73 |
|
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
74 |
-- Retrieve or create throttle object |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
75 |
local lim = origin.throttle_unsolicited; |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
76 |
if not lim then |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
77 |
log("debug", "New s2s throttle"); |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
78 |
lim = throttle.create(s2s_max * multiplier, 60 * multiplier); |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
79 |
origin.throttle_unsolicited = lim; |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
80 |
end |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
81 |
|
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
82 |
return check_subscribed(event); |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
83 |
end |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
84 |
|
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
85 |
if s2s_max then |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
86 |
module:hook("message/bare", check_subscribed_s2s, 200); |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
87 |
module:hook("message/full", check_subscribed_s2s, 200); |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
88 |
end |
1424aa8877f0
mod_throttle_unsolicited: Add support for throttling unsolicited messages on incoming s2s connections
Kim Alvefur <zash@zash.se>
parents:
2147
diff
changeset
|
89 |
|
2086
163d55777ad5
mod_throttle_unsolicited: Limit rate of unsolicited messages sent to non-contacts
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
90 |
module:depends("track_muc_joins"); |