xref: /freebsd/contrib/sendmail/src/ratectrl.c (revision 59c8e88e72633afbc47a4ace0d2170d00d51f7dc)
1 /*
2  * Copyright (c) 2003 Proofpoint, Inc. and its suppliers.
3  *	All rights reserved.
4  *
5  * By using this file, you agree to the terms and conditions set
6  * forth in the LICENSE file which can be found at the top level of
7  * the sendmail distribution.
8  *
9  * Contributed by Jose Marcio Martins da Cruz - Ecole des Mines de Paris
10  *   Jose-Marcio.Martins@ensmp.fr
11  */
12 
13 /* a part of this code is based on inetd.c for which this copyright applies: */
14 /*
15  * Copyright (c) 1983, 1991, 1993, 1994
16  *      The Regents of the University of California.  All rights reserved.
17  *
18  * Redistribution and use in source and binary forms, with or without
19  * modification, are permitted provided that the following conditions
20  * are met:
21  * 1. Redistributions of source code must retain the above copyright
22  *    notice, this list of conditions and the following disclaimer.
23  * 2. Redistributions in binary form must reproduce the above copyright
24  *    notice, this list of conditions and the following disclaimer in the
25  *    documentation and/or other materials provided with the distribution.
26  * 3. All advertising materials mentioning features or use of this software
27  *    must display the following acknowledgement:
28  *      This product includes software developed by the University of
29  *      California, Berkeley and its contributors.
30  * 4. Neither the name of the University nor the names of its contributors
31  *    may be used to endorse or promote products derived from this software
32  *    without specific prior written permission.
33  *
34  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
35  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
36  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
37  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
38  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
39  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
40  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
41  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
42  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
43  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
44  * SUCH DAMAGE.
45  */
46 
47 #include <ratectrl.h>
48 SM_RCSID("@(#)$Id: ratectrl.c,v 8.14 2013-11-22 20:51:56 ca Exp $")
49 
50 static int client_rate __P((time_t, SOCKADDR *, int));
51 static int total_rate __P((time_t, bool));
52 static unsigned int gen_hash __P((SOCKADDR *));
53 static void rate_init __P((void));
54 
55 /*
56 **  CONNECTION_RATE_CHECK - updates connection history data
57 **      and computes connection rate for the given host
58 **
59 **	Parameters:
60 **		hostaddr -- IP address of SMTP client
61 **		e -- envelope
62 **
63 **	Returns:
64 **		none
65 **
66 **	Side Effects:
67 **		updates connection history
68 **
69 **	Warnings:
70 **		For each connection, this call shall be
71 **		done only once with the value true for the
72 **		update parameter.
73 **		Typically, this call is done with the value
74 **		true by the father, and once again with
75 **		the value false by the children.
76 */
77 
78 void
79 connection_rate_check(hostaddr, e)
80 	SOCKADDR *hostaddr;
81 	ENVELOPE *e;
82 {
83 	time_t now;
84 	int totalrate, clientrate;
85 	static int clientconn = 0;
86 
87 	now = time(NULL);
88 #if RATECTL_DEBUG
89 	sm_syslog(LOG_INFO, NOQID, "connection_rate_check entering...");
90 #endif
91 
92 	/* update server connection rate */
93 	totalrate = total_rate(now, e == NULL);
94 #if RATECTL_DEBUG
95 	sm_syslog(LOG_INFO, NOQID, "global connection rate: %d", totalrate);
96 #endif
97 
98 	/* update client connection rate */
99 	clientrate = client_rate(now, hostaddr, e == NULL ? SM_CLFL_UPDATE : SM_CLFL_NONE);
100 
101 	if (e == NULL)
102 		clientconn = count_open_connections(hostaddr);
103 
104 	if (e != NULL)
105 	{
106 		char s[16];
107 
108 		sm_snprintf(s, sizeof(s), "%d", clientrate);
109 		macdefine(&e->e_macro, A_TEMP, macid("{client_rate}"), s);
110 		sm_snprintf(s, sizeof(s), "%d", totalrate);
111 		macdefine(&e->e_macro, A_TEMP, macid("{total_rate}"), s);
112 		sm_snprintf(s, sizeof(s), "%d", clientconn);
113 		macdefine(&e->e_macro, A_TEMP, macid("{client_connections}"),
114 				s);
115 	}
116 	return;
117 }
118 
119 /*
120 **  Data declarations needed to evaluate connection rate
121 */
122 
123 static int CollTime = 60;
124 
125 /*
126 **  time granularity: 10s (that's one "tick")
127 **  will be initialised to ConnectionRateWindowSize/CHTSIZE
128 **  before being used the first time
129 */
130 
131 static int ChtGran = -1;
132 static CHash_T CHashAry[CPMHSIZE];
133 static CTime_T srv_Times[CHTSIZE];
134 
135 #ifndef MAX_CT_STEPS
136 # define MAX_CT_STEPS	10
137 #endif
138 
139 /*
140 **  RATE_INIT - initialize local data
141 **
142 **	Parameters:
143 **		none
144 **
145 **	Returns:
146 **		none
147 **
148 **	Side effects:
149 **		initializes static global data
150 */
151 
152 static void
153 rate_init()
154 {
155 	if (ChtGran > 0)
156 		return;
157 	ChtGran = ConnectionRateWindowSize / CHTSIZE;
158 	if (ChtGran <= 0)
159 		ChtGran = 10;
160 	memset(CHashAry, 0, sizeof(CHashAry));
161 	memset(srv_Times, 0, sizeof(srv_Times));
162 	return;
163 }
164 
165 /*
166 **  GEN_HASH - calculate a hash value
167 **
168 **	Parameters:
169 **		saddr - client address
170 **
171 **	Returns:
172 **		hash value
173 */
174 
175 static unsigned int
176 gen_hash(saddr)
177 	SOCKADDR *saddr;
178 {
179 	unsigned int hv;
180 	int i;
181 	int addrlen;
182 	char *p;
183 #if HASH_ALG != 1
184 	int c, d;
185 #endif
186 
187 	hv = 0xABC3D20F;
188 	switch (saddr->sa.sa_family)
189 	{
190 #if NETINET
191 	  case AF_INET:
192 		p = (char *)&saddr->sin.sin_addr;
193 		addrlen = sizeof(struct in_addr);
194 		break;
195 #endif /* NETINET */
196 #if NETINET6
197 	  case AF_INET6:
198 		p = (char *)&saddr->sin6.sin6_addr;
199 		addrlen = sizeof(struct in6_addr);
200 		break;
201 #endif /* NETINET6 */
202 	  default:
203 		/* should not happen */
204 		return -1;
205 	}
206 
207 	/* compute hash value */
208 	for (i = 0; i < addrlen; ++i, ++p)
209 #if HASH_ALG == 1
210 		hv = (hv << 5) ^ (hv >> 23) ^ *p;
211 	hv = (hv ^ (hv >> 16));
212 #elif HASH_ALG == 2
213 	{
214 		d = *p;
215 		c = d;
216 		c ^= c<<6;
217 		hv += (c<<11) ^ (c>>1);
218 		hv ^= (d<<14) + (d<<7) + (d<<4) + d;
219 	}
220 #elif HASH_ALG == 3
221 	{
222 		hv = (hv << 4) + *p;
223 		d = hv & 0xf0000000;
224 		if (d != 0)
225 		{
226 			hv ^= (d >> 24);
227 			hv ^= d;
228 		}
229 	}
230 #else /* HASH_ALG == 1 */
231 # error "unsupported HASH_ALG"
232 	hv = ((hv << 1) ^ (*p & 0377)) % cctx->cc_size; ???
233 #endif /* HASH_ALG == 1 */
234 
235 	return hv;
236 }
237 
238 /*
239 **  CONN_LIMIT - Evaluate connection limits
240 **
241 **	Parameters:
242 **		e -- envelope (_FFR_OCC, for logging only)
243 **		now - current time in secs
244 **		saddr - client address
245 **		clflags - update data / check only / ...
246 **		hashary - hash array
247 **		ratelimit - rate limit (_FFR_OCC only)
248 **		conclimit - concurrency limit (_FFR_OCC only)
249 **
250 **	Returns:
251 #if _FFR_OCC
252 **		outgoing: limit exceeded?
253 #endif
254 **		incoming:
255 **		  connection rate (connections / ConnectionRateWindowSize)
256 */
257 
258 int
259 conn_limits(e, now, saddr, clflags, hashary, ratelimit, conclimit)
260 	ENVELOPE *e;
261 	time_t now;
262 	SOCKADDR *saddr;
263 	int clflags;
264 	CHash_T hashary[];
265 	int ratelimit;
266 	int conclimit;
267 {
268 	int i;
269 	int cnt;
270 	bool coll;
271 	CHash_T *chBest = NULL;
272 	CTime_T *ct = NULL;
273 	unsigned int ticks;
274 	unsigned int hv;
275 #if _FFR_OCC
276 	bool exceeded = false;
277 	int *prv, *pcv;
278 #endif
279 #if RATECTL_DEBUG || _FFR_OCC
280 	bool logit = false;
281 #endif
282 
283 	cnt = 0;
284 	hv = gen_hash(saddr);
285 	ticks = now / ChtGran;
286 
287 	coll = true;
288 	for (i = 0; i < MAX_CT_STEPS; ++i)
289 	{
290 		CHash_T *ch = &hashary[(hv + i) & CPMHMASK];
291 
292 #if NETINET
293 		if (saddr->sa.sa_family == AF_INET &&
294 		    ch->ch_Family == AF_INET &&
295 		    (saddr->sin.sin_addr.s_addr == ch->ch_Addr4.s_addr ||
296 		     ch->ch_Addr4.s_addr == 0))
297 		{
298 			chBest = ch;
299 			coll = false;
300 			break;
301 		}
302 #endif /* NETINET */
303 #if NETINET6
304 		if (saddr->sa.sa_family == AF_INET6 &&
305 		    ch->ch_Family == AF_INET6 &&
306 		    (IN6_ARE_ADDR_EQUAL(&saddr->sin6.sin6_addr,
307 				       &ch->ch_Addr6) != 0 ||
308 		     IN6_IS_ADDR_UNSPECIFIED(&ch->ch_Addr6)))
309 		{
310 			chBest = ch;
311 			coll = false;
312 			break;
313 		}
314 #endif /* NETINET6 */
315 		if (chBest == NULL || ch->ch_LTime == 0 ||
316 		    ch->ch_LTime < chBest->ch_LTime)
317 			chBest = ch;
318 	}
319 
320 	/* Let's update data... */
321 	if ((clflags & (SM_CLFL_UPDATE|SM_CLFL_EXC)) != 0)
322 	{
323 		if (coll && (now - chBest->ch_LTime < CollTime))
324 		{
325 			/*
326 			**  increment the number of collisions last
327 			**  CollTime for this client
328 			*/
329 
330 			chBest->ch_colls++;
331 
332 			/*
333 			**  Maybe shall log if collision rate is too high...
334 			**  and take measures to resize tables
335 			**  if this is the case
336 			*/
337 		}
338 
339 		/*
340 		**  If it's not a match, then replace the data.
341 		**  Note: this purges the history of a colliding entry,
342 		**  which may cause "overruns", i.e., if two entries are
343 		**  "cancelling" each other out, then they may exceed
344 		**  the limits that are set. This might be mitigated a bit
345 		**  by the above "best of 5" function however.
346 		**
347 		**  Alternative approach: just use the old data, which may
348 		**  cause false positives however.
349 		**  To activate this, deactivate the memset() call.
350 		*/
351 
352 		if (coll)
353 		{
354 #if NETINET
355 			if (saddr->sa.sa_family == AF_INET)
356 			{
357 				chBest->ch_Family = AF_INET;
358 				chBest->ch_Addr4 = saddr->sin.sin_addr;
359 			}
360 #endif /* NETINET */
361 #if NETINET6
362 			if (saddr->sa.sa_family == AF_INET6)
363 			{
364 				chBest->ch_Family = AF_INET6;
365 				chBest->ch_Addr6 = saddr->sin6.sin6_addr;
366 			}
367 #endif /* NETINET6 */
368 			memset(chBest->ch_Times, '\0',
369 			       sizeof(chBest->ch_Times));
370 		}
371 
372 		chBest->ch_LTime = now;
373 		ct = &chBest->ch_Times[ticks % CHTSIZE];
374 
375 		if (ct->ct_Ticks != ticks)
376 		{
377 			ct->ct_Ticks = ticks;
378 			ct->ct_Count = 0;
379 		}
380 		if ((clflags & SM_CLFL_UPDATE) != 0)
381 			++ct->ct_Count;
382 	}
383 
384 	/* Now let's count connections on the window */
385 	for (i = 0; i < CHTSIZE; ++i)
386 	{
387 		CTime_T *cth;
388 
389 		cth = &chBest->ch_Times[i];
390 		if (cth->ct_Ticks <= ticks && cth->ct_Ticks >= ticks - CHTSIZE)
391 			cnt += cth->ct_Count;
392 	}
393 #if _FFR_OCC
394 	prv = pcv = NULL;
395 	if (ct != NULL && ((clflags & SM_CLFL_EXC) != 0))
396 	{
397 		if (ratelimit > 0)
398 		{
399 			if (cnt < ratelimit)
400 				prv = &(ct->ct_Count);
401 			else
402 				exceeded = true;
403 		}
404 		else if (ratelimit < 0 && ct->ct_Count > 0)
405 			--ct->ct_Count;
406 	}
407 
408 	if (chBest != NULL && ((clflags & SM_CLFL_EXC) != 0))
409 	{
410 		if (conclimit > 0)
411 		{
412 			if (chBest->ch_oc < conclimit)
413 				pcv = &(chBest->ch_oc);
414 			else
415 				exceeded = true;
416 		}
417 		else if (conclimit < 0 && chBest->ch_oc > 0)
418 			--chBest->ch_oc;
419 	}
420 #endif
421 
422 #if RATECTL_DEBUG
423 	logit = true;
424 #endif
425 #if RATECTL_DEBUG || _FFR_OCC
426 # if _FFR_OCC
427 	if (!exceeded)
428 	{
429 		if (prv != NULL)
430 			++*prv, ++cnt;
431 		if (pcv != NULL)
432 			++*pcv;
433 	}
434 	logit = exceeded || LogLevel > 11;
435 # endif
436 	if (logit)
437 		sm_syslog(LOG_DEBUG, e != NULL ? e->e_id : NOQID,
438 			"conn_limits: addr=%s, flags=0x%x, rate=%d/%d, conc=%d/%d, exc=%d",
439 			saddr->sa.sa_family == AF_INET
440 				? inet_ntoa(saddr->sin.sin_addr) : "???",
441 			clflags, cnt, ratelimit,
442 # if _FFR_OCC
443 			chBest != NULL ? chBest->ch_oc : -1
444 # else
445 			-2
446 # endif
447 			, conclimit
448 # if _FFR_OCC
449 			, exceeded
450 # else
451 			, 0
452 # endif
453 			);
454 #endif
455 #if _FFR_OCC
456 	if ((clflags & SM_CLFL_EXC) != 0)
457 		return exceeded;
458 #endif
459 	return cnt;
460 }
461 
462 /*
463 **  CLIENT_RATE - Evaluate connection rate per SMTP client
464 **
465 **	Parameters:
466 **		now - current time in secs
467 **		saddr - client address
468 **		clflags - update data / check only
469 **
470 **	Returns:
471 **		connection rate (connections / ConnectionRateWindowSize)
472 **
473 **	Side effects:
474 **		update static global data
475 */
476 
477 static int
478 client_rate(now, saddr, clflags)
479 	time_t now;
480 	SOCKADDR *saddr;
481 	int clflags;
482 {
483 	rate_init();
484 	return conn_limits(NULL, now, saddr, clflags, CHashAry, 0, 0);
485 }
486 
487 /*
488 **  TOTAL_RATE - Evaluate global connection rate
489 **
490 **	Parameters:
491 **		now - current time in secs
492 **		update - update data / check only
493 **
494 **	Returns:
495 **		connection rate (connections / ConnectionRateWindowSize)
496 */
497 
498 static int
499 total_rate(now, update)
500 	time_t now;
501 	bool update;
502 {
503 	int i;
504 	int cnt = 0;
505 	CTime_T *ct;
506 	unsigned int ticks;
507 
508 	rate_init();
509 	ticks = now / ChtGran;
510 
511 	/* Let's update data */
512 	if (update)
513 	{
514 		ct = &srv_Times[ticks % CHTSIZE];
515 
516 		if (ct->ct_Ticks != ticks)
517 		{
518 			ct->ct_Ticks = ticks;
519 			ct->ct_Count = 0;
520 		}
521 		++ct->ct_Count;
522 	}
523 
524 	/* Let's count connections on the window */
525 	for (i = 0; i < CHTSIZE; ++i)
526 	{
527 		ct = &srv_Times[i];
528 
529 		if (ct->ct_Ticks <= ticks && ct->ct_Ticks >= ticks - CHTSIZE)
530 			cnt += ct->ct_Count;
531 	}
532 
533 #if RATECTL_DEBUG
534 	sm_syslog(LOG_WARNING, NOQID,
535 		"total: cnt=%d, CHTSIZE=%d, ChtGran=%d",
536 		cnt, CHTSIZE, ChtGran);
537 #endif
538 
539 	return cnt;
540 }
541 
542 #if RATECTL_DEBUG || _FFR_OCC
543 void
544 dump_ch(fp)
545 	SM_FILE_T *fp;
546 {
547 	int i, j, cnt;
548 	unsigned int ticks;
549 
550 	ticks = time(NULL) / ChtGran;
551 	sm_io_fprintf(fp, SM_TIME_DEFAULT, "dump_ch\n");
552 	for (i = 0; i < CPMHSIZE; i++)
553 	{
554 		CHash_T *ch = &CHashAry[i];
555 		bool valid;
556 
557 		valid = false;
558 # if NETINET
559 		valid = (ch->ch_Family == AF_INET);
560 		if (valid)
561 			sm_io_fprintf(fp, SM_TIME_DEFAULT, "ip=%s ",
562 				inet_ntoa(ch->ch_Addr4));
563 # endif /* NETINET */
564 # if NETINET6
565 		if (ch->ch_Family == AF_INET6)
566 		{
567 			char buf[64], *str;
568 
569 			valid = true;
570 			str = anynet_ntop(&ch->ch_Addr6, buf, sizeof(buf));
571 			if (str != NULL)
572 				sm_io_fprintf(fp, SM_TIME_DEFAULT, "ip=%s ",
573 					str);
574 		}
575 # endif /* NETINET6 */
576 		if (!valid)
577 			continue;
578 
579 		cnt = 0;
580 		for (j = 0; j < CHTSIZE; ++j)
581 		{
582 			CTime_T *cth;
583 
584 			cth = &ch->ch_Times[j];
585 			if (cth->ct_Ticks <= ticks && cth->ct_Ticks >= ticks - CHTSIZE)
586 				cnt += cth->ct_Count;
587 		}
588 
589 		sm_io_fprintf(fp, SM_TIME_DEFAULT, "time=%ld cnt=%d ",
590 			(long) ch->ch_LTime, cnt);
591 # if _FFR_OCC
592 		sm_io_fprintf(fp, SM_TIME_DEFAULT, "oc=%d", ch->ch_oc);
593 # endif
594 		sm_io_fprintf(fp, SM_TIME_DEFAULT, "\n");
595 	}
596 	sm_io_flush(fp, SM_TIME_DEFAULT);
597 }
598 
599 #endif /* RATECTL_DEBUG || _FFR_OCC */
600