1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/ratelimit_filter.hppsrc/sbbs3/ftpsrvr.cpp ftpsrvr.h mailsrvr

    From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sat May 23 21:25:45 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/d7c823c9d43a90aa469d7cca
    Added Files:
    src/sbbs3/ratelimit_filter.hpp
    Modified Files:
    src/sbbs3/ftpsrvr.cpp ftpsrvr.h mailsrvr.cpp mailsrvr.h ratelimit.hpp sbbs_ini.c src/sbbs3/scfg/scfgsrvr.c src/sbbs3/services.cpp services.h websrvr.cpp
    Log Message:
    ftp/mail/services: add rate-limit auto-filter, mirroring web

    The web server has had a rate-limit auto-filter since bd375c1e4 (Feb
    2026): once a client (or aggregated subnet) trips the rate limit rate_limit_filter consecutive times while continuously active, it's
    added to ip.can or ip-silent.can. This commit rolls the same machinery
    out to the other rate-limited servers (FTP, SMTP, POP3, Services) so
    they can defend against low-grade flood abuse without sysop
    intervention.

    Per-server changes (added to ftp_startup_t / mail_startup_t / services_startup_t, exposed via sbbs.ini and SCFG > "Rate Limiting..." submenu):
    - rate_limit_prefix4 / rate_limit_prefix6: aggregate counting per subnet
    - rate_limit_filter: violations threshold (0 = disabled, current default)
    - rate_limit_filter_duration: lifetime of the .can entry
    - rate_limit_filter_silent: write to ip-silent.can vs ip.can
    - rate_limit_filter_subnet_threshold: distinct-IP guard (default 2)

    Mechanically:
    - rate_limit_key() and rate_limit_filter() extracted from websrvr.cpp
    into a new shared header ratelimit_filter.hpp (static-inline, with
    per-server lprintf passed as a function pointer). No new .cpp / build
    graph changes; websrvr.cpp now calls the shared helpers.
    - ratelimit.hpp gets a long-missing include guard.
    - web_rate_limit_cfg() in scfgsrvr.c generalized into rate_limit_cfg()
    taking a view struct with nullable field pointers, so the same menu +
    help text serves all four servers (web has connect+request; FTP/Mail
    have request only; Services has connect only).
    - Services previously dropped rate-limited connections silently; it now
    logs a NOTICE before dropping, matching the other servers.

    Touches *_startup_t for three servers, so sbbsctrl.exe needs rebuilding
    on Windows hosts alongside this.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net