]>
Commit | Line | Data |
---|---|---|
3bd189cb JR |
1 | <!doctype linuxdoc system> |
2 | ||
3 | <article> | |
4 | ||
5 | <title>Installing IRC - The Internet Relay Chat Program | |
6 | <author>SGML version by Christophe Kalt, updated by Piotr Kucharski | |
7 | <date>$Id: INSTALL.sgml,v 1.87 2010/08/11 17:36:56 bif Exp $ | |
8 | <abstract> | |
9 | This document describes how to install, and configure IRC 2.11 | |
10 | </abstract> | |
11 | ||
12 | <sect>Installing IRC. | |
13 | <sect1>The configure script | |
14 | <p> | |
15 | This package uses a GNU configure script for its configuration. | |
16 | You simply need to untar the distribution and run the | |
17 | ``configure'' script. This will run configure which will probe | |
18 | your system for any peculiarities it has and setup the Makefile | |
19 | and a file of default #define's ($arch/setup.h). | |
20 | <p> | |
21 | There are a few options to ``configure'' to help it out, or | |
22 | change the default behaviour: | |
23 | <descrip> | |
24 | <tag/--prefix=DIR/ changes the default directory into which | |
25 | ircd will install using ``make install''. This defaults | |
26 | to /usr/local | |
27 | <tag/--sbindir=DIR/ changes the default directory where the | |
28 | system admin executable files will go. It is important to | |
29 | set this properly. (default is prefix/sbin) | |
30 | <tag/--sysconfdir=DIR/ changes the default directory where | |
31 | the irc server configuration files will go. (default is prefix/etc) | |
32 | <tag/--localstatedir=DIR/ changes the default directory | |
33 | where the irc server state files will go. (default is prefix/var) | |
34 | <tag/--with-logdir=DIR/ changes the default directory where the | |
35 | irc log files will go. (default is localstatedir/log) | |
36 | <tag/--with-resconf=FILE/ defines the file to be used by ircd to | |
37 | initialize its resolver. (default is /etc/resolv.conf) | |
38 | <tag/--zlib-include=DIR/ specifies in which directory the | |
39 | include file from the zlib is located. | |
40 | <tag/--zlib-library=DIR/ specifies in which directory the | |
41 | zlib library is located. | |
42 | <tag/--zlib-prefix=DIR/ specifies the prefix for zlib | |
43 | location. It overrides the 2 previous options. (The | |
44 | include directory is supposed to be in prefix/include, and | |
45 | the library in prefix/lib). | |
46 | <tag/--with-zlib/ is the default. ``configure'' looks on your | |
47 | system to find the zlib. If found, ircd will be linked using | |
48 | it. This does NOT mean you can use server link compression, | |
49 | for this you also need to define ZIP_LINKS (see section below). | |
50 | <tag/--without-zlib/ tells ``configure'' not to look for the zlib. | |
51 | Defining this will keep you from using server link compression. | |
52 | <tag/--enable-ip6/ Enable IPv6 support (See notes below) | |
53 | <tag/--enable-dsm/ Enable Dynamically Shared Modules support for iauth | |
54 | </descrip> | |
55 | ||
56 | <sect1>Notes for Cygwin32 users | |
57 | <p> | |
58 | The daemon of 2.11 release compiles properly on W32 | |
59 | systems which have the GNU-Win32 environment (<url | |
60 | url="http://www.cygwin.com/">) setup. At the | |
61 | time of the release, tests were made using the version b20.1 | |
62 | of the Cygwin32 library. | |
63 | <p> | |
64 | When compiling on such system, you want to make sure that | |
65 | you have carefully followed the Cygwin32 installation | |
66 | notes. | |
67 | <p> | |
68 | Also, the IRC server needs a <bf>resolv.conf</bf> file in | |
69 | order to initialize the resolver. This file can be anywhere | |
70 | (see configure options), and is typically in <bf>/etc</bf> | |
71 | on UNIX systems. | |
72 | ||
73 | <sect1>Notes concerning IPv6 support | |
74 | <p> | |
75 | This version was tested on the following IPv6 systems: | |
76 | BSD/OS+KAME, Digital Unix, FreeBSD+KAME, Linux, NetBSD+INRIA. | |
77 | <p> | |
78 | Because IPv6 numeric addresses contain ``:'' characters, | |
79 | <bf>the default separator for the server configuration file is | |
80 | changed to ``%''</bf>. You can adjust it to your needs in config.h file. | |
81 | ||
82 | <sect>The config.h file | |
83 | <p> | |
84 | The second step consists of defining options before the | |
85 | compilation. This is done by editing the ``config.h'' file | |
86 | and changing the various #DEFINE's. | |
87 | ||
88 | <sect1>DEBUGMODE | |
89 | <p> | |
90 | <bf>This should only be defined for test purposes, and never | |
91 | used on a production server.</bf> | |
92 | <p> | |
93 | Define DEBUGMODE if you want to see the ircd debugging | |
94 | information as the daemon is running. Normally this function | |
95 | will be undefined as ircd produces a considerable amount of | |
96 | output. DEBUGMODE must be defined for either of -t or -x | |
97 | command line options to work. Defining this induces a large | |
98 | overhead for the server as it does a large amount of self | |
99 | diagnostics whilst running. | |
100 | ||
101 | <sect1>CHROOTDIR | |
102 | <p> | |
103 | To use the CHROOTDIR feature, make sure it is #define'd | |
104 | and that the server is being run as root. Better use some | |
105 | other (external) way of setting up chroot environment for ircd | |
106 | and run it from there, not requiring to run as root. | |
107 | ||
108 | <sect1>USERS_RFC1459, USERS_SHOWS_UTMP | |
109 | <p>Leaving USERS_RFC1459 undefined makes ircd return RPL_LOCALUSERS | |
110 | and RPL_GLOBALUSERS numerics (part of NAMES). Defining USERS_RFC1459 | |
111 | makes USERS command to behave like it is defined in RFC. If defined, | |
112 | security conscious server admins may still wish to leave USERS_SHOWS_UTMP | |
113 | undefined, effectively disabling the USERS command which can be used to | |
114 | glean information the same as finger can. | |
115 | ||
116 | <sect1>ENABLE_SUMMON | |
117 | <p>ENABLE_SUMMON toggles whether the server will attempt | |
118 | to summon local users to irc by writing a message similar to | |
119 | that from talk(1) to a user's tty. | |
120 | ||
121 | <sect1>DEFAULT_INVISIBLE | |
122 | <p> | |
123 | The DEFAULT_INVISIBLE define is used to toggle whether | |
124 | clients are automatically made invisible when they register. | |
125 | ||
126 | <sect1>OPER_KILL, OPER_CONNECT, OPER_DIE, OPER_REHASH, OPER_RESTART, OPER_SET... | |
127 | <p>Any operator priviledge can be precisely applied to a given user using O:line | |
128 | flags. Some admins may prefer to feel more safe by undefining some of above | |
129 | thus disabling access to corresponding command at all. | |
130 | ||
131 | <sect1>ZIP_LINKS, ZIP_LEVEL | |
132 | <p> | |
133 | As of the 2.9.3 version of the server, server-server | |
134 | connections may be compressed using the zlib. In order to | |
135 | compile the server with this feature, you MUST have the zlib | |
136 | package (version 1.0 or higher) already compiled and define | |
137 | ZIP_LINKS in the config.h file. Compression use for | |
138 | server-server connections is separately configured in the | |
139 | ircd.conf file for each server-server link. ZIP_LEVEL | |
140 | allows you to control the compression level that will be | |
141 | used. Values above 5 will noticeably increase the CPU used | |
142 | by the server. | |
143 | <p> | |
144 | The zlib package may be found at <url | |
145 | url="http://www.gzip.org/zlib/">. The data format used | |
146 | by the zlib library is described by RFCs (Request for | |
147 | Comments) 1950 to 1952 in the files <url | |
148 | url="ftp://ds.internic.net/rfc/rfc1950.txt"> (zlib format), | |
149 | rfc1951.txt (deflate format) and rfc1952.txt (gzip | |
150 | format). | |
151 | ||
152 | <sect1>SLOW_ACCEPT | |
153 | <p> | |
154 | This option is undefined by default, however is needed on some | |
155 | OSes. It creates an artificial delay in processing incoming | |
156 | connections. On a given port, no more than 1 connection per | |
157 | 2 seconds will be processed. | |
158 | <p> | |
159 | As it is undefined, it lets the server process connections as | |
160 | fast as it can which can cause problems on some OSes (such | |
161 | as SunOS) and be abused (fast massive join of clonebots..), | |
162 | for these reasons, if you decide to keep SLOW_ACCEPT undefined | |
163 | you MUST define CLONE_CHECK. | |
164 | ||
165 | <sect1>CLONE_CHECK | |
166 | <p> | |
167 | This option is defined by default and acts as a wrapper, by | |
168 | checking incoming connections early before starting ident query. | |
169 | By default, the server will not accept more than 10 connections from the | |
170 | same host within 2 seconds. | |
171 | ||
172 | <sect1>LOG_SERVER_CHANNELS | |
173 | <p>This option allows you to log to files server channels (like &NOTICES) | |
174 | chosen via LOG_SCH_* defines. Very handy. | |
175 | ||
176 | <sect1>Other #define's | |
177 | <p> | |
178 | The rest of the user changable #define's should be | |
179 | pretty much self explanatory in the config.h file. It is | |
180 | *NOT* recommended that any of the file under the line with | |
181 | "STOP STOP" in it be changed. | |
182 | ||
183 | <sect>Editing the Makefile, and compiling | |
184 | <p> | |
185 | This package now uses GNU autoconf to probe your system and | |
186 | generate the correct Makefile. However you may need to read | |
187 | it to check for values generated by the configure script. | |
188 | In particular, all the filenames, and path for binaries, log | |
189 | files, configuration files and so on are defined there. It | |
190 | is recommended to make use of the options described in the | |
191 | ``configure script'' section rather than to edit the | |
192 | generated Makefile. However, these options do not | |
193 | provide a total control over these values, in which case you | |
194 | need to directly edit the Makefile. | |
195 | <p> | |
196 | Now to build the package, type ``make all''. If everything | |
197 | goes will, you can then install it by typing ``make install''. | |
198 | <p> | |
199 | If you have trouble compiling ircd, copy Makefile.in to | |
200 | Makefile and edit Makefile as appropriate. | |
201 | <p> | |
202 | If everything went fine, the default layout of installed files is | |
203 | as follows (note that existing iauth.conf and ircd.motd will not be | |
204 | overwritten): | |
205 | <verb> | |
206 | PREFIX/sbin/ircd | |
207 | PREFIX/sbin/iauth | |
208 | PREFIX/sbin/chkconf | |
209 | PREFIX/sbin/ircd-mkpasswd | |
210 | PREFIX/sbin/ircdwatch | |
211 | PREFIX/man/man8/ircd.8 | |
212 | PREFIX/man/man8/iauth.8 | |
213 | PREFIX/man/man8/ircdwatch.8 | |
214 | PREFIX/man/man5/iauth.conf.5 | |
215 | PREFIX/etc/ircd.m4 | |
216 | PREFIX/etc/ircd.conf.example | |
217 | PREFIX/etc/iauth.conf.example | |
218 | PREFIX/etc/iauth.conf | |
219 | PREFIX/etc/ircd.motd | |
220 | PREFIX/var/run/ | |
221 | PREFIX/var/log/ | |
222 | </verb> | |
223 | Files created by ircd package during normal execution would be ircd.pid, ircd.tune, | |
224 | iauth.pid, ircdwatch.pid in PREFIX/var/run/ and ircd.users, ircd.rejects, ircd.auth, | |
225 | ircd.opers, ircd.debug, iauth.debug in PREFIX/var/log/. | |
226 | ||
227 | <sect>The ircd.conf file | |
228 | <p> | |
229 | After installing the ircd and irc programs, edit the | |
230 | ircd.conf file as per the instructions in this section and | |
231 | install it in the location you specified in the config.h | |
232 | file. There is a sample conf file called ircd.conf.example in | |
233 | the doc/ directory. | |
234 | <p> | |
235 | Appendix A (See INSTALL.appendix) describes the differences | |
236 | between IP addresses and host names. If you are unfamiliar | |
237 | with this, you should probably scan through it before | |
238 | proceeding. | |
239 | <p> | |
240 | The ircd.conf file contains various records that specify | |
241 | configuration options. The record types are as follows: | |
242 | <enum> | |
243 | <item>Machine information (M) | |
244 | <item>Administrative info (A) | |
245 | <item>Port connections (P) | |
246 | <item>Connection Classes (Y) | |
247 | <item>Client connections (I,i) | |
248 | <item>Operator privileges (O,o) | |
249 | <item>Excluded accounts (K,k) | |
250 | <item>X Excluded accounts (X) | |
251 | <item>Server connections (C,c,N) | |
252 | <item>Deny auto-connections (D) | |
253 | <item>Hub connections (H) | |
254 | <item>Leaf connections (L) | |
255 | <item>Version limitations (V) | |
256 | <item>Excluded machines (Q) | |
257 | <item>Service connections (S) | |
258 | <item>Bounce server (B) | |
259 | </enum> | |
260 | <p> | |
261 | Except for types ``M'' and ``A'', you are allowed to have | |
262 | multiple records of the same type. In some cases, you can | |
263 | have concurrent records. <bf>It is important to note that | |
264 | the last matching record will be used</bf>. This is | |
265 | especially useful when setting up I records (client | |
266 | connections). | |
267 | ||
268 | <descrip> | |
269 | <tag/NEW!!!/ As of the 2.11.0 version of the server, if the | |
270 | server has been compiled with #define CONFIG_DIRECTIVE_INCLUDE, you will be | |
271 | able to use #include directive in ircd.conf to include files without | |
272 | the need of M4, also recursively. | |
273 | <verb>#include "filename"</verb> | |
274 | For the command to be recognized, `#' MUST be first character in the line | |
275 | and there must be space after "include" word. Quotes around filename are | |
276 | optional. | |
277 | If filename does not start with slash, ircd config directory is prepended. | |
278 | Also note that chkconf will follow such includes. | |
279 | </descrip> | |
280 | ||
281 | <sect1>Machine information | |
282 | <p> | |
283 | <descrip> | |
284 | <tag/Introduction/ | |
285 | IRC needs to know a few things about your UNIX site, and the | |
286 | ``M'' command specifies this information for IRC. The fomat | |
287 | of this command is: | |
288 | <tag/Format/ | |
289 | <verb>M:<Server NAME>:<YOUR Internet IP#>:<Geographic Location>:<Port>:<SID>:</verb> | |
290 | <tag/M/ | |
291 | ``M'' specifies a Machine description line | |
292 | <tag/Server NAME/ | |
293 | The name of YOUR server adding any Internet DOMAINNAME that | |
294 | might also be present. If this hostname can be resolved, the | |
295 | IP# found will be used to for outgoing connections. | |
296 | Otherwise the default interface address of the host is used. | |
297 | The server name may not be FQDN of another host. (This | |
298 | means all outgoing connections will be done from the same | |
299 | IP#, even if your host has several IP#). | |
300 | <tag/YOUR Internet IP#/ | |
301 | If the machine on which you run the server has several IP | |
302 | addresses, you can define which IP# to use for outgoing | |
303 | connections. This overrides overrides the ``Server NAME''. | |
304 | <p>See Also the ``Port Connections'' and ``Server Connections'' | |
305 | sections. | |
306 | <tag/Geographic Location/ | |
307 | Geographic Location is used to say where your server is, and | |
308 | gives people in other parts of the world a good idea of | |
309 | where you are! If your server is in the USA, it is usually | |
310 | best to say: <CITY> <STATE>, USA. Like for | |
311 | Denver I say: ``Denver Colorado, USA''. Finnish sites (like | |
312 | tolsun.oulu.fi generally say something like ``Oulu, | |
313 | Finland''. | |
314 | <tag/Port/ | |
315 | Defines the port on which your server will listen for UDP | |
316 | pings from other servers. This should be the port were | |
317 | other servers are set to autoconnect. (Also see the port | |
318 | field description in connect lines). | |
319 | <tag/SID/ | |
320 | Defines Server ID, network-wide unique identifier of | |
321 | your server. It must begin with a digit. This must be set with | |
322 | cooperation of other servers' admins. On IRCnet you must | |
323 | consult your coord and/or admins of your peers. | |
324 | <tag/Example:/ | |
325 | M:tolsun.oulu.fi::Oulu, Finland:6667:00PA: | |
326 | <p> | |
327 | This line reads: My Host's name is ``tolsun.oulu.fi'', my | |
328 | site is located in ``Oulu, Finland'' and my SID is ``00PA''. | |
329 | <p> | |
330 | M:orion.cair.du.edu::Denver Colorado, USA:6667:00PS: | |
331 | <p> | |
332 | This line reads: My Hosts name is ``orion.cair.du.edu'', | |
333 | my site is located in ``Denver Colorado, USA'' and my SID is ``00PS''. | |
334 | <tag/Note/ Using ``*'' as <Your Internet IP> allows OS to | |
335 | choose best outgoing source IP. See also <bf>Server Connections</bf> | |
336 | section for configuring source IP of outgoing connections. | |
337 | </descrip> | |
338 | <p> | |
339 | ||
340 | <sect1>Administrative info | |
341 | <p> | |
342 | <descrip> | |
343 | <tag/Introduction/ The ``A'' line is used for administrative | |
344 | information about a site. The e-mail address of the person | |
345 | running the server should be included here in case problems | |
346 | arise. | |
347 | <tag/Format/<verb>A:<Your Name/Location>:<Your E-Mail Addr>:<other>::<network name>:</verb> | |
348 | <tag/A/This specifies an Admin record. | |
349 | <tag/Your Name & Location/ Use this field to say tell | |
350 | your FULL NAME and where in the world your machine is. Be | |
351 | sure to add your City, State/Province and Country. | |
352 | <tag/Your Electronix Mailing Addr/ Use this field to specify | |
353 | your Electronic Mailing Address preferably your Internet | |
354 | Mailing Address. If you have a UUCP or ARAPnet address - | |
355 | please add that as well. Be sure to add any extra DOMAIN | |
356 | information that is needed, for example ``mail jtrim@orion'' | |
357 | probably won't work as a mail address to me if you happen to | |
358 | be in Alaska. But ``mail jtrim@orion.cair.du.edu'' would | |
359 | work because you know that ``orion'' is part of the DOMAIN | |
360 | ``cair.du.edu''. So be sure to add your DOMAINNAMES to your | |
361 | mailing addresses. | |
362 | <tag/Other/ This is really an OTHER field - you can add what | |
363 | you want here. | |
364 | <tag/Network name/ Use this field to announce your network name | |
365 | in 005 numerics. Use only one word! | |
366 | <tag/Example/ | |
367 | (the line is just one line in the confuration file, here it | |
368 | is cut into two lines to make it clearer to read): | |
369 | <p> | |
370 | A:Jeff Trim - Denver Colorado, USA:INET jtrim@orion.cair.du.edu UUCP {hao,isis}!udenva!jtrim:Terve! Heippa! Have you said hello in Finnish today?;)::IRCnet: | |
371 | <p> | |
372 | Would look like this when printed out with the /admin command: | |
373 | <p> | |
374 | Jeff Trim - Denver Colorado, USA | |
375 | INET jtrim@orion.cair.du.edu UUCP {hao,isis}!udenva!jtrim | |
376 | Terve! Hei! Heippa! Have you said hello in Finnish today? ;) | |
377 | <p> | |
378 | Note that the A record cannot be split across multiple | |
379 | lines; it will typically be longer than 80 characters and | |
380 | will therefore wrap around the screen. | |
381 | </descrip> | |
382 | ||
383 | <Sect1>Port connections | |
384 | <p> | |
385 | <descrip> | |
386 | <tag/Introduction/ The port line adds flexibility to the | |
387 | server's ability to accept connections. By use of this line | |
388 | in the ircd.conf file, it is easy to setup both Unix Domain | |
389 | ports for the server to accept connections on as well as | |
390 | extra internet ports. | |
391 | <tag/Format/<verb>P:<Internet IP#>:::<Port>::<Flags>: | |
392 | P:<Directory>:::<Port>::<Flags>:</verb> | |
393 | </descrip> | |
394 | <itemize> | |
395 | <item>Internet Ports | |
396 | <descrip> | |
397 | <tag/Internet IP#/ If the host on which the server runs has | |
398 | several IP addresses, you can define for which IP address | |
399 | connections will be accepted. If none is defined here, server | |
400 | will bind to all interfaces (INADDR_ANY). See also <bf>Machine | |
401 | configuration</bf> and <bf>Server Connections</bf> sections | |
402 | to properly configure outgoing connections. | |
403 | <tag/Port/ The port number field tells the server which port | |
404 | number it should listen on for incoming connections. | |
405 | <tag/Example/ P:192.168.1.194:::6664: | |
406 | <p> | |
407 | Listens for incoming connections on IP 192.168.1.194, port 6664. | |
408 | </descrip> | |
409 | <item> Unix Socket Ports. | |
410 | <descrip> | |
411 | <tag/Directory/ The path set in this field should be the | |
412 | directory name in which to create the unix socket for later | |
413 | listening to. The server will attempt to create the | |
414 | directory before creating the unix socket. | |
415 | <tag/Port/ The port field when used in combination with a | |
416 | pathname in a P-line is the filename created in the | |
417 | directory set in the first field. | |
418 | <tag/Example/ P:/tmp/.ircd:::6667: | |
419 | <p> | |
420 | Creates a unix socket in the /tmp/.ircd directory called | |
421 | ``6667''. The unix socket (file) must be a numerical. | |
422 | </descrip> | |
423 | </itemize> | |
424 | <descrip> | |
425 | <tag/Flags/ Flags changing behaviour of a given P-line. It can be empty | |
426 | or one of: | |
427 | <itemize> | |
428 | <item>D - delayed accept (not active until first netjoin) | |
429 | <item>S - server-only (user connections are rejected) | |
430 | </itemize> | |
431 | Using 'D' flag is a nice way to help network not get invaded after restart. It | |
432 | does not enable listening socket on a given port before server has a chance to | |
433 | join a network. Note that you can change state of the listening sockets using | |
434 | SET CACCEPT oper command. Current state of sockets can be seen with STATS P | |
435 | (case sensitive). | |
436 | <tag/Note/ You need at least one P-line or server won't start. | |
437 | (Unless you run it from inetd.) | |
438 | </descrip> | |
439 | ||
440 | <sect1>Connection Classes | |
441 | <p> | |
442 | <descrip> | |
443 | <tag/Introduction/ To enable more efficient use of | |
444 | MAXIMUM_LINKS, connection classes were implemented. All | |
445 | clients belong to a connection class. | |
446 | <p>Each line for a server should have the same number as the | |
447 | sixth field. If it is absent, the server deaults it to 0, | |
448 | using the defaults from the config.h file. | |
449 | <p>To define a connection class, you need to include a Y: | |
450 | line in the ircd.conf file. This enables you to define the | |
451 | ping frequency, connection frequency (for servers) and | |
452 | maximum number of links that class should have. | |
453 | <p>Currently, the Y: line <bf>MUST</bf> appear in the | |
454 | ircd.conf file <bf>BEFORE</bf> it is used in any other way. | |
455 | <tag/Format/<verb>Y:<Class>:<Ping Freq>:<Connect Freq>:<Max Links>:<SendQ>:<Local Limit>:<Global Limit>:<CIDR Limit></verb> | |
456 | <tag/Y/ This specifies a Class record. | |
457 | <tag/Class/ This is the class number which gains the following | |
458 | attributes and should match that which is on the end of the | |
459 | C/c/N/I/O/S line. | |
460 | <tag/Ping Frequency/ This field defines how long the server will let | |
461 | the connection remain ``silent'' before sending a PING message | |
462 | to make sure it is still alive. Unless you are sure of what | |
463 | you are doing, use the default value which is in your | |
464 | config.h file. | |
465 | <tag/Connect Frequency/ By changing this number, you change | |
466 | how often your server checks to see if it can connect to | |
467 | this server. If you want to check very occasionally, use a | |
468 | large value, but if it is an important connection, you might | |
469 | want a smaller value so that you autoconnect to it as soon as | |
470 | possible. | |
471 | <tag/Max Links/ This field defines the maximum number of | |
472 | links this class will allow from automatic connections (C | |
473 | lines). Using /CONNECT overrides this feature. Also | |
474 | defines the maximum number of users in this class for all I/O | |
475 | lines being in that class (or per I/O line, if defined). | |
476 | <tag/SendQ/ This field defines the ``SendQ'' (data awaiting to be sent | |
477 | to the client) value for this class. The format is <x>.<y> | |
478 | <itemize> | |
479 | <item> x: defines maximum size of sendq, defaults to QUEUELEN if unset. | |
480 | <item> y: defines maximum size of sendq during burst, defaults to x if unset. | |
481 | </itemize> | |
482 | <tag/Local limit/ This field is used to limit the number | |
483 | of local concurrent connections. The format is | |
484 | <x>.<y> | |
485 | <itemize> | |
486 | <item> x: defines the maximum number of clients from the | |
487 | same host (IP) will be allowed. | |
488 | <item> y: defines the maximum number of clients from the | |
489 | same user@host (IP) will be allowed. Read note below. | |
490 | </itemize> | |
491 | Any unset value defaults to 1 (one). | |
492 | <tag/Global limit/ This field has the same use as the | |
493 | ``Local limit'' field. But, the connection counts are done | |
494 | for all clients present on the net instead of only counting | |
495 | local clients. | |
496 | <tag/CIDR Limit/ This field is used to limit the number of local | |
497 | host counts within a given IP network. The format is <x>/<y> | |
498 | <itemize> | |
499 | <item> x: defines the maximum number of clients from the same network | |
500 | <item> y: defines the length of the network in CIDR format | |
501 | </itemize> | |
502 | <tag/Note/ leaving any of the fields (except SendQ and limits) out | |
503 | means their value is 0 (ZERO)!! The SendQ field default | |
504 | value is dynamically determined. Limits default to 1.1 (one connection) | |
505 | except CIDR limit, which doesn't apply at all if left empty. | |
506 | <tag/Note/ If you plan to use the local user@host limit, | |
507 | please read the following very carefully. The ``user'' | |
508 | value is the ident reply for the connection. If no reply | |
509 | was given then it defaults to ``unknown'' and thus the | |
510 | effective limit will be per host, not per user@host. Also, | |
511 | some ident servers return encrypted data which changes for | |
512 | every connection making the limit void. If you think limits | |
513 | do not work, check ircd logs, the auth reply can be longer | |
514 | than what ircd shows on-line. | |
515 | <tag/Note/ Only the local limitation is accurate. | |
516 | <tag/Note/ If you define a gobal limit, you should also | |
517 | define a local limit (same or lower) as it won't take more | |
518 | CPU and will make the global limit more accurate. | |
519 | <tag/Note/ The local and global limits only affect users (I | |
520 | lines), not servers nor services. | |
521 | <tag/Example/ Y:23:120:300:5:800000:0:0: (server class) | |
522 | <p> | |
523 | This defines class 23 to allow 5 auto-connections, which are | |
524 | checked every 300 seconds. The connection is allowed to | |
525 | remain silent for 120 seconds before a PING is sent. NOTE: | |
526 | fields 3 & 4 are in seconds. The SendQ is set to 800000 | |
527 | bytes. | |
528 | <p> | |
529 | Y:1:60:0:50:20000:2:5: (client class) | |
530 | <p> | |
531 | In case of a client class, the fields are interpreted a bit | |
532 | differently. This class (number 1) can be used by up to 50 | |
533 | users. The connections are allowed to remain silent for 60 | |
534 | seconds before a PING is set. The SendQ is set to 20000 | |
535 | bytes. A new connection in this class will only be allowed | |
536 | if there aren't more than 2 other local connections from the | |
537 | same IP address, or more than 5 other connections on the net | |
538 | from the same hostname. | |
539 | <tag/Note/ The default maxlinks behaviour has changed in 2.11.2, | |
540 | see config.h for details. | |
541 | <p> | |
542 | Y:2:60:0:50:20000:2.1:5: (client class) | |
543 | <p> | |
544 | In case of a client class, the fields are interpreted a bit | |
545 | differently. This class (number 2) can be used by up to 50 | |
546 | users. The connections are allowed to remain silent for 60 | |
547 | seconds before a PING is set. The SendQ is set to 20000 | |
548 | bytes. A new connection in this class will only be allowed | |
549 | if there aren't more than 2 other local connections from the | |
550 | same IP address, 1 local connection from the same user | |
551 | from the same IP address, or more than 5 other connections | |
552 | on the net from the same hostname. | |
553 | <p> | |
554 | Y:2:60:0:50:20000:2.1:5:4/24 (client class) | |
555 | <p> | |
556 | Other numbers are exactly the same as previous. Last field | |
557 | limits connections within the same /24 to 4 hosts. It does not | |
558 | matter how many different /24 networks are using this Y:line, | |
559 | each will have separate count. | |
560 | </descrip> | |
561 | ||
562 | <sect1>Client connections | |
563 | <p> | |
564 | How to let clients connect to your IRCD. | |
565 | <descrip> | |
566 | <tag/Introduction/ A client is a program that connects to | |
567 | the ircd daemon (ircd). There are clients written in C, GNU | |
568 | Emacs Lisp and many other languages. The ``irc'' program is | |
569 | the C client. Each person that talks via IRC is running | |
570 | their own client. | |
571 | <p> | |
572 | The ircd.conf files contains entries that specify which | |
573 | clients are allowed to connect to your irc daemon. | |
574 | Obviously you want to allow your own machine's clients to | |
575 | connect. You may want to allow clients from other sites to | |
576 | connect. These remote clients will use your server as a | |
577 | connection point. All messages sent by these clients will | |
578 | pass through your machine. | |
579 | <tag/Format/ | |
580 | <verb>I:<TARGET Host Addr>:<Password>:<TARGET Hosts NAME>:<Port>:<Class>:<Flags></verb> | |
581 | <tag/Note/Lower case ``i'' is equal to an ``R'' flag in plain ``I''. | |
582 | Lower case ``i'' will be removed in the next version. | |
583 | <tag/TARGET Host Addr/Specifies the IP address(es) of the | |
584 | machine(s) that are allowed to connect. If ``user@'' | |
585 | prefixes the actual IP address the server will require that | |
586 | the remote username returned by the ident server be the same | |
587 | as the one given before the ``@''. Wildcards are permitted | |
588 | unless using a bitmask (e.g. 1.2.3.0/24). Note that bitmask | |
589 | are encouraged over wildcards, as they are more accurate. | |
590 | <p>Empty field is equal to '*' (matches any). | |
591 | <tag/Password/The password that must be given by the client | |
592 | to be allowed on the server. | |
593 | <tag/TARGET Host NAME/Specifies the host name(s) of the | |
594 | machines allowed to connect to the server. If ``user@'' | |
595 | prefixes the actual name the server will require that | |
596 | the remote username returned by the ident server be the same | |
597 | as the one given before the ``@''. Wildcards are permitted, | |
598 | but <bf>please</bf> rather leave this field empty and use bitmask | |
599 | in <bf>Host Addr</bf> field. | |
600 | <p>Empty field matches any. ``*'' also matches any, but it requires working DNS for a client. | |
601 | <p>Using this field to enforce that clients have no Host Name set | |
602 | is not working (they will rather be denied connection). Use ``N'' <bf>flag</bf>. | |
603 | <tag/Port/Specifies the port number for which this | |
604 | configuration line is valid. An empty field, or ``0'' | |
605 | matches all ports. | |
606 | <tag/Class/This field should refer to an existing class. | |
607 | Connections classes are usefull to limit the number of users | |
608 | allowed on the server. | |
609 | <tag/Flags/This field contains flags of an I:line; flags are | |
610 | one character in size, can be combined and their order does not matter. | |
611 | <itemize> | |
612 | <item>D - restricted, when client has no reverse DNS | |
613 | <item>E - client is exempted from K-lines | |
614 | <item>e - client is exempted from X-lines | |
615 | <item>F - fall-through to next I-line if password did not match | |
616 | <item>I - restricted, when client has no ident. | |
617 | <item>M - disable resolved host name to be shown | |
618 | <item>N - disable resolved host name to be used | |
619 | <item>R - restricted | |
620 | </itemize> | |
621 | <tag/Note/Restricted I: line means that | |
622 | clients matching such I line will not be able to use their operator | |
623 | privileges (no nick/mode change, no kick). Such users will also | |
624 | have their username prefixed by +, = or - depending on the ident reply. | |
625 | ||
626 | <tag/Note/The server checks if the client hostname | |
627 | matches the <bf>TARGET Host NAME</bf> field. | |
628 | If a match is found, server checks <bf>TARGET Host Addr</bf> field. | |
629 | If a match is found, the client is accepted. Clients host is set | |
630 | either to its hostname (if available) or, using ``N'' or ``M'' flag, to its IP. | |
631 | <tag/Note/The difference between ``M'' and ``N'' flags is simple: after host | |
632 | resolving and I:line matching is done, ``M'' keeps hostname and uses it for | |
633 | matching in beIR modes and printing in logs, while ``N'' discards it completely. | |
634 | <tag/Examples/ | |
635 | For example, if you were installing IRC on tolsun.oulu.fi | |
636 | and you wanted to let your own | |
637 | clients to connect to your server, you would add this entry | |
638 | to the file: | |
639 | <p> | |
640 | I:::tolsun.oulu.fi::1 | |
641 | <p> | |
642 | If you wanted to let remote clients connect, you could add | |
643 | the following line: | |
644 | <p> | |
645 | I:::*.edu.edu::1 | |
646 | <p> | |
647 | and allow any clients from machines whose names end in | |
648 | ``.edu.edu'' to connect with no password. | |
649 | <p> | |
650 | I:128.214.6.100::nic.funet.fi::1 | |
651 | <p> | |
652 | Allow clients from a machine with that IP number <bf>and</bf> | |
653 | that hostname to connect. | |
654 | <p> | |
655 | I::secret:*.tut.fi::1 | |
656 | <p> | |
657 | Allow clients from machines matching ``*.tut.fi'' to connect | |
658 | with the password ``secret''. | |
659 | <p> | |
660 | I:::*::1 | |
661 | <p> | |
662 | Allow anyone from anywhere to connect to your server. | |
663 | <p> | |
664 | I:::*.fi:6667:1 | |
665 | <p> | |
666 | Allow clients from machines matching ``*.fi'' to connect on | |
667 | the port 6667. | |
668 | <p> | |
669 | I:135.11.35.0/24::*.net::1 | |
670 | <p> | |
671 | Allows clients from machines which host name matches | |
672 | ``*.net'' <bf>and</bf> which IP address is within block ``135.11.35.0/24'' to | |
673 | connect to the server. | |
674 | <p>I:135.11.35.0/24::::1:N | |
675 | <p>I:135.11.35.0/24::*.net::1 | |
676 | <p>This set of two I:lines | |
677 | allows clients from machines which host name matches | |
678 | ``*.net'' <bf>and</bf> which IP address is within block ``135.11.35.0/24'' to | |
679 | connect to the server. If the host name does not match | |
680 | ``*.net'' then another I:line is used and because of ``N'' flag, | |
681 | the IP address is used for these clients, even if the host name is known. | |
682 | <p> | |
683 | I:135.11.35.0/24::::1 | |
684 | <p> | |
685 | Allows clients from machines which IP address is within block | |
686 | ``135.11.35.0/24'' to connect to the server. If the host name | |
687 | is known, is it used as address for these clients. | |
688 | <p><tag/NEW!!!/ As of the 2.11.0 version of the server, I: line flags | |
689 | are introduced. | |
690 | </descrip> | |
691 | ||
692 | <sect1>Operator priviliges | |
693 | <p> | |
694 | How to become the IRC administrator on your site | |
695 | <descrip> | |
696 | <tag/Introduction/ To become an IRC Administrator, IRC must | |
697 | know who is authorized to become an operator and what their | |
698 | ``Nickname'' and ``Password'' is. | |
699 | <tag/Format/<verb>O:<TARGET Host NAME>:<Password>:<Nickname>:<Port>:<Class>:<Flags></verb> | |
700 | <tag/O/ Specifies Operator record. | |
701 | <tag/Note/If you use small letter (``o'') in it, it specifies | |
702 | a local operator. This is deprecated behaviour, use O:line flags. | |
703 | Operator rights can be specified in config.h and fine-tuned in ircd.conf. | |
704 | <tag/TARGET Host NAME/ Tells IRC which host you have the | |
705 | privileges FROM. This means that you should be logged into | |
706 | this host when you ask for the priviliges. If you specify | |
707 | ``tolsun.oulu.fi'' then IRC will expect your CLIENT to be | |
708 | connected at ``tolsun.oulu.fi'' - when you ask for OPERATOR | |
709 | privileges from ``tolsun.oulu.fi''. You cannot be logged in | |
710 | at any other host and be able to use your OPERATOR | |
711 | privileges at tolsun, only when you are connected at TOLSUN | |
712 | will this work - this is a safeguard against unauthorized | |
713 | sites. | |
714 | <tag/Password/ If your AUTHORIZATION Password - this is the | |
715 | password that let's IRC know you are who you say you are! | |
716 | Never tell anyone your password and always keep the | |
717 | ``ircd.conf'' file protected from all of the other users. | |
718 | <tag/Nickname/ The Nickname you usually go by - but you can | |
719 | make this what you want. | |
720 | <tag/Port/ Unused. | |
721 | <tag/Class/ The class field should refer to an existing | |
722 | class (preferably having a lower number than that for the | |
723 | relevant I-line) and determines the maximum number of | |
724 | simultaneous uses of the O-line allowable through the | |
725 | max. links field in the Y-line. | |
726 | <tag/Flags/This field contains flags of an O:line; flags are | |
727 | one character in size, can be combined and their order does not matter. | |
728 | They define privileges of an operator. | |
729 | <itemize> | |
730 | <item>L - local operator (disables all remote functions) | |
731 | <item>P - removes penalty | |
732 | <item>p - allows flooding | |
733 | <item>& - allows joining &CLIENTS | |
734 | <item>A - enables all flags below | |
735 | <item>C - allows local and remote CONNECT | |
736 | <item>c - allows local CONNECT | |
737 | <item>D - allows DIE | |
738 | <item>d - allows DNS | |
739 | <item>e - allows SET | |
740 | <item>h - allows HAZH | |
741 | <item>K - allows local and remote KILL | |
742 | <item>k - allows local KILL | |
743 | <item>l - allows CLOSE | |
744 | <item>R - allows RESTART | |
745 | <item>r - allows REHASH | |
746 | <item>S - allows local and remote SQUIT | |
747 | <item>s - allows local SQUIT | |
748 | <item>T - allows TKLINE | |
749 | <item>q - allows KLINE | |
750 | <item>t - enables full TRACE and STATS L | |
751 | <item>v - allows SIDTRACE | |
752 | </itemize> | |
753 | ``L'' flag cannot be overridden by other flags. | |
754 | If <Flags> field is left empty, no privileges will be granted. | |
755 | <tag/Example/ O:orion.cair.du.edu:pyunxc:Jeff::1:A | |
756 | <p> | |
757 | There is an OPERATOR at ``orion.cair.du.edu'' that can get | |
758 | Operator priviliges if he specifies a password of ``pyunxc'' | |
759 | and uses a NICKNAME of ``Jeff'' and is granted all possible privileges. | |
760 | <tag/Note/ Host NAME accepts IP bitmasks. | |
761 | <tag/Note/ Some privileges may be disabled during compilation time in config.h. | |
762 | </descrip> | |
763 | ||
764 | <sect1>Excluded accounts | |
765 | <p> | |
766 | Remove an errant user from IRC on your site. | |
767 | <descrip> | |
768 | <tag/Introduction/ | |
769 | Obviously it is hoped that you wouldn't have to use this | |
770 | command. Unfortunately sometimes a user can become | |
771 | unmanageable and this is your only recourse - the KILL USER | |
772 | command. THIS COMMAND ONLY AFFECTS YOUR SERVER - if this | |
773 | user can connect to another server somewhere else in the | |
774 | IRC network then you would have to talk to the administrator | |
775 | on that site to disable his access from that IRCD server as | |
776 | well. | |
777 | <tag/Format/<verb> | |
778 | K:<Host Name>:<time interval(s)|comment>:<User>:<port>: | |
779 | k:<Host Name>:<time interval(s)|comment>:<Auth>:<port>: | |
780 | </verb> | |
781 | <tag/K/``K'' tells the IRCD that you are making a KILL USER | |
782 | command entry. | |
783 | <tag/Host Name/ In this field you specify the Hostname or | |
784 | the IP address (Single IP, Wildcard notation or bitmask | |
785 | notation) that the user is connecting from. If you wanted | |
786 | to REMOVE connects to IRC from ``orion.cair.du.edu'' then | |
787 | you would want to enter ``orion.cair.du.edu''. If you want | |
788 | to REMOVE ALL HOSTS access you can use ``*'' (Wild Card | |
789 | notation) and no matter what host the USERNAME (specified in | |
790 | Field 4) connects from s/he will be denied access. | |
791 | <p> | |
792 | If you specify an IP address, IP mask, or an IP bitmask, | |
793 | it will match clients connecting from the matching | |
794 | addresses, no matter if they resolve or not. | |
795 | <p> | |
796 | You can prefix an IP address, an IP mask, or IP bitmask by | |
797 | ``='' in which case only non resolving matching hosts will | |
798 | be banned. | |
799 | <tag/time interval(s)|comment/ Either leave this field empty | |
800 | or put a comment, then the line active continuously for the | |
801 | specified user/host machine. You may also specify intervals | |
802 | during the line should be active, see examples below. | |
803 | <tag/User/ The USERNAME of the user you want removed from | |
804 | IRC. For example ``root''. | |
805 | <tag/Auth/ If the user's ident server replies with the OTHER | |
806 | type (as opposed to the UNIX type), the reply is not used to | |
807 | set the user's username. (lowercase) k lines can be used in | |
808 | these case to reject users based on their ident reply. | |
809 | <p> | |
810 | This field will be matched against the ident server reply. | |
811 | It is important to note that OTHER replies are prefixed with | |
812 | a ``-'' by the ircd, while UNIX replies are not. | |
813 | <tag/Port/ The port on which the Kill line will be | |
814 | effective. 0 means all ports. | |
815 | <tag/Examples/ K:orion.cair.du.edu::jtrim:0: | |
816 | <p> | |
817 | If user ``jtrim'' connects to IRC from host | |
818 | ``orion.cair.du.edu'' then IMMEDIATELY REMOVE HIM from my | |
819 | IRCD. | |
820 | <p> | |
821 | k:*.stealth.net::-43589:0: | |
822 | <p> | |
823 | If a user connects from any host that has the suffix | |
824 | ``stealth.net'' and if that host ident server returns | |
825 | ``-43589'' - then IMMEDIATELY REMOVE THEM from my IRCD. | |
826 | <p> | |
827 | K:*.cair.du.edu::root:0: | |
828 | <p> | |
829 | If user ``root'' connects to IRC from any host that has the | |
830 | suffix ``cair.du.edu'' - then IMMEDIATELY REMOVE THEM from | |
831 | my IRCD. | |
832 | <p> | |
833 | K:*::vijay:0: | |
834 | <p> | |
835 | This line reads ``I don't care WHAT HOST user ``vijay'' is | |
836 | on, I will NEVER allow username ``vijay'' to login to my | |
837 | IRCD.'' | |
838 | <p> | |
839 | K:*.oulu.fi:0800-1200,1400-1900:*:0: | |
840 | <p> | |
841 | This disallows all users from hosts with enddomain | |
842 | ``oulu.fi'' access to your server between 8 and 12am, 2 and | |
843 | 7pm. Users get kicked off if they're already signed on when | |
844 | the line becomes active (they'll get a warning 5 minutes | |
845 | before). Note that this requires ircd to be compiled with | |
846 | proper #define! | |
847 | <p> | |
848 | K:192.11.35.0/24::*:0: | |
849 | <p> | |
850 | This line disallows all hosts whose IP address is from network | |
851 | ``192.11.35.0/24'' to login to the ircd. | |
852 | <p> | |
853 | K:=192.11.35.0/24::*:0: | |
854 | <p> | |
855 | This line disallows all hosts whose IP address is from network | |
856 | ``192.11.35.0/24'' and which didn't resolve to login to the | |
857 | ircd. | |
858 | </descrip> | |
859 | ||
860 | <sect1>X Excluded accounts | |
861 | <p> | |
862 | Remove an errant user from IRC on your site. | |
863 | <descrip> | |
864 | <tag/Introduction/ | |
865 | Obviously it is hoped that you wouldn't have to use this | |
866 | command. Unfortunately sometimes a virus can become | |
867 | difficult to remove by other means and this is your only recourse - | |
868 | the XKILL USER | |
869 | command. THIS COMMAND ONLY AFFECTS YOUR SERVER - if this | |
870 | user can connect to another server somewhere else in the | |
871 | IRC network then you would have to talk to the administrator | |
872 | on that site to disable his access from that IRCD server as | |
873 | well. | |
874 | <tag/Format/<verb> | |
875 | X:<USER 1st arg>:<USER 2nd arg>:<USER 3rd arg>:<USER 4th arg>:<Nick>:<Target host addr> | |
876 | </verb> | |
877 | <tag/X/``X'' tells the IRCD that you are making an XKILL USER | |
878 | command entry. | |
879 | <tag/USER n-th arg/ Given field will be matched against corresponding parameter | |
880 | of client USER command. If left empty it matches any. It may contain wildcards. | |
881 | <tag/Nick/ If left empty it matches any. It may contain wildcards. | |
882 | <tag/Target host addr/ Host or IP address or Network in CIDR format. It makes given | |
883 | X:line apply only to a selected hosts. May contain wildcards. | |
884 | If left empty it matches any. | |
885 | <tag/Examples/ | |
886 | <verb>X:guest:::guest:</verb> | |
887 | If user registers with the following USER command | |
888 | <verb>USER guest anything anything :guest</verb> | |
889 | then IMMEDIATELY REMOVE HIM from my IRCD. | |
890 | <verb>X:abc:::def:woof:</verb> | |
891 | If user registers with the following NICK and USER commands | |
892 | <verb>NICK woof | |
893 | USER abc anything anything :def</verb> | |
894 | then IMMEDIATELY REMOVE HIM from my IRCD. | |
895 | <tag/Note/ You need to compile server with #define XLINE to get this | |
896 | functionality. | |
897 | </descrip> | |
898 | ||
899 | <sect1>Server connections | |
900 | <p> | |
901 | How to connect to other servers, How other servers can connect to you | |
902 | <p> | |
903 | <bf>WARNING:</bf> | |
904 | The hostnames used as examples are really only examples and | |
905 | not meant to be used (simply because they don't work) in | |
906 | real life. | |
907 | <p> | |
908 | Now you must decide WHICH hosts you want to connect to and | |
909 | WHAT ORDER you want to connect to them in. For my example | |
910 | let us assume I am on the machine "rieska.oulu.fi" and I | |
911 | want to connect to irc daemons on 3 other machines: | |
912 | <itemize> | |
913 | <item>``garfield.mit.edu'' - Tertiary Connection | |
914 | <item>``irc.nada.kth.se'' - Secondary Connection | |
915 | <item>``nic.funet.fi'' - Primary Connection | |
916 | </itemize> | |
917 | <p> | |
918 | And I prefer to connect to them in that order, meaning I | |
919 | first want to try connecting to ``nic.funet.fi'', then to | |
920 | ``irc.nada.kth.edu'', and finally to ``garfield.mit.edu''. | |
921 | So if ``nic.funet.fi'' is down or unreachable, the program | |
922 | will try to connect to ``irc.nada.kth.se''. If | |
923 | irc.nada.kth.se is down it will try to connect to garfield | |
924 | and so forth. | |
925 | <p> | |
926 | PLEASE limit the number of hosts you will attempt to connect | |
927 | to down to 3. This is because of two main reasons: | |
928 | <enum> | |
929 | <item> to save your server from causing extra load and | |
930 | delays to users | |
931 | <item> to save internet from extra network traffic (remember | |
932 | the old rwho program with traffic problems when the number | |
933 | of machines increased). | |
934 | </enum> | |
935 | <p> | |
936 | <descrip> | |
937 | <tag/Format/ <verb>C:<TARGET Host Addr>:<Password>:<TARGET Host NAME>:<TARGET PORT>:<Class>:<Source IP></verb> | |
938 | <p> | |
939 | for example: | |
940 | <p> | |
941 | C:nic.funet.fi:passwd:nic.funet.fi:6667:1 | |
942 | <p> | |
943 | - or - | |
944 | <p> | |
945 | C:128.214.6.100:passwd:nic.funet.fi:6667:1 | |
946 | <p> | |
947 | - or - | |
948 | <p> | |
949 | C:root@nic.funet.fi:passwd:nic.funet.fi:6667:1 | |
950 | <p> | |
951 | <tag/C/ This field tells the IRC program which option is | |
952 | being configured. "C" corresponds to a server Connect | |
953 | option. | |
954 | <tag/TARGET Host Addr/ Specifies the host name or IP address | |
955 | of the machine to connect to. If ``user@'' prefixes the | |
956 | actual hostname or IP address the server will require that | |
957 | the remote username returned by the ident server be the same | |
958 | as the one given before the ``@''. | |
959 | <tag/Password/ The password of the other host. A password | |
960 | must always be present for the line to be recognized. | |
961 | <tag/TARGET Host NAME/ This is the name that the TARGET server will | |
962 | identify itself with when you connect to it. If you were | |
963 | connecting to nic.funet.fi you would receive | |
964 | ``nic.funet.fi'' and that is what you should place in this | |
965 | field. | |
966 | <tag/TARGET PORT/ The INTERNET Port that you want to connect | |
967 | to on the TARGET machine. Most of the time this will be set | |
968 | to ``6667''. If this field is left blank, then no | |
969 | connections will be attempted to the TARGET host, and your | |
970 | host will accept connections FROM the TARGET host instead. | |
971 | The port field can contain 2 ports, separated by a . In this | |
972 | case, the first port is used when auto-connecting, the | |
973 | second port is used for the UDP pings to the targer server. | |
974 | It can be negative to disable autoconnects, absolute value | |
975 | will be used to connect when CONNECT command with port ``0'' is used. | |
976 | <tag/Class/ The class field should refer to an existing | |
977 | class and determines the maximum number of simultaneous uses | |
978 | of the C-line allowable through the max. links field in the | |
979 | Y-line. | |
980 | <tag/Source IP/ This field specifies source IP to use for connects | |
981 | to this server. | |
982 | <tag/Compressed links/ Server connections can be compressed with the zlib library. To define a compressed connection, you must have compiled the server with ZIP_LINKS defined, and use a _lowercase_ C line. | |
983 | <tag/NEW!!!/ As of the 2.11.0 version of the server, <bf>Source IP</bf> field | |
984 | has been added. | |
985 | </descrip> | |
986 | <p> | |
987 | Some examples: | |
988 | <itemize> | |
989 | <item>C:nic.funet.fi::nic.funet.fi:6667:1 | |
990 | <p> | |
991 | This reads: Connect to host ``nic.funet.fi'', with no | |
992 | password and expect this server to identify itself to you as | |
993 | ``nic.funet.fi''. Your machine will connect to this host to | |
994 | port 6667. | |
995 | <item>C:18.72.0.252:Jeff:garfield.mit.edu:6667:1:192.168.0.18 | |
996 | <p> | |
997 | This reads: Connect to a host at address ``18.72.0.252'', | |
998 | using a password of ``Jeff''. | |
999 | The TARGET server should | |
1000 | identify itself as ``garfield.mit.edu''. You will connect | |
1001 | to Internet Port 6667 on this host. This connection will use (your) | |
1002 | source IP of ``192.168.0.18''. | |
1003 | <item>C:irc.nada.kth.se::irc.nada.kth.se:1 | |
1004 | <p> | |
1005 | This reads: do not attempt to autoconnect to | |
1006 | ``irc.nada.kth.se'', but if ``irc.nada.kth.se'' requests a | |
1007 | connection, allow it to connect. | |
1008 | </itemize> | |
1009 | <p> | |
1010 | Now back to our original problem, we wanted OUR server | |
1011 | CONNECT to 3 hosts, ``nic.funet.fi'', ``irc.nada.kth.se'' | |
1012 | and ``garfield.mit.edu'' in that order. So as we enter | |
1013 | these entries into the file they must be done in | |
1014 | <bf>reverse</bf> order of how we could want to connect to | |
1015 | them. | |
1016 | <p> | |
1017 | Here's how it would look if we connected ``nic.funet.fi'' first: | |
1018 | <p> | |
1019 | C:garfield.mit.edu::garfield.mit.edu:6667:1 | |
1020 | C:irc.nada.kth.se::irc.nada.kth.se:6667:1 | |
1021 | C:nic.funet.fi::nic.funet.fi:6667:1 | |
1022 | <p> | |
1023 | Ircd will attempt to connect to nic.funet.fi first, then to | |
1024 | irc.nada and finally to garfield. | |
1025 | <p> | |
1026 | <bf>Reciprocal entries:</bf> | |
1027 | Each ``C'' entry requires a corresponding ``N'' entry that | |
1028 | specifies connection priviliges to other hosts. The ``N'' | |
1029 | entry contains the password, if any, that you require other | |
1030 | hosts to have before they can connect to you. These entries | |
1031 | are of the same format as the ``C'' entries. | |
1032 | <p> | |
1033 | <descrip> | |
1034 | <tag/Format/ The format for the NOCONNECT entry in the ``ircd.conf'' is: | |
1035 | <verb>N:<TARGET Host Addr>:<Password>:<TARGET Host NAME>:<Domain Mask>:<Class></verb> | |
1036 | <p> | |
1037 | Let us assume that ``garfield.mit.edu'' connects to your | |
1038 | server and you want to place password authorization | |
1039 | authorization on garfield. The ``N'' entry would be: | |
1040 | <p> | |
1041 | N:garfield.mit.edu:golden:garfield.mit.edu:: | |
1042 | <p> | |
1043 | This line says: expect a connection from host | |
1044 | ``garfield.mit.edu'', and expect a login password of | |
1045 | ``golden'', and expect the host to identify itself as | |
1046 | ``garfield.mit.edu''. | |
1047 | <p> | |
1048 | N:18.72.0.252::garfield.mit.edu:: | |
1049 | <p> | |
1050 | This line says: expect a Connection from host | |
1051 | ``18.72.0.252'', and don't expect login password. The | |
1052 | connecting host should identify itself as | |
1053 | ``garfield.mit.edu''. | |
1054 | <tag/N/ ``N'' corresponds to a server Noconnect option. | |
1055 | <tag/TARGET Host Addr/ Specifies the host name or IP address | |
1056 | of the machine to connect to. If ``user@'' prefixes the | |
1057 | actual hostname or IP address the server will require that | |
1058 | the remote username returned by the ident server be the same | |
1059 | as the one given before the ``@''. | |
1060 | <tag/Password/ The password of the other host. A password | |
1061 | must always be present for the line to be recognized. If | |
1062 | CRYPT_LINK_PASSWORD is defined in config.h, this password | |
1063 | must be crypted. | |
1064 | <tag/TARGET Host NAME/ The full hostname of the target | |
1065 | machine. This is the name that the TARGET server will | |
1066 | identify itself with when you connect to it. If you were | |
1067 | connecting to nic.funet.fi you would receive | |
1068 | ``nic.funet.fi'' and that is what you should place in this | |
1069 | field. | |
1070 | <tag/Domain Mask/ Domain masking, see below. | |
1071 | <tag/Class/ The class field should refer to an existing class. | |
1072 | <tag/Wildcards domains/ To reduce the great amount of | |
1073 | servers in IRCnet wildcard DOMAINS were introduced in | |
1074 | 2.6. To explain the usage of wildcard domains we take an | |
1075 | example of such: | |
1076 | <p> | |
1077 | *.de - a domain name matching all machines in Germany. | |
1078 | <p> | |
1079 | Wildcard domains are useful in that ALL SERVERS in Germany | |
1080 | (or any other domain area) can be shown as one to the rest | |
1081 | of the world. Imagine 100 servers in Germany, it would be | |
1082 | incredible waste of network bandwidth to broadcast all of | |
1083 | them to all servers around the world. | |
1084 | <p> | |
1085 | So wildcard domains are a great help, but how to use them ? | |
1086 | <p> | |
1087 | They can be defined in the N-line for a given connection, in | |
1088 | place of ``Domain Mask'' you write a magic number called | |
1089 | wildcard count. | |
1090 | <p> | |
1091 | Wildcard count tells you HOW MANY PARTS of your server's | |
1092 | name should be replaced by a wildcard. For example, your | |
1093 | server's name is ``tolsun.oulu.fi'' and you want to | |
1094 | represent it as ``*.oulu.fi'' to ``nic.funet.fi''. In this | |
1095 | case the wildcard count is 1, because only one word (tolsun) | |
1096 | is replaced by a wildcard. | |
1097 | <p> | |
1098 | If the wildcard count would be 2, then the wildcard domain | |
1099 | would be ``*.fi''. Note that with wildcard name ``*.fi'' you | |
1100 | could NOT connect to ``nic.funet.fi'' because that would | |
1101 | result in a server name <bf>collision</bf> (*.fi matches | |
1102 | nic.funet.fi). | |
1103 | <p> | |
1104 | I advise you to not to use wildcard servers before you know | |
1105 | for sure how they are used, they are mostly beneficial for | |
1106 | backbones of countries and other large areas with common | |
1107 | domain. | |
1108 | </descrip> | |
1109 | <p> | |
1110 | ||
1111 | <sect1>Deny auto-connections | |
1112 | <p> | |
1113 | <descrip> | |
1114 | <tag/Introduction/ D lines were implemented to give server | |
1115 | administrators more control on how auto connections are | |
1116 | done. This will most likely only be useful for big networks | |
1117 | which have complex configurations. | |
1118 | <tag/Format/<verb>D:<Denied Server Mask>:Denied Class:<Server Name>:Server Class: | |
1119 | </verb> | |
1120 | <tag/Denied Server Mask/ This field is matched against all | |
1121 | servers currently present on the network. If it starts with ``!'', | |
1122 | it reverses the meaning of search. | |
1123 | <tag/Denied Class/ If this field contains a class number, | |
1124 | it will match if any server in that class is currently | |
1125 | present on the network. Note that this can be true for any | |
1126 | server, even the ones not directly connected. | |
1127 | <tag/Server Name/ This field is matched against the server | |
1128 | name that the server wants to auto connect to. | |
1129 | <tag/Server Class/ This field is used to match against the | |
1130 | class to which belong the servers for which an autoconnect | |
1131 | is set. | |
1132 | <tag/Examples/D:*.edu::*.fi:: | |
1133 | <p> | |
1134 | Don't auto-connect to any ``*.fi'' server if any server | |
1135 | present on the network matches ``*.edu''. | |
1136 | <p> | |
1137 | D:!*.edu::*.fi:: | |
1138 | <p> | |
1139 | Don't auto-connect to any ``*.fi'' server if none of the servers | |
1140 | present on the network matches ``*.edu''. | |
1141 | <p> | |
1142 | D::2:eff.org:3: | |
1143 | <p> | |
1144 | Do not auto-connect to ``eff.org'', or any server in class | |
1145 | ``3'' if a server defined to be in class ``2'' is currently | |
1146 | present on the network. | |
1147 | </descrip> | |
1148 | ||
1149 | <sect1>Hub connections | |
1150 | <p> | |
1151 | <descrip> | |
1152 | <tag/Introduction/ In direct contrast to L-lines, the server | |
1153 | also implements H-lines to determine which servers may act | |
1154 | as a hub and what they may ``hub for''. If a server is only | |
1155 | going to supply its own name (ie act as a solitary leaf) | |
1156 | then no H-line is required for, else a H-line must be added. | |
1157 | <tag/Format/<verb>H:<Server Mask>:<SID Mask>:<Server Name>:: | |
1158 | </verb> | |
1159 | <tag/Server Mask/ All servers that are allowed via this | |
1160 | H-line must match the mask given in this field. | |
1161 | <tag/SID Mask/ SIDs of all servers that are allowed via this | |
1162 | H-line must match the mask given in this field. Empty field is | |
1163 | equal to '*', that is any SID is allowed to be introduced. | |
1164 | <tag/Server Name/ This field is used to match exactly | |
1165 | against a server name, wildcards being treated as literal | |
1166 | characters. | |
1167 | <tag/Examples/H:*.edu::*.bu.edu:: | |
1168 | <p> | |
1169 | Allows a server named ``*.bu.edu'' to introduce only servers | |
1170 | that match the ``*.edu'' name mask, no matter what SID they have. | |
1171 | <p> | |
1172 | H:*:616*:eff.org:: | |
1173 | <p> | |
1174 | Allows ``eff.org'' to introduce (and act as a hub for) any | |
1175 | server which SID begins with ``616''. | |
1176 | <tag/Note/ It is possible to have and use multiple H-lines | |
1177 | (or L-lines) for the one server. eg: | |
1178 | <p> | |
1179 | <verb>H:*.edu:*:*.bu.edu:: | |
1180 | H:*.au:*:*.bu.edu:: | |
1181 | </verb> | |
1182 | <p> | |
1183 | is allowed as is | |
1184 | <p> | |
1185 | <verb>L:*.edu:*:*.au:: | |
1186 | L:*.com:*:*.au:: | |
1187 | </verb> | |
1188 | </descrip> | |
1189 | ||
1190 | <sect1>Leaf connections | |
1191 | <p> | |
1192 | <descrip> | |
1193 | <tag/Introduction/ To stop servers which should only act as | |
1194 | leaves from hubs becoming hubs accidently, the L line was | |
1195 | introduced so that hubs can be aware of which servers should | |
1196 | and shouldnt be treated as leaves. A leaf server is supposed | |
1197 | to remain a node for the entirity of its life whilst | |
1198 | connected to the IRC server network. It is quite easy, | |
1199 | however for a leaf server to be incorrectly setup and create | |
1200 | problems by becoming a node of 2 or more servers, ending its | |
1201 | life as a leaf. The L line enables the administrator of an | |
1202 | IRC ``Hub server'' to ``stop'' a server which is meant to | |
1203 | act as a leaf trying to make itself a hub. If, for example, | |
1204 | the leaf server connects to another server which doesnt have | |
1205 | an L-line for it, the one which does will drop the | |
1206 | connection, once again making the server a leaf. | |
1207 | <tag/Format/<verb>L:<Server Mask>:*:<Server Name>:<Max Depth>:</verb> | |
1208 | <tag/Server Mask/ Mask of which servers the leaf-like | |
1209 | attributes are used on when the server receives SERVER | |
1210 | messages. The wildcards * and ? may be used within this | |
1211 | field for matching purposes. If this field is empty, it | |
1212 | acts the same as if it were a single * (ie matches | |
1213 | everything). | |
1214 | <tag/Server Name/ The name of the server connected to you | |
1215 | that for which you want to enforce leaf-like attributes | |
1216 | upon. | |
1217 | <tag/Max Depth/ Maximum depth allowed on that leaf and if | |
1218 | not specified, a value of 1 is assumed. The depth is | |
1219 | checked each time a SERVER message is received by the | |
1220 | server, the hops to the server being the field checked | |
1221 | against this max depth and if greater, the connection to the | |
1222 | server that made its leaf too deep has its connection | |
1223 | dropped. For the L-line to come into effect, both fields, 2 | |
1224 | and 4, must match up with the new server being introduced | |
1225 | and the server which is responsible for introducing this new | |
1226 | server. | |
1227 | </descrip> | |
1228 | ||
1229 | <sect1>Version limitations | |
1230 | <p> | |
1231 | <descrip> | |
1232 | <tag/Introduction/ V-lines are used to restrict server | |
1233 | connecting to you based on their version and on compile time | |
1234 | options. | |
1235 | <tag/Format/<verb>V:<Version Mask>:<Flags>:<Server Mask>::</verb> | |
1236 | <tag/Version Mask/ The matching version number strings will be rejected. | |
1237 | <tag/Flags/ If any flag specified in this field is found in | |
1238 | the peer's flags string, it will be rejected. | |
1239 | <tag/Server Mask/ This field is used to match server names. | |
1240 | The V line will be used for servers matching the mask given | |
1241 | in this field. | |
1242 | <tag/Server Type/ Both the <bf>Version Mask</bf> and the | |
1243 | <bf>Flags</bf> should be prefixed with the server type | |
1244 | identification. This implementation uses the id | |
1245 | ``<bf>IRC</bf>'' (starting with version 2.10). | |
1246 | <tag/Examples/V:IRC/021001*::*:: | |
1247 | <p> | |
1248 | Disallows any ``IRC'' server which version is 2.10.1* to connect. | |
1249 | <p> | |
1250 | V:IRC/021001*:IRC/D:*:: | |
1251 | <p> | |
1252 | Disallows any ``IRC'' server which version is 2.10.1* or | |
1253 | which has been compiled with DEBUGMODE defined to connect. | |
1254 | <p> | |
1255 | V:*/0209*:::: | |
1256 | <p> | |
1257 | Disallows any server using the 2.9 protocol to connect. | |
1258 | <tag/Note/ It is possible to have and use multiple V-lines | |
1259 | for the one server mask. | |
1260 | <p> | |
1261 | V:IRC/021001*::*:: | |
1262 | <p> | |
1263 | V:IRC/021002*::*:: | |
1264 | <p> | |
1265 | is allowed. | |
1266 | <tag/Protocol Version/ Only the 4 first digit of the | |
1267 | <bf>Version Number</bf> are standard: they define the | |
1268 | protocol version. The remaining of the string is | |
1269 | implementation dependant; matches on this part should be | |
1270 | used with particular identification. | |
1271 | <tag/Flags/ are not standard. Therefore, this field | |
1272 | <bf>should always</bf> contain a specific identification. | |
1273 | </descrip> | |
1274 | ||
1275 | <sect1>Excluded machines | |
1276 | <p> | |
1277 | Disallowing SERVERS in your irc net. | |
1278 | <descrip> | |
1279 | <tag/Introduction/ In some cases people run into | |
1280 | difficulties in net administration. For one reason or | |
1281 | another you do not want a certain server to be in your net | |
1282 | (for example because of the security holes it opens for | |
1283 | every server if it's not secured carefully). In that case | |
1284 | you should use Q-lines in your server. When you specify a | |
1285 | server name in Q-line, everytime some server link tries to | |
1286 | introduce you a server (remember, all server names are | |
1287 | broadcast around the net), that name is checked if it | |
1288 | matches the Q-lines in your server. If it matches, then | |
1289 | <bf>your server</bf> disconnects the link. Note that just | |
1290 | placing Q-lines to your server probably results in <bf>your | |
1291 | server</bf> being left alone, unless other servers have | |
1292 | agreed to have the same Q-line in their ircd configuration | |
1293 | files as well. | |
1294 | <tag/Example/Q::of the security holes:foo.bar.baz:: | |
1295 | <p> | |
1296 | This command excludes a server named ``foo.bar.baz'', the | |
1297 | reason is given to be security holes (you should give a | |
1298 | reason, it is polite). The first field is unused, so leave | |
1299 | it empty. | |
1300 | </descrip> | |
1301 | ||
1302 | <sect1>Service connections | |
1303 | <p> | |
1304 | <descrip> | |
1305 | <tag/Introduction/ The Service is a special kind of IRC | |
1306 | client. It does not have the full abilities of a normal user | |
1307 | but can behave in a more active manner than a normal | |
1308 | client. | |
1309 | <p> | |
1310 | Services are not intended for interactive usage, and are | |
1311 | better suited for automated clients. | |
1312 | <tag/Format/<verb>S:<TARGET Host Mask>:<Password>:<Service Name>:<Service Type>:<Class></verb> | |
1313 | <tag/TARGET Host Mask/ The host mask should be set to match | |
1314 | the host(s) from which the service will be connecting | |
1315 | from. This may be either an IP# or full name (prefered). | |
1316 | <tag/Password/ This is the password which must be passed in | |
1317 | the SERVICE command. | |
1318 | <tag/Service Name/ The name used by the service. Services | |
1319 | don't have nicknames, but a static name defined by the S | |
1320 | line. | |
1321 | <tag/Service Type/ The type of service. It defines the | |
1322 | priviledges given to the service. Be very careful in the | |
1323 | types you allow. The types can be found in | |
1324 | include/service.h | |
1325 | <tag/Class/ The class field should refer to an existing class. | |
1326 | <tag/Notes/ A service is not a very useful sort of client, | |
1327 | it cannot join channels or issue certain commands although | |
1328 | most are available to it. Services are rejected upon sending | |
1329 | an unknown or unallowed command. Services however, are not | |
1330 | affected by flood control and can be granted special | |
1331 | privileges. It is therefore <bf>wise to oversee the use of | |
1332 | S-lines with much care.</bf> | |
1333 | </descrip> | |
1334 | ||
1335 | <sect1>Bounce server | |
1336 | <p> | |
1337 | <descrip> | |
1338 | <tag/Introduction/ This provides you a way to bounce clients | |
1339 | to another server. This information is provided to clients | |
1340 | which are denied connection, either because their connection | |
1341 | class is full, or the server is full, or they are not | |
1342 | authorized to connect. | |
1343 | <tag/Format/<verb>B:<Class|Host Mask>::<Server Name>:<Port>:</verb> | |
1344 | <tag/B/ This specifies a Bounce record. | |
1345 | <tag/Class|Host Mask/ This field specifies to which client | |
1346 | this configuration line applies to. It can be either a | |
1347 | connection class number, a host mask to be matched against | |
1348 | the client's hostname, or an IP address/mask/bitmask to be | |
1349 | matched against the client's IP address. | |
1350 | <p> | |
1351 | When the server is completely full, it rejects clients with | |
1352 | the ``All connections in use'' message. In this case, the | |
1353 | server doesn't process the connections at all, and has no | |
1354 | knowledge of the client's host name, or class number. For | |
1355 | these cases, this field must be empty. | |
1356 | <tag/Note/ Class number ``-1'' is used for rejecting clients | |
1357 | that use wrong (server-only) port. | |
1358 | <tag/Server Name/ This specifies the IRC server hostname | |
1359 | that the client should use. | |
1360 | <tag/Port/ This specifies the IRC server port that the | |
1361 | client should connect to. | |
1362 | <tag/Example/B:2::irc.stealth.net:6660: | |
1363 | <p> | |
1364 | Rejected clients in class 2 are advised to use | |
1365 | ``irc.stealth.net'' on port 6660. | |
1366 | <p> | |
1367 | B:*.fi::irc.funet.fi:6667: | |
1368 | <p> | |
1369 | Finnish client should use irc.funet.fi when they cannot be | |
1370 | taken anymore. | |
1371 | <p> | |
1372 | B:::irc2.stealth.net:6667: | |
1373 | <p> | |
1374 | When the server is completely full, clients should use the | |
1375 | secondary server. | |
1376 | ||
1377 | B:-1::our.server.example:6667: | |
1378 | ||
1379 | Clients that connected to server-only port should really use port 6667. | |
1380 | </descrip> | |
1381 | ||
1382 | <sect>Related resources | |
1383 | <p> | |
1384 | <descrip> | |
1385 | <tag/Mailing list/ A list is dedicated to the people using | |
1386 | ircd. If you have trouble running ircd, or wish to discuss | |
1387 | the future, you can subscribe by sending an email to | |
1388 | <htmlurl url="mailto:majordomo@irc.org" | |
1389 | name="majordomo@irc.org">, with ``<bf>subscribe | |
1390 | ircd-users</bf>'' in the body. | |
1391 | <p> | |
1392 | If you just have a question and don't want to subscribe to | |
1393 | the list, mail to <htmlurl url="mailto:ircd-users@irc.org" | |
1394 | name="ircd-users@irc.org">. Be sure to indicate which | |
1395 | version you are using. | |
1396 | <tag/Development/ Technical discussions and development are | |
1397 | carried on ircd-dev@irc.org. People interested in very | |
1398 | early testing, and/or working on the source code are | |
1399 | welcome. This is done by sending an email to <htmlurl | |
1400 | url="mailto:majordomo@irc.org" | |
1401 | name="majordomo@irc.org">, with ``<bf>subscribe | |
1402 | ircd-dev</bf>'' in the body. | |
1403 | <tag/FAQ/ It can be found on the WWW, at <url | |
1404 | url="http://www.irc.org/tech_docs/ircnet/faq.html">. | |
1405 | <tag/WWW/ Several pages related to the ircd: <url | |
1406 | url="http://www.irc.org/techie.html">. | |
1407 | </descrip> | |
1408 | ||
1409 | <sect>Reporting a bug | |
1410 | <p> | |
1411 | If you encounter a bug in the software, here is how and | |
1412 | where to report it. | |
1413 | ||
1414 | <sect1>How to report a bug | |
1415 | <p> | |
1416 | To save everyone time, make sure that your e-mail contains | |
1417 | all the information related to your problem. In particular, | |
1418 | we need to know: | |
1419 | <descrip> | |
1420 | <tag/Package version/ | |
1421 | The IRC software version you are using: please include the | |
1422 | output obtained by running ``irc -v'' for the client, and/or | |
1423 | ``ircd -v'' for the server. | |
1424 | <p> | |
1425 | Also, let us know if you have applied any patch to the | |
1426 | package or if it is the vanilla version. | |
1427 | <tag/OS/ | |
1428 | Please, indicate which OS version you are running. | |
1429 | <tag/Configuration/ | |
1430 | If it is related to a configuration problem with the server, | |
1431 | include the relevant parts of the configuration file. | |
1432 | <tag/Backtrace/ | |
1433 | If the bug results in a crash, please include the | |
1434 | backtrace. (This can be done, for example, by running | |
1435 | ``gdb'' on the core file, and typing ``where''). | |
1436 | <tag/Fix/ | |
1437 | If you have a fix, don't forget to include it. | |
1438 | </descrip> | |
1439 | ||
1440 | <sect1>Where to send a bug report | |
1441 | <p> | |
1442 | Reports should be sent to <htmlurl url="mailto:ircd-bugs@irc.org" | |
1443 | name="ircd-bugs@irc.org">. Your report will be reviewed | |
1444 | and forwarded to the appropriate mailing list. | |
1445 | ||
1446 | </article> |