Академический Документы
Профессиональный Документы
Культура Документы
To use the CHROOTDIR feature, make sure it is #define'd and that the
server is being run as root. Better use some other (external) way of
setting up chroot environment for ircd and run it from there, not
requiring to run as root.
2.3. USERS_RFC1459, USERS_SHOWS_UTMP
Leaving USERS_RFC1459 undefined makes ircd return RPL_LOCALUSERS and
RPL_GLOBALUSERS numerics (part of NAMES). Defining USERS_RFC1459 makes
USERS command to behave like it is defined in RFC. If defined,
security conscious server admins may still wish to leave
USERS_SHOWS_UTMP undefined, effectively disabling the USERS command
which can be used to glean information the same as finger can.
2.4. ENABLE_SUMMON
ENABLE_SUMMON toggles whether the server will attempt to summon local
users to irc by writing a message similar to that from talk(1) to a
user's tty.
2.5. DEFAULT_INVISIBLE
The DEFAULT_INVISIBLE define is used to toggle whether clients are
automatically made invisible when they register.
2.6. OPER_KILL, OPER_CONNECT, OPER_DIE, OPER_REHASH, OPER_RESTART,
OPER_SET...
Any operator priviledge can be precisely applied to a given user using
O:line flags. Some admins may prefer to feel more safe by undefining
some of above thus disabling access to corresponding command at all.
2.7. ZIP_LINKS, ZIP_LEVEL
As of the 2.9.3 version of the server, server-server connections may
be compressed using the zlib. In order to compile the server with this
feature, you MUST have the zlib package (version 1.0 or higher)
already compiled and define ZIP_LINKS in the config.h file.
Compression use for server-server connections is separately configured
in the ircd.conf file for each server-server link. ZIP_LEVEL allows
you to control the compression level that will be used. Values above 5
will noticeably increase the CPU used by the server.
The zlib package may be found at <http://www.gzip.org/zlib/>. The
data format used by the zlib library is described by RFCs (Request for
Comments) 1950 to 1952 in the files
<ftp://ds.internic.net/rfc/rfc1950.txt> (zlib format), rfc1951.txt
(deflate format) and rfc1952.txt (gzip format).
2.8. SLOW_ACCEPT
This option is undefined by default, however is needed on some OSes.
It creates an artificial delay in processing incoming connections. On
a given port, no more than 1 connection per 2 seconds will be
processed.
As it is undefined, it lets the server process connections as fast as
it can which can cause problems on some OSes (such as SunOS) and be
abused (fast massive join of clonebots..), for these reasons, if you
decide to keep SLOW_ACCEPT undefined you MUST define CLONE_CHECK.
2.9. CLONE_CHECK
This option is defined by default and acts as a wrapper, by checking
incoming connections early before starting ident query. By default,
the server will not accept more than 10 connections from the same host
within 2 seconds.
2.10. LOG_SERVER_CHANNELS
This option allows you to log to files server channels (like &NOTICES)
chosen via LOG_SCH_* defines. Very handy.
2.11. Other #define's
The rest of the user changable #define's should be pretty much self
explanatory in the config.h file. It is *NOT* recommended that any of
the file under the line with "STOP STOP" in it be changed.
3. Editing the Makefile, and compiling
This package now uses GNU autoconf to probe your system and generate
the correct Makefile. However you may need to read it to check for
values generated by the configure script. In particular, all the
filenames, and path for binaries, log files, configuration files and
so on are defined there. It is recommended to make use of the options
described in the ``configure script'' section rather than to edit the
generated Makefile. However, these options do not provide a total
control over these values, in which case you need to directly edit the
Makefile.
Now to build the package, type ``make all''. If everything goes will,
you can then install it by typing ``make install''.
If you have trouble compiling ircd, copy Makefile.in to Makefile and
edit Makefile as appropriate.
If everything went fine, the default layout of installed files is as
follows (note that existing iauth.conf and ircd.motd will not be
overwritten):
PREFIX/sbin/ircd
PREFIX/sbin/iauth
PREFIX/sbin/chkconf
PREFIX/sbin/ircd-mkpasswd
PREFIX/sbin/ircdwatch
PREFIX/man/man8/ircd.8
PREFIX/man/man8/iauth.8
PREFIX/man/man8/ircdwatch.8
PREFIX/man/man5/iauth.conf.5
PREFIX/etc/ircd.m4
PREFIX/etc/ircd.conf.example
PREFIX/etc/iauth.conf.example
PREFIX/etc/iauth.conf
PREFIX/etc/ircd.motd
PREFIX/var/run/
PREFIX/var/log/
Files created by ircd package during normal execution would be
ircd.pid, ircd.tune, iauth.pid, ircdwatch.pid in PREFIX/var/run/ and
ircd.users, ircd.rejects, ircd.auth, ircd.opers, ircd.debug,
iauth.debug in PREFIX/var/log/.
4. The ircd.conf file
After installing the
per the instructions
you specified in the
ircd.conf.example in
14.
Excluded machines (Q)
15.
Service connections (S)
16.
Bounce server (B)
Except for types ``M'' and ``A'', you are allowed to have multiple
records of the same type. In some cases, you can have concurrent
records. It is important to note that the last matching record will be
used. This is especially useful when setting up I records (client
connections).
NEW!!!
As of the 2.11.0 version of the server, if the server has been
compiled with #define CONFIG_DIRECTIVE_INCLUDE, you will be able
to use #include directive in ircd.conf to include files without
the need of M4, also recursively.
#include "filename"
For the command to be recognized, `#' MUST be first character in
the line and there must be space after "include" word. Quotes
around filename are optional. If filename does not start with
slash, ircd config directory is prepended. Also note that chkconf
will follow such includes.
4.1. Machine information
Introduction
IRC needs to know a few things about your UNIX site, and the
``M'' command specifies this information for IRC. The fomat of
this command is:
Format
M:<Server NAME>:<YOUR Internet IP#>:<Geographic Location>:<Port>:<SID>:
+o Internet Ports
Internet IP#
Note
If you plan to use the local user@host limit, please read the
following very carefully. The ``user'' value is the ident reply
for the connection. If no reply was given then it defaults to
``unknown'' and thus the effective limit will be per host, not
per user@host. Also, some ident servers return encrypted data
which changes for every connection making the limit void. If you
think limits do not work, check ircd logs, the auth reply can be
longer than what ircd shows on-line.
Note
Only the local limitation is accurate.
Note
If you define a gobal limit, you should also define a local
limit (same or lower) as it won't take more CPU and will make
the global limit more accurate.
Note
The local and global limits only affect users (I lines), not
servers nor services.
Example
Y:23:120:300:5:800000:0:0: (server class)
This defines class 23 to allow 5 auto-connections, which are
checked every 300 seconds. The connection is allowed to remain
silent for 120 seconds before a PING is sent. NOTE: fields 3 & 4
are in seconds. The SendQ is set to 800000 bytes.
Note
Lower case ``i'' is equal to an ``R'' flag in plain ``I''.
Lower case ``i'' will be removed in the next version.
TARGET Host Addr
Specifies the IP address(es) of the machine(s) that are allowed
to connect. If ``user@'' prefixes the actual IP address the
server will require that the remote username returned by the
ident server be the same as the one given before the ``@''.
Wildcards are permitted unless using a bitmask (e.g.
1.2.3.0/24). Note that bitmask are encouraged over wildcards, as
they are more accurate.
Empty field is equal to '*' (matches any).
Password
The password that must be given by the client to be allowed on
the server.
TARGET Host NAME
Specifies the host name(s) of the machines allowed to connect to
the server. If ``user@'' prefixes the actual name the server
will require that the remote username returned by the ident
server be the same as the one given before the ``@''. Wildcards
are permitted, but please rather leave this field empty and use
bitmask in Host Addr field.
Empty field matches any. ``*'' also matches any, but it requires
working DNS for a client.
Using this field to enforce that clients have no Host Name set
is not working (they will rather be denied connection). Use
``N'' flag.
Port
Specifies the port number for which this configuration line is
valid. An empty field, or ``0'' matches all ports.
Class
This field should refer to an existing class. Connections
classes are usefull to limit the number of users allowed on the
server.
Flags
This field contains flags of an I:line; flags are one character
in size, can be combined and their order does not matter.
+o D - restricted, when client has no reverse DNS
+o E - client is exempted from K-lines
+o e - client is exempted from X-lines
+o F - fall-through to next I-line if password did not match
+o I - restricted, when client has no ident.
+o M - disable resolved host name to be shown
+o N - disable resolved host name to be used
+o R - restricted
Note
Restricted I: line means that clients matching such I line will
not be able to use their operator privileges (no nick/mode
change, no kick). Such users will also have their username
prefixed by +, = or - depending on the ident reply.
Note
The server checks if the client hostname matches the TARGET Host
NAME field. If a match is found, server checks TARGET Host Addr
field. If a match is found, the client is accepted. Clients
host is set either to its hostname (if available) or, using
``N'' or ``M'' flag, to its IP.
Note
The difference between ``M'' and ``N'' flags is simple: after
host resolving and I:line matching is done, ``M'' keeps hostname
and uses it for matching in beIR modes and printing in logs,
while ``N'' discards it completely.
Examples
For example, if you were installing IRC on tolsun.oulu.fi and
you wanted to let your own clients to connect to your server,
you would add this entry to the file:
I:::tolsun.oulu.fi::1
If you wanted to let remote clients connect, you could add the
following line:
I:::*.edu.edu::1
and allow any clients from machines whose names end in
``.edu.edu'' to connect with no password.
I:128.214.6.100::nic.funet.fi::1
Allow clients from a machine with that IP number and that
hostname to connect.
I::secret:*.tut.fi::1
Allow clients from machines matching ``*.tut.fi'' to connect
with the password ``secret''.
I:::*::1
Allow anyone from anywhere to connect to your server.
I:::*.fi:6667:1
Allow clients from machines matching ``*.fi'' to connect on the
port 6667.
I:135.11.35.0/24::*.net::1
Allows clients from machines which host name matches ``*.net''
Password
If your AUTHORIZATION Password - this is the password that let's
IRC know you are who you say you are! Never tell anyone your
password and always keep the ``ircd.conf'' file protected from
all of the other users.
Nickname
The Nickname you usually go by - but you can make this what you
want.
Port
Unused.
Class
The class field should refer to an existing class (preferably
having a lower number than that for the relevant I-line) and
determines the maximum number of simultaneous uses of the O-line
allowable through the max. links field in the Y-line.
Flags
This field contains flags of an O:line; flags are one character
in size, can be combined and their order does not matter. They
define privileges of an operator.
+o L - local operator (disables all remote functions)
+o P - removes penalty
+o p - allows flooding
+o & - allows joining &CLIENTS
+o A - enables all flags below
+o C - allows local and remote CONNECT
+o c - allows local CONNECT
+o D - allows DIE
+o d - allows DNS
+o e - allows SET
+o h - allows HAZH
+o K - allows local and remote KILL
+o k - allows local KILL
+o l - allows CLOSE
+o R - allows RESTART
+o r - allows REHASH
+o S - allows local and remote SQUIT
+o s - allows local SQUIT
+o T - allows TKLINE
+o q - allows KLINE
+o t - enables full TRACE and STATS L
+o v - allows SIDTRACE
``L'' flag cannot be overridden by other flags. If <Flags>
field is left empty, no privileges will be granted.
Example
O:orion.cair.du.edu:pyunxc:Jeff::1:A
There is an OPERATOR at ``orion.cair.du.edu'' that can get
Operator priviliges if he specifies a password of ``pyunxc'' and
uses a NICKNAME of ``Jeff'' and is granted all possible
privileges.
Note
Host NAME accepts IP bitmasks.
Note
Some privileges may be disabled during compilation time in
config.h.
K ``K'' tells the IRCD that you are making a KILL USER command
entry.
Host Name
In this field you specify the Hostname or the IP address (Single
IP, Wildcard notation or bitmask notation) that the user is
connecting from. If you wanted to REMOVE connects to IRC from
``orion.cair.du.edu'' then you would want to enter
``orion.cair.du.edu''. If you want to REMOVE ALL HOSTS access
you can use ``*'' (Wild Card notation) and no matter what host
the USERNAME (specified in Field 4) connects from s/he will be
denied access.
X ``X'' tells the IRCD that you are making an XKILL USER command
entry.
USER n-th arg
Given field will be matched against corresponding parameter of
client USER command. If left empty it matches any. It may
contain wildcards.
Nick
If left empty it matches any. It may contain wildcards.
Target host addr
Host or IP address or Network in CIDR format. It makes given
X:line apply only to a selected hosts. May contain wildcards.
If left empty it matches any.
Examples
X:guest:::guest:
If user registers with the following USER command
USER guest anything anything :guest
then IMMEDIATELY REMOVE HIM from my IRCD.
X:abc:::def:woof:
If user registers with the following NICK and USER commands
NICK woof
USER abc anything anything :def
then IMMEDIATELY REMOVE HIM from my IRCD.
Note
You need to compile server with #define XLINE to get this
functionality.
4.9. Server connections
How to connect to other servers, How other servers can connect to you
WARNING: The hostnames used as examples are really only examples and
not meant to be used (simply because they don't work) in real life.
Now you must decide WHICH hosts you want to connect to and WHAT ORDER
you want to connect to them in. For my example let us assume I am on
the machine "rieska.oulu.fi" and I want to connect to irc daemons on 3
other machines:
+o ``garfield.mit.edu'' - Tertiary Connection
+o ``irc.nada.kth.se'' - Secondary Connection
+o ``nic.funet.fi'' - Primary Connection
And I prefer to connect to them in that order, meaning I first want to
try connecting to ``nic.funet.fi'', then to ``irc.nada.kth.edu'', and
finally to ``garfield.mit.edu''. So if ``nic.funet.fi'' is down or
unreachable, the program will try to connect to ``irc.nada.kth.se''.
If irc.nada.kth.se is down it will try to connect to garfield and so
forth.
PLEASE limit the number of hosts you will attempt to connect to down
to 3. This is because of two main reasons:
1. to save your server from causing extra load and delays to users
2. to save internet from extra network traffic (remember the old rwho
program with traffic problems when the number of machines
increased).
Format
C:<TARGET Host Addr>:<Password>:<TARGET Host NAME>:<TARGET PORT>:<Class>
:<Source IP>
for example:
C:nic.funet.fi:passwd:nic.funet.fi:6667:1
- or C:128.214.6.100:passwd:nic.funet.fi:6667:1
- or C:root@nic.funet.fi:passwd:nic.funet.fi:6667:1
C This field tells the IRC program which option is being
configured. "C" corresponds to a server Connect option.
TARGET Host Addr
Specifies the host name or IP address of the machine to connect
to. If ``user@'' prefixes the actual hostname or IP address the
server will require that the remote username returned by the
ident server be the same as the one given before the ``@''.
Password
The password of the other host. A password must always be
present for the line to be recognized.
TARGET Host NAME
This is the name that the TARGET server will identify itself
with when you connect to it. If you were connecting to
nic.funet.fi you would receive ``nic.funet.fi'' and that is what
you should place in this field.
TARGET PORT
The INTERNET Port that you want to connect to on the TARGET
machine. Most of the time this will be set to ``6667''. If this
field is left blank, then no connections will be attempted to
the TARGET host, and your host will accept connections FROM the
TARGET host instead. The port field can contain 2 ports,
separated by a . In this case, the first port is used when autoconnecting, the second port is used for the UDP pings to the
targer server.
Class
The class field should refer to an existing class and determines
the maximum number of simultaneous uses of the C-line allowable
through the max. links field in the Y-line.
Source IP
This field specifies source IP to use for connects to this
server.
Compressed links
Server connections can be compressed with the zlib library. To
define a compressed connection, you must have compiled the
server with ZIP_LINKS defined, and use a _lowercase_ C line.
NEW!!!
As of the 2.11.0 version of the server, Source IP field has been
added.
Some examples:
+o C:nic.funet.fi::nic.funet.fi:6667:1
This reads: Connect to host ``nic.funet.fi'', with no password and
expect this server to identify itself to you as ``nic.funet.fi''.
Your machine will connect to this host to port 6667.
+o C:18.72.0.252:Jeff:garfield.mit.edu:6667:1:192.168.0.18
This reads: Connect to a host at address ``18.72.0.252'', using a
password of ``Jeff''. The TARGET server should identify itself as
``garfield.mit.edu''. You will connect to Internet Port 6667 on
this host. This connection will use (your) source IP of
``192.168.0.18''.
+o C:irc.nada.kth.se::irc.nada.kth.se:1
This reads: do not attempt to autoconnect to ``irc.nada.kth.se'',
but if ``irc.nada.kth.se'' requests a connection, allow it to
connect.
Now back to our original problem, we wanted OUR server CONNECT to 3
hosts, ``nic.funet.fi'', ``irc.nada.kth.se'' and ``garfield.mit.edu''
in that order. So as we enter these entries into the file they must be
done in reverse order of how we could want to connect to them.
Here's how it would look if we connected ``nic.funet.fi'' first:
C:garfield.mit.edu::garfield.mit.edu:6667:1
C:irc.nada.kth.se::irc.nada.kth.se:6667:1
C:nic.funet.fi::nic.funet.fi:6667:1
Ircd will attempt to connect to nic.funet.fi first, then to irc.nada
and finally to garfield.
Reciprocal entries: Each ``C'' entry requires a corresponding ``N''
entry that specifies connection priviliges to other hosts. The ``N''
entry contains the password, if any, that you require other hosts to
have before they can connect to you. These entries are of the same
format as the ``C'' entries.
Format
The format for the NOCONNECT entry in the ``ircd.conf'' is:
N:<TARGET Host Addr>:<Password>:<TARGET Host NAME>:<Domain Mask>:<Class>
I advise you to not to use wildcard servers before you know for
sure how they are used, they are mostly beneficial for backbones
of countries and other large areas with common domain.
the network.
4.11. Hub connections
Introduction
In direct contrast to L-lines, the server also implements Hlines to determine which servers may act as a hub and what they
may ``hub for''. If a server is only going to supply its own
name (ie act as a solitary leaf) then no H-line is required for,
else a H-line must be added.
Format
H:<Server Mask>:<SID Mask>:<Server Name>::
Server Mask
All servers that are allowed via this H-line must match the mask
given in this field.
SID Mask
SIDs of all servers that are allowed via this H-line must match
the mask given in this field. Empty field is equal to '*', that
is any SID is allowed to be introduced.
Server Name
This field is used to match exactly against a server name,
wildcards being treated as literal characters.
Examples
H:*.edu::*.bu.edu::
Allows a server named ``*.bu.edu'' to introduce only servers
that match the ``*.edu'' name mask, no matter what SID they
have.
H:*:616*:eff.org::
Allows ``eff.org'' to introduce (and act as a hub for) any
server which SID begins with ``616''.
Note
It is possible to have and use multiple H-lines (or L-lines) for
the one server. eg:
H:*.edu:*:*.bu.edu::
H:*.au:*:*.bu.edu::
is allowed as is
L:*.edu:*:*.au::
L:*.com:*:*.au::
Server Mask
Mask of which servers the leaf-like attributes are used on when
the server receives SERVER messages. The wildcards * and ? may
be used within this field for matching purposes. If this field
is empty, it acts the same as if it were a single * (ie matches
everything).
Server Name
The name of the server connected to you that for which you want
to enforce leaf-like attributes upon.
Max Depth
Maximum depth allowed on that leaf and if not specified, a value
of 1 is assumed. The depth is checked each time a SERVER message
is received by the server, the hops to the server being the
field checked against this max depth and if greater, the
connection to the server that made its leaf too deep has its
connection dropped. For the L-line to come into effect, both
fields, 2 and 4, must match up with the new server being
introduced and the server which is responsible for introducing
this new server.
4.13. Version limitations
Introduction
V-lines are used to restrict server connecting to you based on
their version and on compile time options.
Format
V:<Version Mask>:<Flags>:<Server Mask>::
Version Mask
The matching version number strings will be rejected.
Flags
If any flag specified in this field is found in the peer's flags
string, it will be rejected.
Server Mask
This field is used to match server names. The V line will be
used for servers matching the mask given in this field.
Server Type
Both the Version Mask and the Flags should be prefixed with the
server type identification. This implementation uses the id
``IIRC'' (starting with version 2.10).
Examples
V:IRC/021001*::*::
Disallows any ``IRC'' server which version is 2.10.1* to
connect.
V:IRC/021001*:IRC/D:*::
Disallows any ``IRC'' server which version is 2.10.1* or which
has been compiled with DEBUGMODE defined to connect.
V:*/0209*::::
Disallows any server using the 2.9 protocol to connect.
Note
It is possible to have and use multiple V-lines for the one
server mask.
V:IRC/021001*::*::
V:IRC/021002*::*::
is allowed.
Protocol Version
Only the 4 first digit of the Version Number are standard: they
define the protocol version. The remaining of the string is
implementation dependant; matches on this part should be used
with particular identification.
Flags
are not standard. Therefore, this field should always contain a
specific identification.
4.14. Excluded machines
Disallowing SERVERS in your irc net.
Introduction
In some cases people run into difficulties in net
administration. For one reason or another you do not want a
line
a host
IP
IP
B:::irc2.stealth.net:6667:
When the server is completely full, clients should use the
secondary server.
B:-1::our.server.example:6667:
Clients that connected to server-only port should really use
port 6667.
5. Related resources
Mailing list
A list is dedicated to the people using ircd. If you have
trouble running ircd, or wish to discuss the future, you can
subscribe by sending an email to majordomo@irc.org, with
``ssubscribe ircd-users'' in the body.
If you just have a question and don't want to subscribe to the
list, mail to ircd-users@irc.org. Be sure to indicate which
version you are using.
Development
Technical discussions and development are carried on ircddev@irc.org. People interested in very early testing, and/or
working on the source code are welcome. This is done by sending
an email to majordomo@irc.org, with ``ssubscribe ircd-dev'' in
the body.
FAQ
It can be found on the WWW, at
<http://www.irc.org/tech_docs/ircnet/faq.html>.
WWW
Several pages related to the ircd:
<http://www.irc.org/techie.html>.
6. Reporting a bug
If you encounter a bug in the software, here is how and where to
report it.
6.1. How to report a bug
To save everyone time, make sure that your e-mail contains all the
information related to your problem. In particular, we need to know:
Package version
The IRC software version you are using: please include the
output obtained by running ``irc -v'' for the client, and/or
``ircd -v'' for the server.
Also, let us know if you have applied any patch to the package
or if it is the vanilla version.