Add rate limits to xmpp

06ab25a1 · Bob Mottram · b875f491 · 06ab25a1
Commit 06ab25a1 authored 6 years ago by Bob Mottram
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -77,6 +77,10 @@ XMPPSEND_COMMIT='9401665f40723df779f828d01cc1fa6df28b14c9'
 # used to disable TLS on onion only installs
 xmpp_tls_enabled=''

+# rate limits in kilobytes per second
+XMPP_MAX_S2S_RATE=10
+XMPP_MAX_C2S_RATE=10
+
 xmpp_variables=(ONION_ONLY
                INSTALLED_WITHIN_DOCKER
                XMPP_CIPHERS
@@ -858,6 +862,22 @@ function upgrade_xmpp {
    xmpp_contact_info /etc/prosody/prosody.cfg.lua
    xmpp_server_blacklist /etc/prosody/prosody.cfg.lua

+    # add rate limits
+    prosody_add_module "limits"
+    if ! grep -q 's2sin = {' /etc/prosody/prosody.cfg.lua; then
+        { echo 'limits = {';
+          echo '    c2s = {';
+          echo "        rate = \"${XMPP_MAX_C2S_RATE}kb/s\";";
+          echo "        burst = \"2s\";";
+          echo '    };';
+          echo '    s2sin = {';
+          echo "        rate = \"${XMPP_MAX_S2S_RATE}kb/s\";";
+          echo "        burst = \"5s\";";
+          echo '    };';
+          echo '}'; } >> /etc/prosody/prosody.cfg.lua
+        xmpp_restart=1
+    fi
+
    # add word filter to muc
    prosody_add_module "filter_words"
    if ! grep -q 'filter_words =' /etc/prosody/prosody.cfg.lua; then
@@ -1153,6 +1173,7 @@ function xmpp_modules {
      echo '  "offline_email"; -- If offline send to email';
      echo '  "offline"; -- Store offline messages';
      echo '  "http";';
+      echo '  "limits -- rate limits";';
      echo '  "http_upload";';
      echo '  "websocket";';
      echo '  "throttle_presence"; -- Reduce battery and bandwidth usage';
@@ -1458,7 +1479,18 @@ function xmpp_create_config {
          echo "        dhparam = \"/etc/prosody/xmpp.dhparam\";";
          echo "    }"; } >> /etc/prosody/prosody.cfg.lua
    fi
-    { echo 'storage = { muc_log = "sql"; }';
+
+    { echo 'limits = {';
+      echo '    c2s = {';
+      echo "        rate = \"${XMPP_MAX_C2S_RATE}kb/s\";";
+      echo "        burst = \"2s\";";
+      echo '    };';
+      echo '    s2sin = {';
+      echo "        rate = \"${XMPP_MAX_S2S_RATE}kb/s\";";
+      echo "        burst = \"5s\";";
+      echo '    };';
+      echo '}';
+      echo 'storage = { muc_log = "sql"; }';
      echo 'filter_words = {}';
      echo 'sql = { driver = "SQLite3", database = "prosody.sqlite" }';
      echo 'muc_event_rate = 0.5;';