1N/A * Copyright (c) 2003 Sendmail, Inc. and its suppliers. 1N/A * All rights reserved. 1N/A * By using this file, you agree to the terms and conditions set 1N/A * forth in the LICENSE file which can be found at the top level of 1N/A * the sendmail distribution. 1N/A * Contributed by Jose Marcio Martins da Cruz - Ecole des Mines de Paris 1N/A * Jose-Marcio.Martins@ensmp.fr 1N/A/* a part of this code is based on inetd.c for which this copyright applies: */ 1N/A * Copyright (c) 1983, 1991, 1993, 1994 1N/A * The Regents of the University of California. All rights reserved. 1N/A * Redistribution and use in source and binary forms, with or without 1N/A * modification, are permitted provided that the following conditions 1N/A * 1. Redistributions of source code must retain the above copyright 1N/A * notice, this list of conditions and the following disclaimer. 1N/A * 2. Redistributions in binary form must reproduce the above copyright 1N/A * notice, this list of conditions and the following disclaimer in the 1N/A * documentation and/or other materials provided with the distribution. 1N/A * 3. All advertising materials mentioning features or use of this software 1N/A * must display the following acknowledgement: 1N/A * This product includes software developed by the University of 1N/A * California, Berkeley and its contributors. 1N/A * 4. Neither the name of the University nor the names of its contributors 1N/A * may be used to endorse or promote products derived from this software 1N/A * without specific prior written permission. 1N/A * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 1N/A * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1N/A * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1N/A * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 1N/A * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 1N/A * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 1N/A * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 1N/A * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 1N/A * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 1N/A * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 1N/A** stuff included - given some warnings (inet_ntoa) 1N/A** - surely not everything is needed 1N/A#
endif /* NETINET || NETINET6 */ 1N/A#
endif /* HASH_ALG */ 1N/A#
endif /* RATECTL_DEBUG */ 1N/A/* forward declarations */ 1N/A** CONNECTION_RATE_CHECK - updates connection history data 1N/A** and computes connection rate for the given host 1N/A** hostaddr -- ip address of smtp client 1N/A** updates connection history 1N/A** For each connection, this call shall be 1N/A** done only once with the value true for the 1N/A** Typically, this call is done with the value 1N/A** true by the father, and once again with 1N/A** the value false by the children. 1N/A#
endif /* RATECTL_DEBUG */ 1N/A /* update server connection rate */ 1N/A#
endif /* RATECTL_DEBUG */ 1N/A /* update client connection rate */ 1N/A** Data declarations needed to evaluate connection rate 1N/A/* this should be a power of 2, otherwise CPMHMASK doesn't work well */ 1N/A#
endif /* CPMHSIZE */ 1N/A#
endif /* MAX_CT_STEPS */ 1N/A** time granularity: 10s (that's one "tick") 1N/A** before being used the first time 1N/A/* Number of connections for a certain "tick" */ 1N/A#
else /* NETINET6 && NETINET */ 1N/A#
else /* NETINET6 */ 1N/A#
endif /* NETINET6 */ 1N/A#
endif /* NETINET6 && NETINET */ 1N/A /* 6 buckets for ticks: 60s */ 1N/A** CLIENT_RATE - Evaluate connection rate per smtp client 1N/A** now - current time in secs 1N/A** saddr - client address 1N/A** update - update data / check only 1N/A** connection rate (connections / ConnectionRateWindowSize) 1N/A** update static global data 1N/A#
endif /* HASH_ALG != 1 */ 1N/A#
endif /* NETINET6 */ 1N/A /* should not happen */ 1N/A /* compute hash value */ 1N/A hv ^= (d<<
14) + (d<<
7) + (d<<
4) + d;
1N/A#
else /* HASH_ALG == 1 */ 1N/A#
endif /* HASH_ALG == 1 */ 1N/A#
endif /* NETINET6 */ 1N/A /* Let's update data... */ 1N/A ** increment the number of collisions last 1N/A ** CollTime for this client 1N/A ** Maybe shall log if collision rate is too high... 1N/A ** and take measures to resize tables 1N/A ** if this is the case 1N/A ** If it's not a match, then replace the data. 1N/A ** Note: this purges the history of a colliding entry, 1N/A ** which may cause "overruns", i.e., if two entries are 1N/A ** "cancelling" each other out, then they may exceed 1N/A ** the limits that are set. This might be mitigated a bit 1N/A ** by the above "best of 5" function however. 1N/A ** Alternative approach: just use the old data, which may 1N/A ** cause false positives however. 1N/A ** To activate this, change deactivate following memset call. 1N/A#
endif /* NETINET6 */ 1N/A /* Now let's count connections on the window */ 1N/A "cln: cnt=(%d), CHTSIZE=(%d), ChtGran=(%d)",
1N/A#
endif /* RATECTL_DEBUG */ 1N/A** TOTAL_RATE - Evaluate global connection rate 1N/A** now - current time in secs 1N/A** update - update data / check only 1N/A** connection rate (connections / ConnectionRateWindowSize) 1N/A /* Let's update data */ 1N/A /* Let's count connections on the window */ 1N/A "srv: cnt=(%d), CHTSIZE=(%d), ChtGran=(%d)",
1N/A#
endif /* RATECTL_DEBUG */