src/sbbs3/ratelimit_filter.hppsrc/sbbs3/ftpsrvr.cpp ftpsrvr.h mailsrvr

BBS:      TELESC.NET.BR
Assunto:  src/sbbs3/ratelimit_filter.hppsrc/sbbs3/ftpsrvr.cpp ftpsrvr.h mailsrvr
De:       Rob Swindell (on Windows 11)
Data:     Sat, 23 May 2026 21:25:45 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/d7c823c9d43a90aa469d7cca
Added Files:
	src/sbbs3/ratelimit_filter.hpp
Modified Files:
	src/sbbs3/ftpsrvr.cpp ftpsrvr.h mailsrvr.cpp mailsrvr.h ratelimit.hpp sbbs_ini.c src/sbbs3/scfg/scfgsrvr.c src/sbbs3/services.cpp services.h websrvr.cpp
Log Message:
ftp/mail/services: add rate-limit auto-filter, mirroring web

The web server has had a rate-limit auto-filter since bd375c1e4 (Feb
2026): once a client (or aggregated subnet) trips the rate limit
rate_limit_filter consecutive times while continuously active, it's
added to ip.can or ip-silent.can.  This commit rolls the same machinery
out to the other rate-limited servers (FTP, SMTP, POP3, Services) so
they can defend against low-grade flood abuse without sysop
intervention.

Per-server changes (added to ftp_startup_t / mail_startup_t /
services_startup_t, exposed via sbbs.ini and SCFG > "Rate Limiting..."
submenu):
- rate_limit_prefix4 / rate_limit_prefix6: aggregate counting per subnet
- rate_limit_filter: violations threshold (0 = disabled, current default)
- rate_limit_filter_duration: lifetime of the .can entry
- rate_limit_filter_silent: write to ip-silent.can vs ip.can
- rate_limit_filter_subnet_threshold: distinct-IP guard (default 2)

Mechanically:
- rate_limit_key() and rate_limit_filter() extracted from websrvr.cpp
  into a new shared header ratelimit_filter.hpp (static-inline, with
  per-server lprintf passed as a function pointer).  No new .cpp / build
  graph changes; websrvr.cpp now calls the shared helpers.
- ratelimit.hpp gets a long-missing include guard.
- web_rate_limit_cfg() in scfgsrvr.c generalized into rate_limit_cfg()
  taking a view struct with nullable field pointers, so the same menu +
  help text serves all four servers (web has connect+request; FTP/Mail
  have request only; Services has connect only).
- Services previously dropped rate-limited connections silently; it now
  logs a NOTICE before dropping, matching the other servers.

Touches *_startup_t for three servers, so sbbsctrl.exe needs rebuilding
on Windows hosts alongside this.

Co-Authored-By: Claude Opus 4.7 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]