throttle.c revision c91307af2622f6625525f3c1f9c954376df950ad 
1e62c1185bee05facc25d1d725434f517261d308bChris Lattner/*	$NetBSD: throttle.c,v 1.4 2006/09/09 16:22:10 manu Exp $	*/
23da94aec4d429b2ba0f65fa040c33650cade196bMisha Brukman
301d45827a1e512f3b19ba857772bf02baa3c0c4eJohn Criswell/* Id: throttle.c,v 1.5 2006/04/05 20:54:50 manubsd Exp */
401d45827a1e512f3b19ba857772bf02baa3c0c4eJohn Criswell
53060910e290949a9ac5eda8726d030790c4d60ffChris Lattner/*
63060910e290949a9ac5eda8726d030790c4d60ffChris Lattner * Copyright (C) 2004 Emmanuel Dreyfus
73da94aec4d429b2ba0f65fa040c33650cade196bMisha Brukman * All rights reserved.
801d45827a1e512f3b19ba857772bf02baa3c0c4eJohn Criswell *
9e62c1185bee05facc25d1d725434f517261d308bChris Lattner * Redistribution and use in source and binary forms, with or without
1014d7c59491347a2f8f29e120fd75a4cad42f68e7Chris Lattner * modification, are permitted provided that the following conditions
1114d7c59491347a2f8f29e120fd75a4cad42f68e7Chris Lattner * are met:
12e62c1185bee05facc25d1d725434f517261d308bChris Lattner * 1. Redistributions of source code must retain the above copyright
13e62c1185bee05facc25d1d725434f517261d308bChris Lattner *    notice, this list of conditions and the following disclaimer.
14e62c1185bee05facc25d1d725434f517261d308bChris Lattner * 2. Redistributions in binary form must reproduce the above copyright
15e62c1185bee05facc25d1d725434f517261d308bChris Lattner *    notice, this list of conditions and the following disclaimer in the
16e62c1185bee05facc25d1d725434f517261d308bChris Lattner *    documentation and/or other materials provided with the distribution.
17e62c1185bee05facc25d1d725434f517261d308bChris Lattner * 3. Neither the name of the project nor the names of its contributors
18e62c1185bee05facc25d1d725434f517261d308bChris Lattner *    may be used to endorse or promote products derived from this software
19e62c1185bee05facc25d1d725434f517261d308bChris Lattner *    without specific prior written permission.
20e62c1185bee05facc25d1d725434f517261d308bChris Lattner *
21f5da13367f88f06e3b585dc2263ab6e9ca6c4bf8Bill Wendling * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22b5b3c6fc0147b2e59b45f7f2882c7c615bb765aeChris Lattner * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23028936ada14335bb04f377d46a6261dc4c66dafdJohn Criswell * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24d0fde30ce850b78371fd1386338350591f9ff494Brian Gaeke * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25d0fde30ce850b78371fd1386338350591f9ff494Brian Gaeke * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
267dda395004eb962cef1c1554b1e8b2ad069760e0Chris Lattner * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
277cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
287cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
297cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
307cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
317cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner * SUCH DAMAGE.
327cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner */
3340f71134b9fef0ca06c516f033cc9403394a913cChris Lattner
347cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner#include "config.h"
357cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner
367dda395004eb962cef1c1554b1e8b2ad069760e0Chris Lattner#include <stdio.h>
371fca5ff62bb2ecb5bfc8974f4dbfc56e9d3ca721Chris Lattner#include <stdlib.h>
38e62c1185bee05facc25d1d725434f517261d308bChris Lattner#include <string.h>
39e62c1185bee05facc25d1d725434f517261d308bChris Lattner#if TIME_WITH_SYS_TIME
40e62c1185bee05facc25d1d725434f517261d308bChris Lattner# include <sys/time.h>
41e62c1185bee05facc25d1d725434f517261d308bChris Lattner# include <time.h>
42e62c1185bee05facc25d1d725434f517261d308bChris Lattner#else
43e3a1d054483d6e2551a43232f2c968fc7ce523f2Chris Lattner# if HAVE_SYS_TIME_H
44e62c1185bee05facc25d1d725434f517261d308bChris Lattner#  include <sys/time.h>
45711e5d96aa648ebe96b09483d0775f3b16283e3dChris Lattner# else
46e62c1185bee05facc25d1d725434f517261d308bChris Lattner#  include <time.h>
478e9a9774eb12b5242f74b8ac5b20e0a938ec9c53Chris Lattner# endif
48b45b3b3cd14faaf5a3ea5226af7e1e3cd653e6cbChris Lattner#endif
49b45b3b3cd14faaf5a3ea5226af7e1e3cd653e6cbChris Lattner#include <sys/param.h>
50a1651900e1772b05afd2280308e9acc5a58cefb8Chris Lattner#include <sys/queue.h>
51b45b3b3cd14faaf5a3ea5226af7e1e3cd653e6cbChris Lattner#include <sys/socket.h>
521dba7abdd77e19c230f0426825a5ae4879471dccChris Lattner
537cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner#include <netinet/in.h>
547dda395004eb962cef1c1554b1e8b2ad069760e0Chris Lattner#include <resolv.h>
55e62c1185bee05facc25d1d725434f517261d308bChris Lattner
567dda395004eb962cef1c1554b1e8b2ad069760e0Chris Lattner#include "vmbuf.h"
57e62c1185bee05facc25d1d725434f517261d308bChris Lattner#include "misc.h"
58e62c1185bee05facc25d1d725434f517261d308bChris Lattner#include "plog.h"
59e62c1185bee05facc25d1d725434f517261d308bChris Lattner#include "throttle.h"
60e62c1185bee05facc25d1d725434f517261d308bChris Lattner#include "sockmisc.h"
61e62c1185bee05facc25d1d725434f517261d308bChris Lattner#include "libpfkey.h"
62e62c1185bee05facc25d1d725434f517261d308bChris Lattner#include "isakmp_var.h"
63e62c1185bee05facc25d1d725434f517261d308bChris Lattner#include "isakmp.h"
64e62c1185bee05facc25d1d725434f517261d308bChris Lattner#include "isakmp_xauth.h"
6599ba1f7b8deaf2a296c98600dbf593754cbd43a2Chris Lattner#include "isakmp_cfg.h"
66bf8644ca1fb960e94d14428adbab8277679e2a9dChris Lattner#include "gcmalloc.h"
677cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner
687cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattnerstruct throttle_list throttle_list = TAILQ_HEAD_INITIALIZER(throttle_list);
697cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner
707cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner
717cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattnerstruct throttle_entry *
727cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattnerthrottle_add(addr)
737cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner	struct sockaddr *addr;
74e62c1185bee05facc25d1d725434f517261d308bChris Lattner{
75e62c1185bee05facc25d1d725434f517261d308bChris Lattner	struct throttle_entry *te;
76e62c1185bee05facc25d1d725434f517261d308bChris Lattner	size_t len;
77e62c1185bee05facc25d1d725434f517261d308bChris Lattner
78e62c1185bee05facc25d1d725434f517261d308bChris Lattner	len = sizeof(*te)
79e62c1185bee05facc25d1d725434f517261d308bChris Lattner	    - sizeof(struct sockaddr_storage)
80711e5d96aa648ebe96b09483d0775f3b16283e3dChris Lattner	    + sysdep_sa_len(addr);
81e3a1d054483d6e2551a43232f2c968fc7ce523f2Chris Lattner
82e62c1185bee05facc25d1d725434f517261d308bChris Lattner	if ((te = racoon_malloc(len)) == NULL)
83e62c1185bee05facc25d1d725434f517261d308bChris Lattner		return NULL;
848e9a9774eb12b5242f74b8ac5b20e0a938ec9c53Chris Lattner
85b45b3b3cd14faaf5a3ea5226af7e1e3cd653e6cbChris Lattner	te->penalty = time(NULL) + isakmp_cfg_config.auth_throttle;
86b45b3b3cd14faaf5a3ea5226af7e1e3cd653e6cbChris Lattner	memcpy(&te->host, addr, sysdep_sa_len(addr));
87b45b3b3cd14faaf5a3ea5226af7e1e3cd653e6cbChris Lattner	TAILQ_INSERT_HEAD(&throttle_list, te, next);
88b45b3b3cd14faaf5a3ea5226af7e1e3cd653e6cbChris Lattner
89b45b3b3cd14faaf5a3ea5226af7e1e3cd653e6cbChris Lattner	return te;
90b45b3b3cd14faaf5a3ea5226af7e1e3cd653e6cbChris Lattner}
91b45b3b3cd14faaf5a3ea5226af7e1e3cd653e6cbChris Lattner
92e62c1185bee05facc25d1d725434f517261d308bChris Lattnerint
937cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattnerthrottle_host(addr, authfail)
947cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner	struct sockaddr *addr;
957cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner	int authfail;
967cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner{
977cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner	struct throttle_entry *te;
987cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner	int found = 0;
997cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner	time_t now;
1007cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner
1017cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner	if (isakmp_cfg_config.auth_throttle == 0)
10240f71134b9fef0ca06c516f033cc9403394a913cChris Lattner		return 0;
1037cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner
104e62c1185bee05facc25d1d725434f517261d308bChris Lattner	now = time(NULL);
105e62c1185bee05facc25d1d725434f517261d308bChris Lattner
106e62c1185bee05facc25d1d725434f517261d308bChris Lattnerrestart:
107e62c1185bee05facc25d1d725434f517261d308bChris Lattner	RACOON_TAILQ_FOREACH_REVERSE(te, &throttle_list, throttle_list, next) {
108e62c1185bee05facc25d1d725434f517261d308bChris Lattner	  /*
109e62c1185bee05facc25d1d725434f517261d308bChris Lattner	   * Remove outdated entries
110e62c1185bee05facc25d1d725434f517261d308bChris Lattner	   */
11107278e48dc27d8ac64b5ff7ed6361536c2f38ea1Chris Lattner		if (te->penalty < now) {
11207278e48dc27d8ac64b5ff7ed6361536c2f38ea1Chris Lattner			TAILQ_REMOVE(&throttle_list, te, next);
11307278e48dc27d8ac64b5ff7ed6361536c2f38ea1Chris Lattner			racoon_free(te);
1141fca5ff62bb2ecb5bfc8974f4dbfc56e9d3ca721Chris Lattner			goto restart;
1151fca5ff62bb2ecb5bfc8974f4dbfc56e9d3ca721Chris Lattner		}
116ead87b671278379f92890fddd859a301bb68f462Reid Spencer
117ead87b671278379f92890fddd859a301bb68f462Reid Spencer		if (cmpsaddrwop(addr, (struct sockaddr *)&te->host) == 0) {
118ead87b671278379f92890fddd859a301bb68f462Reid Spencer			found = 1;
119ead87b671278379f92890fddd859a301bb68f462Reid Spencer			break;
120ead87b671278379f92890fddd859a301bb68f462Reid Spencer		}
121ead87b671278379f92890fddd859a301bb68f462Reid Spencer	}
122ead87b671278379f92890fddd859a301bb68f462Reid Spencer
123ead87b671278379f92890fddd859a301bb68f462Reid Spencer	/*
124ead87b671278379f92890fddd859a301bb68f462Reid Spencer	 * No match, if auth failed, allocate a new throttle entry
125ead87b671278379f92890fddd859a301bb68f462Reid Spencer	 * give no penalty even on error: this is the first time
126f100dcc42e606e645865052268c6f52961cd62afReid Spencer	 * and we are indulgent.
127ead87b671278379f92890fddd859a301bb68f462Reid Spencer	 */
128ead87b671278379f92890fddd859a301bb68f462Reid Spencer	if (!found) {
129ead87b671278379f92890fddd859a301bb68f462Reid Spencer		if (authfail) {
130e62c1185bee05facc25d1d725434f517261d308bChris Lattner			if ((te = throttle_add(addr)) == NULL) {
13199ba1f7b8deaf2a296c98600dbf593754cbd43a2Chris Lattner				plog(LLV_ERROR, LOCATION, NULL,
1327cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner				    "Throttle insertion failed\n");
1337cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner				return (time(NULL)
1347cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner				    + isakmp_cfg_config.auth_throttle);
1357cf0ce4b8d122575c3348b5fa4947014c3d8432dChris Lattner			}
136ead87b671278379f92890fddd859a301bb68f462Reid Spencer		}
137ead87b671278379f92890fddd859a301bb68f462Reid Spencer		return 0;
138ead87b671278379f92890fddd859a301bb68f462Reid Spencer	} else {
139ead87b671278379f92890fddd859a301bb68f462Reid Spencer		/*
140ead87b671278379f92890fddd859a301bb68f462Reid Spencer		 * We had a match and auth failed, increase penalty.
141ead87b671278379f92890fddd859a301bb68f462Reid Spencer		 */
142ead87b671278379f92890fddd859a301bb68f462Reid Spencer		if (authfail) {
143ead87b671278379f92890fddd859a301bb68f462Reid Spencer			time_t remaining;
144ead87b671278379f92890fddd859a301bb68f462Reid Spencer			time_t new;
145e62c1185bee05facc25d1d725434f517261d308bChris Lattner
146e62c1185bee05facc25d1d725434f517261d308bChris Lattner			remaining = te->penalty - now;
14707278e48dc27d8ac64b5ff7ed6361536c2f38ea1Chris Lattner			new = remaining + isakmp_cfg_config.auth_throttle;
148234b3ec8795e0661af56aa1d1a978a41d80686c5Misha Brukman
149234b3ec8795e0661af56aa1d1a978a41d80686c5Misha Brukman			if (new > THROTTLE_PENALTY_MAX)
15007278e48dc27d8ac64b5ff7ed6361536c2f38ea1Chris Lattner				new = THROTTLE_PENALTY_MAX;
151e62c1185bee05facc25d1d725434f517261d308bChris Lattner
152e62c1185bee05facc25d1d725434f517261d308bChris Lattner			te->penalty = now + new;
153e62c1185bee05facc25d1d725434f517261d308bChris Lattner		}
1541002c0203450620594a85454c6a095ca94b87cb2Dan Gohman	}
155e62c1185bee05facc25d1d725434f517261d308bChris Lattner
156e62c1185bee05facc25d1d725434f517261d308bChris Lattner	return te->penalty;
157e62c1185bee05facc25d1d725434f517261d308bChris Lattner}
158ead87b671278379f92890fddd859a301bb68f462Reid Spencer
159ead87b671278379f92890fddd859a301bb68f462Reid Spencer