| 189935b1 |
1 | SmartRoute |
| 2 | Rule based connects |
| 3 | Draft 4 - Aug 19, 1994 |
| 4 | by Tony Vencill |
| 5 | |
| 6 | Rule based connects allow an admin to specify under what conditions |
| 7 | a connect should not be allowed. If no rules are specified for a |
| 8 | given C and/or N line it will be allowed under any condition. |
| 9 | |
| 10 | A rule may consist of any legal combination of the following functions |
| 11 | and operators. |
| 12 | |
| 13 | Functions |
| 14 | --------- |
| 15 | connected(targetmask) - true if a server other than that processing |
| 16 | the rule is connected that matches the |
| 17 | target mask |
| 18 | directcon(targetmask) - true if a server other than that processing |
| 19 | the rule is directly connected that matches |
| 20 | the target mask |
| 21 | via(viamask, targetmask) - true if a server other than that processing |
| 22 | the rule matches the target mask and is |
| 23 | connected via a directly connected server |
| 24 | that matches the via mask |
| 25 | directop() - true if an oper is directly connected |
| 26 | |
| 27 | Unary operators |
| 28 | --------------- |
| 29 | ! eg: !argument - true if the argument is false |
| 30 | |
| 31 | Binary operartors |
| 32 | ----------------- |
| 33 | && eg: arg1&&arg2 - true if arg1 and arg2 are both true |
| 34 | || eg: arg1||arg2 - true if arg1, arg2, or both are true |
| 35 | |
| 36 | Parenthesis () are allowed for grouping arguments, but if no parenthesis |
| 37 | are included, && will take precedence over ||, ! will take precedence |
| 38 | over both && and ||, and the function will be evaluated from left to |
| 39 | right. White space in a rule is ignored. Invalid characters in a rule |
| 40 | will lead to the rule being ignored. |
| 41 | |
| 42 | Examples |
| 43 | -------- |
| 44 | |
| 45 | A simple example of a connect rule might be: |
| 46 | |
| 47 | connected(*eu.under*) |
| 48 | |
| 49 | This might be used in a US undernet server for a Europe CN pair to |
| 50 | insure that a second Europe link is not allowed if one US-EU link |
| 51 | already exists. Note that on the undernet, US server names are |
| 52 | city.state.us.undernet.org and Europe server names are |
| 53 | city.country.eu.undernet.org. |
| 54 | |
| 55 | A more interesting example might be: |
| 56 | |
| 57 | connected(*eu.under*) && |
| 58 | ( !direct(*eu.under*) || via(manhat*, *eu.under*) ) |
| 59 | |
| 60 | Imagine the Boston undernet server uses this rule on its Europe CN |
| 61 | pairs. This says that if a Europe server is already connected, a |
| 62 | Boston-Europe connect will not be allowed. It also says that if a |
| 63 | Europe server does already exist and Boston is not directly connected |
| 64 | to one or more Europe servers or Manhattan is, the Boston-Europe |
| 65 | connect will not be allowed. This has the effect of allowing multiple |
| 66 | US-EU links but attempting to limit these links to one server (ie: |
| 67 | Boston will not initiate its first Europe link if another server is |
| 68 | already linking Europe). This rule will also prefer to let Manhattan |
| 69 | handle the US-EU link by disallowing Boston-Europe links if a Europe |
| 70 | server is already linked to Manhattan. |
| 71 | |
| 72 | A example of the remaining function, directop(), is: |
| 73 | |
| 74 | connected(*eu.under*) || directop() |
| 75 | |
| 76 | If this line is used on Boston for the Paderborn CN pair, it will allow |
| 77 | connects to Paderborn only if another Europe server is not already |
| 78 | connected and there is not an oper on Boston. If this rule is |
| 79 | overrideable (ie: is applied only to autoconnects as described below), |
| 80 | then it will disallow Boston autoconnects to Paderborn while a Boston |
| 81 | oper is online, but allow oper-initiated connects to Paderborn under any |
| 82 | circumstance. This directop() function could be used to invoke less |
| 83 | prefered routes only when an oper is not present to handle routing, or |
| 84 | conversly to allow use of less preferable routes only when an oper is |
| 85 | present to monitor their performance. |
| 86 | |
| 87 | ircd.conf entries |
| 88 | ----------------- |
| 89 | |
| 90 | A rule is listed in the ircd.conf file using a D or d line (which can |
| 91 | be thought of as a "disallow" line). D lines will apply to all oper |
| 92 | and server originated connects, while d lines will apply only to |
| 93 | autoconnects (ie: they are overrideable by opers). The formats are: |
| 94 | |
| 95 | D:targetmask::rule |
| 96 | d:targetmask::rule |
| 97 | |
| 98 | Remember that newlines are not allowed in conf lines. Two examples |
| 99 | (from above) are: |
| 100 | |
| 101 | D:*eu.under*::connected(*eu.under*) |
| 102 | d:*eu.under*::connected(*eu.under*) || directop() |
| 103 | |
| 104 | Connects originating from other servers will be checked against and |
| 105 | matching D lines, while matching d lines will be ignored as it will not |
| 106 | be clear whether or not the connection attempt is oper initiated. |
| 107 | |
| 108 | Checking and viewing rules |
| 109 | -------------------------- |
| 110 | |
| 111 | The chkconf program that comes with the servers has been modified to |
| 112 | also check your connect rules. If running in debug mode, parsing errors |
| 113 | will show up at debug level 8. To view rules online, "/stats d" can be |
| 114 | used to see all rules and "/stats D" can be used to view those rules |
| 115 | which affect oper initiated connects and accepts. |
| 116 | |
| 117 | Processing and storage |
| 118 | ---------------------- |
| 119 | |
| 120 | The rules are parsed when the conf file is read and transformed into a |
| 121 | more efficiently computed form, then all applicable rules are |
| 122 | evaluated each time a connect command is given or an autoconnect is |
| 123 | due. If more than one applicable rule is given, only one need |
| 124 | evaluate to true for the connect to be allowed (ie: the rules are ored |
| 125 | together). Note that conditions that exist when the connect is |
| 126 | initiated might differ from conditions when the link is established. |
projects / irc / quakenet / snircd.git / blame