1 files changed, 484 insertions, 0 deletions
diff --git a/contrib/sendmail/src/ratectrl.c b/contrib/sendmail/src/ratectrl.c
new file mode 100644
index 0000000..773955a
--- /dev/null
+++ b/contrib/sendmail/src/ratectrl.c
@@ -0,0 +1,484 @@
+/*
+ * Copyright (c) 2003 Sendmail, Inc. and its suppliers.
+ *	All rights reserved.
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the sendmail distribution.
+ *
+ * Contributed by Jose Marcio Martins da Cruz - Ecole des Mines de Paris
+ *   Jose-Marcio.Martins@ensmp.fr
+ */
+
+/* a part of this code is based on inetd.c for which this copyright applies: */
+/*
+ * Copyright (c) 1983, 1991, 1993, 1994
+ *      The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sendmail.h>
+SM_RCSID("@(#)$Id: ratectrl.c,v 8.13 2009/05/05 23:19:34 ca Exp $")
+
+/*
+**  stuff included - given some warnings (inet_ntoa)
+**	- surely not everything is needed
+*/
+
+#if NETINET || NETINET6
+# include <arpa/inet.h>
+#endif	/* NETINET || NETINET6 */
+
+#include <sm/time.h>
+
+#ifndef HASH_ALG
+# define HASH_ALG	2
+#endif /* HASH_ALG */
+
+#ifndef RATECTL_DEBUG
+# define RATECTL_DEBUG  0
+#endif /* RATECTL_DEBUG */
+
+/* forward declarations */
+static int client_rate __P((time_t, SOCKADDR *, bool));
+static int total_rate __P((time_t, bool));
+
+/*
+**  CONNECTION_RATE_CHECK - updates connection history data
+**      and computes connection rate for the given host
+**
+**    Parameters:
+**      hostaddr -- ip address of smtp client
+**      e -- envelope
+**
+**    Returns:
+**      true (always)
+**
+**    Side Effects:
+**      updates connection history
+**
+**    Warnings:
+**      For each connection, this call shall be
+**      done only once with the value true for the
+**      update parameter.
+**      Typically, this call is done with the value
+**      true by the father, and once again with
+**      the value false by the children.
+**
+*/
+
+bool
+connection_rate_check(hostaddr, e)
+	SOCKADDR *hostaddr;
+	ENVELOPE *e;
+{
+	time_t now;
+	int totalrate, clientrate;
+	static int clientconn = 0;
+
+	now = time(NULL);
+#if RATECTL_DEBUG
+	sm_syslog(LOG_INFO, NOQID, "connection_rate_check entering...");
+#endif /* RATECTL_DEBUG */
+
+	/* update server connection rate */
+	totalrate = total_rate(now, e == NULL);
+#if RATECTL_DEBUG
+	sm_syslog(LOG_INFO, NOQID, "global connection rate: %d", totalrate);
+#endif /* RATECTL_DEBUG */
+
+	/* update client connection rate */
+	clientrate = client_rate(now, hostaddr, e == NULL);
+
+	if (e == NULL)
+		clientconn = count_open_connections(hostaddr);
+
+	if (e != NULL)
+	{
+		char s[16];
+
+		sm_snprintf(s, sizeof(s), "%d", clientrate);
+		macdefine(&e->e_macro, A_TEMP, macid("{client_rate}"), s);
+		sm_snprintf(s, sizeof(s), "%d", totalrate);
+		macdefine(&e->e_macro, A_TEMP, macid("{total_rate}"), s);
+		sm_snprintf(s, sizeof(s), "%d", clientconn);
+		macdefine(&e->e_macro, A_TEMP, macid("{client_connections}"),
+				s);
+	}
+	return true;
+}
+
+/*
+**  Data declarations needed to evaluate connection rate
+*/
+
+static int CollTime = 60;
+
+/* this should be a power of 2, otherwise CPMHMASK doesn't work well */
+#ifndef CPMHSIZE
+# define CPMHSIZE	1024
+#endif /* CPMHSIZE */
+
+#define CPMHMASK	(CPMHSIZE-1)
+
+#ifndef MAX_CT_STEPS
+# define MAX_CT_STEPS	10
+#endif /* MAX_CT_STEPS */
+
+/*
+**  time granularity: 10s (that's one "tick")
+**  will be initialised to ConnectionRateWindowSize/CHTSIZE
+**  before being used the first time
+*/
+
+static int ChtGran = -1;
+
+#define CHTSIZE		6
+
+/* Number of connections for a certain "tick" */
+typedef struct CTime
+{
+	unsigned long	ct_Ticks;
+	int		ct_Count;
+}
+CTime_T;
+
+typedef struct CHash
+{
+#if NETINET6 && NETINET
+	union
+	{
+		struct in_addr	c4_Addr;
+		struct in6_addr	c6_Addr;
+	} cu_Addr;
+# define ch_Addr4	cu_Addr.c4_Addr
+# define ch_Addr6	cu_Addr.c6_Addr
+#else /* NETINET6 && NETINET */
+# if NETINET6
+	struct in6_addr	ch_Addr;
+#  define ch_Addr6	ch_Addr
+# else /* NETINET6 */
+	struct in_addr ch_Addr;
+#  define ch_Addr4	ch_Addr
+# endif /* NETINET6 */
+#endif /* NETINET6 && NETINET */
+
+	int		ch_Family;
+	time_t		ch_LTime;
+	unsigned long	ch_colls;
+
+	/* 6 buckets for ticks: 60s */
+	CTime_T		ch_Times[CHTSIZE];
+}
+CHash_T;
+
+static CHash_T CHashAry[CPMHSIZE];
+static bool CHashAryOK = false;
+
+/*
+**  CLIENT_RATE - Evaluate connection rate per smtp client
+**
+**	Parameters:
+**		now - current time in secs
+**		saddr - client address
+**		update - update data / check only
+**
+**	Returns:
+**		connection rate (connections / ConnectionRateWindowSize)
+**
+**	Side effects:
+**		update static global data
+**
+*/
+
+static int
+client_rate(now, saddr, update)
+	 time_t now;
+	 SOCKADDR *saddr;
+	 bool update;
+{
+	unsigned int hv;
+	int i;
+	int cnt;
+	bool coll;
+	CHash_T *chBest = NULL;
+	unsigned int ticks;
+
+	cnt = 0;
+	hv = 0xABC3D20F;
+	if (ChtGran < 0)
+		ChtGran = ConnectionRateWindowSize / CHTSIZE;
+	if (ChtGran <= 0)
+		ChtGran = 10;
+
+	ticks = now / ChtGran;
+
+	if (!CHashAryOK)
+	{
+		memset(CHashAry, 0, sizeof(CHashAry));
+		CHashAryOK = true;
+	}
+
+	{
+		char *p;
+		int addrlen;
+#if HASH_ALG != 1
+		int c, d;
+#endif /* HASH_ALG != 1 */
+
+		switch (saddr->sa.sa_family)
+		{
+#if NETINET
+		  case AF_INET:
+			p = (char *)&saddr->sin.sin_addr;
+			addrlen = sizeof(struct in_addr);
+			break;
+#endif /* NETINET */
+#if NETINET6
+		  case AF_INET6:
+			p = (char *)&saddr->sin6.sin6_addr;
+			addrlen = sizeof(struct in6_addr);
+			break;
+#endif /* NETINET6 */
+		  default:
+			/* should not happen */
+			return -1;
+		}
+
+		/* compute hash value */
+		for (i = 0; i < addrlen; ++i, ++p)
+#if HASH_ALG == 1
+			hv = (hv << 5) ^ (hv >> 23) ^ *p;
+		hv = (hv ^ (hv >> 16));
+#elif HASH_ALG == 2
+		{
+			d = *p;
+			c = d;
+			c ^= c<<6;
+			hv += (c<<11) ^ (c>>1);
+			hv ^= (d<<14) + (d<<7) + (d<<4) + d;
+		}
+#elif HASH_ALG == 3
+		{
+			hv = (hv << 4) + *p;
+			d = hv & 0xf0000000;
+			if (d != 0)
+			{
+				hv ^= (d >> 24);
+				hv ^= d;
+			}
+		}
+#else /* HASH_ALG == 1 */
+			hv = ((hv << 1) ^ (*p & 0377)) % cctx->cc_size;
+#endif /* HASH_ALG == 1 */
+	}
+
+	coll = true;
+	for (i = 0; i < MAX_CT_STEPS; ++i)
+	{
+		CHash_T *ch = &CHashAry[(hv + i) & CPMHMASK];
+
+#if NETINET
+		if (saddr->sa.sa_family == AF_INET &&
+		    ch->ch_Family == AF_INET &&
+		    (saddr->sin.sin_addr.s_addr == ch->ch_Addr4.s_addr ||
+		     ch->ch_Addr4.s_addr == 0))
+		{
+			chBest = ch;
+			coll = false;
+			break;
+		}
+#endif /* NETINET */
+#if NETINET6
+		if (saddr->sa.sa_family == AF_INET6 &&
+		    ch->ch_Family == AF_INET6 &&
+		    (IN6_ARE_ADDR_EQUAL(&saddr->sin6.sin6_addr,
+				       &ch->ch_Addr6) != 0 ||
+		     IN6_IS_ADDR_UNSPECIFIED(&ch->ch_Addr6)))
+		{
+			chBest = ch;
+			coll = false;
+			break;
+		}
+#endif /* NETINET6 */
+		if (chBest == NULL || ch->ch_LTime == 0 ||
+		    ch->ch_LTime < chBest->ch_LTime)
+			chBest = ch;
+	}
+
+	/* Let's update data... */
+	if (update)
+	{
+		if (coll && (now - chBest->ch_LTime < CollTime))
+		{
+			/*
+			**  increment the number of collisions last
+			**  CollTime for this client
+			*/
+
+			chBest->ch_colls++;
+
+			/*
+			**  Maybe shall log if collision rate is too high...
+			**  and take measures to resize tables
+			**  if this is the case
+			*/
+		}
+
+		/*
+		**  If it's not a match, then replace the data.
+		**  Note: this purges the history of a colliding entry,
+		**  which may cause "overruns", i.e., if two entries are
+		**  "cancelling" each other out, then they may exceed
+		**  the limits that are set. This might be mitigated a bit
+		**  by the above "best of 5" function however.
+		**
+		**  Alternative approach: just use the old data, which may
+		**  cause false positives however.
+		**  To activate this, change deactivate following memset call.
+		*/
+
+		if (coll)
+		{
+#if NETINET
+			if (saddr->sa.sa_family == AF_INET)
+			{
+				chBest->ch_Family = AF_INET;
+				chBest->ch_Addr4 = saddr->sin.sin_addr;
+			}
+#endif /* NETINET */
+#if NETINET6
+			if (saddr->sa.sa_family == AF_INET6)
+			{
+				chBest->ch_Family = AF_INET6;
+				chBest->ch_Addr6 = saddr->sin6.sin6_addr;
+			}
+#endif /* NETINET6 */
+#if 1
+			memset(chBest->ch_Times, '\0',
+			       sizeof(chBest->ch_Times));
+#endif /* 1 */
+		}
+
+		chBest->ch_LTime = now;
+		{
+			CTime_T *ct = &chBest->ch_Times[ticks % CHTSIZE];
+
+			if (ct->ct_Ticks != ticks)
+			{
+				ct->ct_Ticks = ticks;
+				ct->ct_Count = 0;
+			}
+			++ct->ct_Count;
+		}
+	}
+
+	/* Now let's count connections on the window */
+	for (i = 0; i < CHTSIZE; ++i)
+	{
+		CTime_T *ct = &chBest->ch_Times[i];
+
+		if (ct->ct_Ticks <= ticks && ct->ct_Ticks >= ticks - CHTSIZE)
+			cnt += ct->ct_Count;
+	}
+
+#if RATECTL_DEBUG
+	sm_syslog(LOG_WARNING, NOQID,
+		"cln: cnt=(%d), CHTSIZE=(%d), ChtGran=(%d)",
+		cnt, CHTSIZE, ChtGran);
+#endif /* RATECTL_DEBUG */
+	return cnt;
+}
+
+/*
+**  TOTAL_RATE - Evaluate global connection rate
+**
+**	Parameters:
+**		now - current time in secs
+**		update - update data / check only
+**
+**	Returns:
+**		connection rate (connections / ConnectionRateWindowSize)
+*/
+
+static CTime_T srv_Times[CHTSIZE];
+static bool srv_Times_OK = false;
+
+static int
+total_rate(now, update)
+	 time_t now;
+	 bool update;
+{
+	int i;
+	int cnt = 0;
+	CTime_T *ct;
+	unsigned int ticks;
+
+	if (ChtGran < 0)
+		ChtGran = ConnectionRateWindowSize / CHTSIZE;
+	if (ChtGran == 0)
+		ChtGran = 10;
+	ticks = now / ChtGran;
+	if (!srv_Times_OK)
+	{
+		memset(srv_Times, 0, sizeof(srv_Times));
+		srv_Times_OK = true;
+	}
+
+	/* Let's update data */
+	if (update)
+	{
+		ct = &srv_Times[ticks % CHTSIZE];
+
+		if (ct->ct_Ticks != ticks)
+		{
+			ct->ct_Ticks = ticks;
+			ct->ct_Count = 0;
+		}
+		++ct->ct_Count;
+	}
+
+	/* Let's count connections on the window */
+	for (i = 0; i < CHTSIZE; ++i)
+	{
+		ct = &srv_Times[i];
+
+		if (ct->ct_Ticks <= ticks && ct->ct_Ticks >= ticks - CHTSIZE)
+			cnt += ct->ct_Count;
+	}
+
+#if RATECTL_DEBUG
+	sm_syslog(LOG_WARNING, NOQID,
+		"srv: cnt=(%d), CHTSIZE=(%d), ChtGran=(%d)",
+		 cnt, CHTSIZE, ChtGran);
+#endif /* RATECTL_DEBUG */
+
+	return cnt;
+}