Currently, netsplit detection tracks nick!user@host (in data:netsplit array)
If the network disruption that causes a netsplit results in a umode +x client also losing their server connection and they reconnect and rejoin channels without being umode +x again, they are not detected as a user rejoining from a split-- because their hostname has changed. This scenario can result in join flood detection-- albeit, technically correct.
Consider removing the hostname from the rejoin detection when the previous host was a umode +x hostname.
Note that this 'solution' would open a window of opportunity to evade join flood detection when using the same nick!ident during the netsplit merge memory window from cfg(split:mem)-- but the risk is likely very low in real world scenarios.
Alternative approaches:
Do nothing. Not ideal, as often when a server splits it also drops clients.
Stop all join flood detection for N time when any server splits. Not ideal, as it would create an even bigger attack vector.
empus
commented
3 months ago
Currently, netsplit detection tracks nick!user@host (in data:netsplit array)
If the network disruption that causes a netsplit results in a umode +x client also losing their server connection and they reconnect and rejoin channels without being umode +x again, they are not detected as a user rejoining from a split-- because their hostname has changed. This scenario can result in join flood detection-- albeit, technically correct.
Consider removing the hostname from the rejoin detection when the previous host was a umode +x hostname.
Note that this 'solution' would open a window of opportunity to evade join flood detection when using the same nick!ident during the netsplit merge memory window from cfg(split:mem)-- but the risk is likely very low in real world scenarios.
Alternative approaches: