mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-09 08:16:58 +08:00
Fix ban score reset logic
The previous condition for resetting a ban score was insufficient. It failed to reset the score for a client that had just exited a ban, and also incorrectly reset the score of a currently banned client, causing premature unbans. Closes: #678 Signed-off-by: Grigory Trenin <grigory.trenin@gmail.com>
This commit is contained in:
Grigory Trenin
committed by
Nikos Mavrogiannopoulos
Nikos Mavrogiannopoulos
parent
d15b2af4b2
commit
afa34bbd10
2
NEWS
2
NEWS
@@ -11,6 +11,8 @@
|
||||
- occtl: fix missing column headers in 'show ip bans' output (#677)
|
||||
- occtl: 'show ip bans' no longer shows expired bans (#675)
|
||||
- Fixed DTLS not working with systemd socket activation (#647)
|
||||
- Fixed a bug in the ban timer logic that could prevent IP addresses
|
||||
from being banned or cause premature unbans (#678)
|
||||
|
||||
* Version 1.3.0 (released 2024-05-05)
|
||||
- Switch to https://github.com/nodejs/llhttp from http-parser.
|
||||
|
||||
@@ -162,7 +162,14 @@ static int add_ip_to_ban_list(main_server_st *s, const unsigned char *ip,
|
||||
goto fail;
|
||||
}
|
||||
} else {
|
||||
if (now > e->last_reset + GETCONFIG(s)->ban_reset_time) {
|
||||
/* Reset the score if:
|
||||
* - ban period ended (now > e->expires)
|
||||
* - reset interval elapsed AND user not currently banned
|
||||
* (to avoid prematurely lifting an active ban)
|
||||
*/
|
||||
if (now > e->expires ||
|
||||
(now > e->last_reset + GETCONFIG(s)->ban_reset_time &&
|
||||
!IS_BANNED(s, e))) {
|
||||
e->score = 0;
|
||||
e->last_reset = now;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user