[irc/quakenet/snircd.git] / RELEASE.NOTES

Release notes for ircu2.10.12
Last updated: 1 Sep 2005
Written by Michael Poole <mdpoole@troilus.org>
Based on earlier documents by Kev <klmitch@mit.edu> and
Braden <dbtem@yahoo.com>.

This document briefly describes changes in ircu2.10.12 relative to
ircu2.10.11.  ircu2.10.12 is only compatible with servers that
implement the P10 protocol.  It has been tested to link against
ircu2.10.11, but some features (notably IPv6 support and oplevels) are
not supported by ircu2.10.11.

Semantic Changes (TAKE NOTE):

Channel keys and passwords (see the "oplevels" enhancement below)
listed in a JOIN are now only checked against the corresponding
channel.  In ircu2.10.11, "JOIN #a,#b key" would attempt to use "key"
as the key for both #a and #b.  ircu2.10.12 will only attempt to use
it as the key for #a.  ircu2.10.12's behavior matches that documented
in RFC 1459.

Enhancements:

The configuration file format has changed to one that is easier to
read.  It is based on the configuration parser found in ircd-hybrid.
As usual, an example configuration file can be found in the doc
subdirectory.

ircu now supports IPv6 clients.  If your operating system provides
IPv6 socket support, ircu can accept connections on IPv6 addresses.
Even if your operating system does not support IPv6 sockets, you can
link (using IPv4) to a server that has IPv6 clients, and ircu will
treat the IPv6 clients correctly.

The DNS resolver has been replaced with a streamlined version (also
from ircd-hybrid) that avoids some of the complications from using
the full libresolv or adns libraries.

The server can query an IAUTH external authorization server.  The
protocol is described in doc/readme.iauth.  This allows an external
program to accept or reject any client that connects to the server
and allows that external program to assign an account stamp to the
incoming user.

A new feature called "oplevels" has been added.  It uses new channel
keys (+A for the administrator, +U for users) to grant chanop status
when you join using those keys.  Part of this channel protection is
that you cannot be deopped in channel by someone who you opped.

A new channel mode, +D, has been added for auditorium-style channels.
These are channels where most users listen but do not speak or receive
ops or voice.  The effect of +D is that the server waits to send the
JOIN message for new users until the user gets ops or voice or sends a
message to the channel.  A list of join-delayed users in a channel may
be retrieved by using /NAMES -d #channel.  The response to /NAMES -d
uses the same format as numeric 353, but uses numeric 355 instead. If
an op removes +D while there are still join-delayed users, the server
automatically sets mode +d, and removes +d when the last user's join
is shown.  It is not possible to set channel mode +d manually; its
purpose is to warn channel users that there are "hidden" users in the
channel.

More than one hashing mechanism is now supported for oper passwords,
and a new tool (ircd/umkpasswd) is provided to generate them.

Commands that send messages to specified services may be defined in
the configuration file by using Pseudo blocks.  This lets users use
commands like /X or /CHANSERV from their client, without tying the
admin to a particular arrangement or naming of services.

The /stats command accepts string identifiers in addition to
single-character identifiers.  For example, "/stats access" shows the
same data as "/stats i".  Supported names are shown by /stats.  New
/stats options are: /stats a (nameservers), to list DNS nameservers in
use; /stats L (modules), to list loaded modules; and /stats R
(mappings), to list privmsg helper commands defined by Pseudo blocks.
By default, all of these are hidden from normal users.

Client blocks (previously I: lines), Operator blocks (previously O:
and o: lines), channel bans and silences may use CIDR notation instead
of simple wildcards.  You may also have silence exceptions by putting
'~' before the mask; for example, if you wish to silence everyone
except X, you could use SILENCE *!*@*,~X!cservice@undernet.org.

The server will no longer kick "net riders" in keyed (+k) channels if
both sides of the net join have the same key.

IP masks (as used in bans, G-lines, etc) are now parsed in a more
forgiving manner.  127.0.0.0/8, 127.* and 127/8 are all accepted and
mean the same thing.  Ambiguous expressions like 127/8 are interpreted
as IPv4 masks; to interpret it as an IPv6 mask, use 127:/8.

Configuration Changes:

As mentioned above, the configuration file format has changed
radically.  Please consult doc/example.conf for details on the
new format.  Some prominent changes follow.

The old contents of H: lines have been merged into the Connect block
that describes the peer server(s) that should be allowed to hub.

Two default virtual host addresses may be specified, one for IPv4
sockets and one for IPv6 sockets.

Nickname jupes have their own blocks, and do not share structure with
UWorld server declarations.

Operator connection classes and individual operator blocks may be
assigned privileges, rather than having them controlled globally.
Because of this, the feature settings that controlled the privileges
globally have been removed.

The maximum number of clients allowed per IP may be set in a Client
block (the equivalent of C: lines).

New feature settings (see doc/readme.features for explanations):
ANNOUNCE_INVITES, HIS_STATS_L, HIS_STATS_a, HIS_STATS_R,
LOCAL_CHANNELS, TOPIC_BURST.

Deleted features, since they had no effect even in 2.10.11: AUTOHIDE,
HIS_DESYNCS, TIMESEC.

Deleted features since they are now controlled by other configuration
entries: VIRTUAL_HOST, oper and locop privilege features.

Deleted feature since it no longer applies: HIS_STATS_h.

Compile Time Options:

A listing of supported compile-time options may be seen by running
"./configure --help".  The defaults should be sane.  In particular,
you should NOT compile with --enable-debug or with --disable-symbols
on a production network.

Otherwise Undocumented Features:

Despite our preferences to keep these undocumented, they are
occasionally useful, and are described here for users who may
need them.

To enable these, you need to add them to CFLAGS prior to running
./configure, usually as in: CFLAGS="-O2 -D<option>" ./configure

-DNICKLEN=20

  This allows you change the maximum nick length from 15 to 20 (or
whatever number you use at the end).  It MUST be the same on all
servers on your network, or bad things will happen.  You should also
use the NICKLEN feature in ircd.conf.

-DNOTHROTTLE
  This disables the throttling code.  This is used for debugging
*only*.  It lets you connect up to 255 clients from one host with no
time considerations.  If this is enabled on a production server Kev will
personally drive your server into the ground.  You have been warned.


Operating System and Kernel Requirements:

If you plan allowing more than 1000 clients on your server, you may
need to adjust your kernel resource limits for networking and
I/O. There are two things you will need to pay particular attention
to, the number of file descriptors available and the number of buffers
the kernel has available to read and write data to the file
descriptors.

To calculate kernel buffer requirements a good place to start is to
multiply the expected number connections expected on the machine by
the amount of data we buffer for each connection.  Doubling the result
of the above calculation and dividing it by the size of the buffers
the kernel uses for I/O should give you a starting place.

The server uses 2K kernel buffers for clients, and 64K kernel buffers
for servers (actual use may be somewhat higher).

c_count - number of clients expected
c_q     - number of bytes buffered for each client
s_count - number of servers expected
s_q     - number of bytes buffered for each server

buffer count = (2 * (c_count * c_q + s_count * s_q)) / kernel buffer size

If the client count is 2000 and the server count is 1 (normal leaf)
and your server uses 2K as an I/O buffer size:

You need (2 * (2000 * 2048 + 1 * 65536)) / 2048 or a minimum of 4064
buffers available, if the kernel uses 512 byte buffers you will need a
minimum of 16256 kernel buffers.

These settings may be a bit light for net-breaks under full client
load you will need to experiment a bit to find the right settings for
your server.

FreeBSD --WildThang

You may want to increase your kernel resources if you want to put a
lot of clients on your machine here are a few values to start with:

CHILD_MAX=4096
OPEN_MAX=4096
FD_SETSIZE=4096
NMBCLUSTERS=8096

If you have trouble connecting *out* from your machine try:
 sysctl -w net.inet.ip.portrange.last=10000

Solaris 2.6  --Tar

Increase the default hard limit for file descriptors in /etc/system:

set rlim_fd_max = 4096

The server will raise the soft limit to the hard limit.

Linux 2.2 -- [Tri]/Isomer

The kernel has a kernel destination cache size of 4096.  If the kernel
sees more than 4096 IP's in 60s it warns 'dst cache overflow'.  This
limit can be changed by modifying /proc/sys/net/ipv4/route/max_size.

A patch to select is also recommended if you have regular poll/select
errors.
Commit	Line	Data
189935b1	1	Release notes for ircu2.10.12
	2	Last updated: 1 Sep 2005
	3	Written by Michael Poole <mdpoole@troilus.org>
	4	Based on earlier documents by Kev <klmitch@mit.edu> and
	5	Braden <dbtem@yahoo.com>.
	6
	7	This document briefly describes changes in ircu2.10.12 relative to
	8	ircu2.10.11. ircu2.10.12 is only compatible with servers that
	9	implement the P10 protocol. It has been tested to link against
	10	ircu2.10.11, but some features (notably IPv6 support and oplevels) are
	11	not supported by ircu2.10.11.
	12
	13	Semantic Changes (TAKE NOTE):
	14
	15	Channel keys and passwords (see the "oplevels" enhancement below)
	16	listed in a JOIN are now only checked against the corresponding
	17	channel. In ircu2.10.11, "JOIN #a,#b key" would attempt to use "key"
	18	as the key for both #a and #b. ircu2.10.12 will only attempt to use
	19	it as the key for #a. ircu2.10.12's behavior matches that documented
	20	in RFC 1459.
	21
	22	Enhancements:
	23
	24	The configuration file format has changed to one that is easier to
	25	read. It is based on the configuration parser found in ircd-hybrid.
	26	As usual, an example configuration file can be found in the doc
	27	subdirectory.
	28
	29	ircu now supports IPv6 clients. If your operating system provides
	30	IPv6 socket support, ircu can accept connections on IPv6 addresses.
	31	Even if your operating system does not support IPv6 sockets, you can
	32	link (using IPv4) to a server that has IPv6 clients, and ircu will
	33	treat the IPv6 clients correctly.
	34
	35	The DNS resolver has been replaced with a streamlined version (also
	36	from ircd-hybrid) that avoids some of the complications from using
	37	the full libresolv or adns libraries.
	38
	39	The server can query an IAUTH external authorization server. The
	40	protocol is described in doc/readme.iauth. This allows an external
	41	program to accept or reject any client that connects to the server
	42	and allows that external program to assign an account stamp to the
	43	incoming user.
	44
	45	A new feature called "oplevels" has been added. It uses new channel
	46	keys (+A for the administrator, +U for users) to grant chanop status
	47	when you join using those keys. Part of this channel protection is
	48	that you cannot be deopped in channel by someone who you opped.
	49
	50	A new channel mode, +D, has been added for auditorium-style channels.
	51	These are channels where most users listen but do not speak or receive
	52	ops or voice. The effect of +D is that the server waits to send the
	53	JOIN message for new users until the user gets ops or voice or sends a
	54	message to the channel. A list of join-delayed users in a channel may
	55	be retrieved by using /NAMES -d #channel. The response to /NAMES -d
	56	uses the same format as numeric 353, but uses numeric 355 instead. If
	57	an op removes +D while there are still join-delayed users, the server
	58	automatically sets mode +d, and removes +d when the last user's join
	59	is shown. It is not possible to set channel mode +d manually; its
	60	purpose is to warn channel users that there are "hidden" users in the
	61	channel.
	62
	63	More than one hashing mechanism is now supported for oper passwords,
	64	and a new tool (ircd/umkpasswd) is provided to generate them.
65
66	Commands that send messages to specified services may be defined in
67	the configuration file by using Pseudo blocks. This lets users use
68	commands like /X or /CHANSERV from their client, without tying the
69	admin to a particular arrangement or naming of services.
70
71	The /stats command accepts string identifiers in addition to
72	single-character identifiers. For example, "/stats access" shows the
73	same data as "/stats i". Supported names are shown by /stats. New
74	/stats options are: /stats a (nameservers), to list DNS nameservers in
75	use; /stats L (modules), to list loaded modules; and /stats R
76	(mappings), to list privmsg helper commands defined by Pseudo blocks.
77	By default, all of these are hidden from normal users.
78
79	Client blocks (previously I: lines), Operator blocks (previously O:
80	and o: lines), channel bans and silences may use CIDR notation instead
81	of simple wildcards. You may also have silence exceptions by putting
82	'~' before the mask; for example, if you wish to silence everyone
83	except X, you could use SILENCE !@*,~X!cservice@undernet.org.
84
85	The server will no longer kick "net riders" in keyed (+k) channels if
86	both sides of the net join have the same key.
87
88	IP masks (as used in bans, G-lines, etc) are now parsed in a more
89	forgiving manner. 127.0.0.0/8, 127.* and 127/8 are all accepted and
90	mean the same thing. Ambiguous expressions like 127/8 are interpreted
91	as IPv4 masks; to interpret it as an IPv6 mask, use 127:/8.
92
93	Configuration Changes:
94
95	As mentioned above, the configuration file format has changed
96	radically. Please consult doc/example.conf for details on the
97	new format. Some prominent changes follow.
98
99	The old contents of H: lines have been merged into the Connect block
100	that describes the peer server(s) that should be allowed to hub.
101
102	Two default virtual host addresses may be specified, one for IPv4
103	sockets and one for IPv6 sockets.
104
105	Nickname jupes have their own blocks, and do not share structure with
106	UWorld server declarations.
107
108	Operator connection classes and individual operator blocks may be
109	assigned privileges, rather than having them controlled globally.
110	Because of this, the feature settings that controlled the privileges
111	globally have been removed.
112
113	The maximum number of clients allowed per IP may be set in a Client
114	block (the equivalent of C: lines).
115
116	New feature settings (see doc/readme.features for explanations):
117	ANNOUNCE_INVITES, HIS_STATS_L, HIS_STATS_a, HIS_STATS_R,
118	LOCAL_CHANNELS, TOPIC_BURST.
119
120	Deleted features, since they had no effect even in 2.10.11: AUTOHIDE,
121	HIS_DESYNCS, TIMESEC.
122
123	Deleted features since they are now controlled by other configuration
124	entries: VIRTUAL_HOST, oper and locop privilege features.
125
37d25209	126	Deleted feature since it no longer applies: HIS_STATS_h.
37d25209	127
189935b1	128	Compile Time Options:
	129
	130	A listing of supported compile-time options may be seen by running
	131	"./configure --help". The defaults should be sane. In particular,
	132	you should NOT compile with --enable-debug or with --disable-symbols
	133	on a production network.
	134
	135	Otherwise Undocumented Features:
	136
	137	Despite our preferences to keep these undocumented, they are
	138	occasionally useful, and are described here for users who may
	139	need them.
	140
	141	To enable these, you need to add them to CFLAGS prior to running
	142	./configure, usually as in: CFLAGS="-O2 -D<option>" ./configure
	143
	144	-DNICKLEN=20
	145
	146	This allows you change the maximum nick length from 15 to 20 (or
	147	whatever number you use at the end). It MUST be the same on all
	148	servers on your network, or bad things will happen. You should also
	149	use the NICKLEN feature in ircd.conf.
	150
	151	-DNOTHROTTLE
	152	This disables the throttling code. This is used for debugging
	153	only. It lets you connect up to 255 clients from one host with no
	154	time considerations. If this is enabled on a production server Kev will
	155	personally drive your server into the ground. You have been warned.
	156
	157
	158	Operating System and Kernel Requirements:
	159
	160	If you plan allowing more than 1000 clients on your server, you may
	161	need to adjust your kernel resource limits for networking and
	162	I/O. There are two things you will need to pay particular attention
	163	to, the number of file descriptors available and the number of buffers
	164	the kernel has available to read and write data to the file
	165	descriptors.
	166
	167	To calculate kernel buffer requirements a good place to start is to
	168	multiply the expected number connections expected on the machine by
	169	the amount of data we buffer for each connection. Doubling the result
	170	of the above calculation and dividing it by the size of the buffers
	171	the kernel uses for I/O should give you a starting place.
	172
	173	The server uses 2K kernel buffers for clients, and 64K kernel buffers
	174	for servers (actual use may be somewhat higher).
	175
	176	c_count - number of clients expected
	177	c_q - number of bytes buffered for each client
	178	s_count - number of servers expected
	179	s_q - number of bytes buffered for each server
	180
	181	buffer count = (2 * (c_count * c_q + s_count * s_q)) / kernel buffer size
	182
	183	If the client count is 2000 and the server count is 1 (normal leaf)
	184	and your server uses 2K as an I/O buffer size:
	185
	186	You need (2 * (2000 * 2048 + 1 * 65536)) / 2048 or a minimum of 4064
	187	buffers available, if the kernel uses 512 byte buffers you will need a
	188	minimum of 16256 kernel buffers.
	189
	190	These settings may be a bit light for net-breaks under full client
	191	load you will need to experiment a bit to find the right settings for
192	your server.
193
194	FreeBSD --WildThang
195
196	You may want to increase your kernel resources if you want to put a
197	lot of clients on your machine here are a few values to start with:
198
199	CHILD_MAX=4096
200	OPEN_MAX=4096
201	FD_SETSIZE=4096
202	NMBCLUSTERS=8096
203
204	If you have trouble connecting out from your machine try:
205	sysctl -w net.inet.ip.portrange.last=10000
206
207	Solaris 2.6 --Tar
208
209	Increase the default hard limit for file descriptors in /etc/system:
210
211	set rlim_fd_max = 4096
212
213	The server will raise the soft limit to the hard limit.
214
215	Linux 2.2 -- [Tri]/Isomer
216
217	The kernel has a kernel destination cache size of 4096. If the kernel
218	sees more than 4096 IP's in 60s it warns 'dst cache overflow'. This
219	limit can be changed by modifying /proc/sys/net/ipv4/route/max_size.
220
221	A patch to select is also recommended if you have regular poll/select
222	errors.