diff --git a/irc/client.go b/irc/client.go index 45705f06..1801a7c6 100644 --- a/irc/client.go +++ b/irc/client.go @@ -163,8 +163,29 @@ type ClientDetails struct { accountName string } -// NewClient sets up a new client and runs its goroutine. -func RunNewClient(server *Server, conn clientConn) { +// RunClient sets up a new client and runs its goroutine. +func (server *Server) RunClient(conn clientConn) { + var isBanned bool + var banMsg string + var realIP net.IP + if conn.IsTor { + realIP = utils.IPv4LoopbackAddress + isBanned, banMsg = server.checkTorLimits() + } else { + realIP = utils.AddrToIP(conn.Conn.RemoteAddr()) + isBanned, banMsg = server.checkBans(realIP) + } + + if isBanned { + // this might not show up properly on some clients, + // but our objective here is just to close the connection out before it has a load impact on us + conn.Conn.Write([]byte(fmt.Sprintf(errorMsg, banMsg))) + conn.Conn.Close() + return + } + + server.logger.Info("localconnect-ip", fmt.Sprintf("Client connecting from %v", realIP)) + now := time.Now().UTC() config := server.Config() fullLineLenLimit := ircmsg.MaxlenTagsFromClient + config.Limits.LineLen.Rest @@ -194,6 +215,7 @@ func RunNewClient(server *Server, conn clientConn) { capState: caps.NoneState, ctime: now, atime: now, + realIP: realIP, } session.SetMaxlenRest() client.sessions = []*Session{session} @@ -204,19 +226,17 @@ func RunNewClient(server *Server, conn clientConn) { client.certfp, _ = socket.CertFP() } - remoteAddr := conn.Conn.RemoteAddr() if conn.IsTor { client.SetMode(modes.TLS, true) - session.realIP = utils.AddrToIP(remoteAddr) // cover up details of the tor proxying infrastructure (not a user privacy concern, // but a hardening measure): session.proxiedIP = utils.IPv4LoopbackAddress session.rawHostname = config.Server.TorListeners.Vhost } else { - session.realIP = utils.AddrToIP(remoteAddr) // set the hostname for this client (may be overridden later by PROXY or WEBIRC) session.rawHostname = utils.LookupHostname(session.realIP.String()) client.cloakedHostname = config.Server.Cloaks.ComputeCloak(session.realIP) + remoteAddr := conn.Conn.RemoteAddr() if utils.AddrIsLocal(remoteAddr) { // treat local connections as secure (may be overridden later by WEBIRC) client.SetMode(modes.TLS, true) diff --git a/irc/server.go b/irc/server.go index b8830a50..814ddfe1 100644 --- a/irc/server.go +++ b/irc/server.go @@ -27,7 +27,6 @@ import ( "github.com/oragono/oragono/irc/logger" "github.com/oragono/oragono/irc/modes" "github.com/oragono/oragono/irc/sno" - "github.com/oragono/oragono/irc/utils" "github.com/tidwall/buntdb" ) @@ -207,30 +206,6 @@ func (server *Server) Run() { } } -func (server *Server) acceptClient(conn clientConn) { - var isBanned bool - var banMsg string - var ipaddr net.IP - if conn.IsTor { - ipaddr = utils.IPv4LoopbackAddress - isBanned, banMsg = server.checkTorLimits() - } else { - ipaddr = utils.AddrToIP(conn.Conn.RemoteAddr()) - isBanned, banMsg = server.checkBans(ipaddr) - } - - if isBanned { - // this might not show up properly on some clients, but our objective here is just to close the connection out before it has a load impact on us - conn.Conn.Write([]byte(fmt.Sprintf(errorMsg, banMsg))) - conn.Conn.Close() - return - } - - server.logger.Info("localconnect-ip", fmt.Sprintf("Client connecting from %v", ipaddr)) - - go RunNewClient(server, conn) -} - func (server *Server) checkBans(ipaddr net.IP) (banned bool, message string) { // check DLINEs isBanned, info := server.dlines.CheckIP(ipaddr) @@ -338,7 +313,7 @@ func (server *Server) createListener(addr string, tlsConfig *tls.Config, isTor b IsTor: isTor, } // hand off the connection - go server.acceptClient(newConn) + go server.RunClient(newConn) } if shouldStop {