- Some small updates to the extended channel mode system: it now has minimal
support for 'local channel modes'. This is really only meant for channel
mode +Z (upcase z), see next.
- Added Channel Mode Z which indicates if a channel is 'secure' or not.
This mode works in conjunction with +z (lower case z).
If +z is set ('only secure users may join'), then the IRCd scans to see
if everyone in the channel is connected through SSL. If so, then the
channel is set +Z as well ('channel is secure').
Whenever an insecure user manages to join, the channel is -Z. And whenever
all insecure users leave, the channel is set +Z.
The 'insecure user being present in a +z channel' can be because:
- An IRCOp joined the channel, and he's not secure
- When servers link together and a user on the other side is not secure
This only happens on net merge (equal time stamp).
On different time stamp, we still kick insecure users on the new side.
- At the time when +z is set, there are insecure users present.
This feature was implemented after a heavy discussion in bug #3720 by fez
and others, and was suggested by Stealth.
Tech note: +Z/-Z is handled locally by each server. Any attempt to
remotely set +Z/-Z (eg: by services) will be ignored.
- As mentioned above, +z can now be set even if any insecure users are
present. Previously, this was not permitted. Now, as soon as the last
non-SSL user leaves, the channel will be set +Z.
- An oper not connected through SSL previously had to /INVITE himself
to a channel and then /JOIN the channel with the key 'override'.
This 'override' key is no longer required, a simple JOIN will suffice.
- Sorted channel modes in /HELPOP ?CHMODES
- Re-enabled 'fishy timestamp' errors in MODE. For some reason this was
commented out, even though the (more annoying and less useful) code in
JOIN was enabled so that did not make a lot of sense. It also now logs to
ircd.log (or whatever you configure). This enables people to easier find
the cause of any timestamp issues (which usually is badly coded services).
- Added support for "stacked" extbans. Put simply this allows extban combinations
such as ~q:~c:#test to only silence users on #test, for example. This feature
is enabled by default, but can be disabled during ./Config -advanced.
This feature was suggested by Shining Phoenix (#0003193), was then coded
by aquanight for U3.3, and later on backported and partially redone by Syzop.
Module coders:
In an extban ~x:~y:something where we call ~x the 1st, and ~y the 2nd extban:
Since stacked extbans only makes sense where the 1st one is an action
extended ban like ~q/~n/~j, most modules won't have to be changed, as
their extban never gets extended (just like ~c:~q: makes no sense).
However, you may still want to indicate in some cases that the extban your
module introduces also shouldn't be used as 2nd extban.
For example with a textban extban ~T it makes no sense to have ~n:~T.
The module can indicate this by setting EXTBOPT_NOSTACKCHILD in
the ExtbanInfo struct used by ExtbanAdd().
For completeness I note that action modifier extbans are indicated by
EXTBOPT_ACTMODIFIER. However, note that we currently assume all such
extbans use the extban_is_ok_nuh_extban and extban_conv_param_nuh_or_extban
functions. If you don't use these and use EXTBOPT_ACTMODIFIER, then things
will go wrong with regards to stack-counting.
Module coders should also note that stacked extbans are not available if
DISABLE_STACKED_EXTBANS is defined.
- Added extended ban ~R:<nick>, which only matches if <nick> is a registered
user (has identified to services). This is really only useful in ban
exemptions, like: +e ~R:Nick would allow Nick to go through all bans if he
has identified to NickServ. This is often safer than using +e n!u@h.
- Added Extended Invex. This is very much like extended bans, in fact it
supports some of the same flags. Syntax: +I ~character:mask
Currently supported are: ~c (channel), ~r (realname) and ~R (registered).
This can be useful when setting a channel invite only (+i) and then
setting invite exceptions such as +I ~c:#chan (or even ~c:+#chan), while
still being able to ban users.
Because action modifiers (~q/~n/~j) make no sense here, extended invex
stacking (+I ~a:~b:c) makes no sense either, and is not supported.
Suggested by DanPMK (#0002817), parts based on patch from ohnobinki.
Module coders: set EXTBOPT_INVEX in the ExtbanInfo struct used by
ExtbanAdd() to indicate that your extban may also be used in +I.
- Invex (+I) now always checks cloaked hosts as well. Just like with bans,
it checks them also when the user is not currently cloaked (eg: did -x, or
is currently using some VHOST).
- Fixed client desynch caused by (un)banning, reported by Sephiroth (#2837).
- IPv6: it seems some recent Linux dists decided to make IPv6 sockets
IPv6-only, instead of accepting both IPv4&IPv6 on them like until now.
FreeBSD (and other *BSD's) already did that move a few years back,
requiring server admins to sysctl.
We now make use of a new option to explicitly disable "IPv6-only".
This should work fine on Linux.
Whether it provides a complete solution for FreeBSD, I don't know, testing
is welcome! In theory setting net.inet6.ip6.v6only to 0 should no longer
be needed, but you might still need to enable ipv6_ipv4mapping.
- Fix stupid issue where current CVS would no longer link TO an earlier
Unreal server (eg: outgoing connect to a 3.2.8 hub). Reported by ohnobinki
(#0003901).
- Server protocol: added PROTOCTL EATH=servername, which allows us to
authenticate the server very early in the handshake process. That way,
certain commands and PROTOCTL tokens can 'trust' the server.
See doc/technical/protoctl.txt for details.
- Server protocol: between new Unreal servers we now do the handshake a
little bit different, so it waits with sending the SERVER command until
the first PROTOCTL is received. Needed for next.
- Server protocol: added PROTOCTL SERVERS=1,2,3,4,etc by which a server can
inform the other server which servers (server numeric, actually) it has
linked. See doc/technical/protoctl.txt and next for details.
- When our server was trying to link to some server, and at the same time
another server was also trying to link with us, this would lead to a
server collision: the server would link (twice) ok at first, but then a
second later or so both would quit with 'Server Exists' with quite some
mess as a result. This isn't unique to Unreal, btw.
This happened more often when you had a low connfreq in your link blocks
(aka: quick reconnects), or had multiple hubs on autoconnect (with same
connfreq), or when you (re)started all servers at the same time.
This should now be solved by a new server handshake design, which detects
this race condition and solves it by closing one of the two (or more)
connections to avoid the issue.
This also means that it should now be safe to have multiple hubs with low
connfreq's (eg: 10s) without risking that your network falls apart.
This new server handshake (protocol updates, etc) was actually quite some
work, especially for something that only happened sporadically. I felt it
was needed though, because (re)linking stability is extremely important.
This new feature/design/fix requires extensive testing.
This feature can be disabled by: set { new-linking-protocol 0; };
(HOOKTYPE_PACKET). Replacing the 'text to be sent' to a client is
supported, which allows character(set) conversion in a module.
Note that modifying an incoming message by the hook is not supported.
user target string (nick!user@host:info), insteaf of doing it at like 5 places.
- Spamfilter target 'u' (user): the host field (nick!user@HOST:realname) is now escaped
with brackets if it's an IPv6 address, eg: blah!blah@[1:2:3:4:5:6:7:8]:hello, reported
by aquanight and others (#0003010).
- Renamed unreal32docs.tk.html to unreal32docs.tr.html
- Module coders: Added HOOKTYPE_POST_SERVER_CONNECT (1 param: cptr) which is called when
a server connects, just like HOOTYPE_SERVER_CONNECT but this is actually called *after*
all clients and channels are synched. Obviously needed for some modules which must synch
data that refers to clients/channels that would otherwise not exist yet on the other side.
map the command '/BLAH 5' to 'NICK idiot5'. More info in docs on alias block.
- Modulized: badwords system (src/badwords.c is now gone) and StripColors/StripControlCodes
to m_message, multiple netsynch routines to m_server, send_list to m_list, a certain mode
routine to m_svsmode, all /MSG IRC.. webtv stuff to src/modules/webtv.c which is compiled
with m_message.
This means another ~1500 lines of code are now in modules (and thus can be upgraded on
the fly), which brings the total of modulized lines at 32K.
CALLBACKTYPE_CLOAK). This passes 'aClient *sptr, char *host' instead of only 'char *host'
to the cloaking module, which can be useful if you need to cloak on something other than
IP/host. Suggested by fez (#0002275).
Module may still provide only CALLBACKTYPE_CLOAK though, in fact this is what the official
cloaking module does. So no updating of cloaking modules needed.
A side-effect of this "extra cloaking" callback is that we needed to change make_virthost()
which now has an extra parameter in front, and another side-effect is that calling the
CALLBACKTYPE_CLOAK may not work since only *_EX might be available. To my knowledge there
are very few modules (only 1 I know) that will have a problem due to this, so sounds like
an affordable tradeoff.
clients connecting trough a CGI:IRC gateway that is in cgiirc { }. This might also fix a bug
where (g)zlines were not applied to CGI:IRC clients, reported by devil (#0002850).
- Redid some net synching code to make it more efficient (#2716).
- Fixed spamfilter crash problem: the action 'viruschan' is now no longer incompatible
with target 'user'. Reported by Monk (#0002570).
and 2000 lines total that can be hotfixed if needed ;). The effort involved in moving all
this sucks a lot though :/. This might need some more testing to make sure it doesn't break
anything.
- Updated support OS list in documentation.
- Redid include dependencies in Makefile, this makes things safer because on any .h change it
would force a recompile of all files, but it could mean things will be a bit slower for us
coders unless we tweak it later on.
- Changed whois a bit to print less useless results.
- Added several indicators to the "detect binary incompatible modules"-system such as detecting
of a ziplinks module on non-ziplinks (on windows this is ok however), nospoof module on a
a server without nospoof server, etc. Hopefully this will help some people preventing odd
crashes because they did not recompile or (re)install modules properly.
- Added './unreal backtrace', so far this has only been tested on Linux and FreeBSD.
- Fixed a bug making ./Config not load the previously stored settings on Solaris 10 and
probably other Unixes, reported by lion-o (#0002474).
- Modulized a lot of commands and related subfunctions: NICK (750 lines), USER (200),
MODE (2300), WATCH (250), JOIN (600), PART (250), MOTD (100), OPERMOTD (100),
BOTMOTD (100), LUSERS (100). More will follow soon (probably including more subfunctions
related to existing commands).
work just the same as the HOOKTYPE_LOCAL_* variants).
- Module coders: HOOKTYPE_REMOTE_CONNECT is now also called during net-merge. You can use
IsSynched(sptr->srvptr) to find out if it's called due to a net merge (0) or a connect (1).
- Added spamfiler 'user' (u) target. This regex is checked against nick!user@host:realname
when a user connects. This makes it easy to ban drones with simple patterns.
For example: '/spamfilter add u gzline 86400 Drone[0-9]+!.+@.+:Drone[0-9]'
would kill any drones that have both a nick and realname with 'Drone' followed by digits.
because it's slightly faster (already replaced all of them in src/s_kline.c).
GetIP(acptr) will return the ip for local users and remote users that support NICKIP,
it returns NULL for remote users that are on non-NICKIP servers (or have non-NICKIP
servers along their path).
- internal: tkl_add_line now returns aTKline *
- Added some more hooks:
- HOOKTYPE_TKL_ADD [aClient *cptr, aClient *sptr, aTKline *tk]
- HOOKTYPE_TKL_DEL [aClient *cptr, aClient *sptr, aTKline *tk]
NOTE: 'NULL, NULL, tk' is used for *lines that are removed due to expiring
- HOOKTYPE_LOCAL_KILL [aClient *sptr, aClient *target, char *comment]
- Added release notes (no, we won't release 3.2.1 anytime soon.. just updating ;p).
- Added various extra messages to make it a bit more easier for people who are
upgrading (win32 commands.dll, cloaking mod).
- Made win32 ssl<->non-ssl modules binary compatible.
- Added ssl/non-ssl check in Mod_Version on *NIX.
- Added set::options::flat-map: This makes all servers look like they are linked
directly to the server you are on (/map, /links), thus you cannot see which server
is linked to which ("hopcount"). This can make it a bit harder for kiddies to find
any 'weak spots' (which server to attack/[D]DoS). Obviously opers will always
see the real map.
value should now be one of EX_*:
EX_DENY : disallowed, except for oper override
EX_ALLOW : allowed
EX_ALWAYS_DENY : disallowed, even in case of operoverride (eg for
operlevel modes like +A).
Note that it's backward compatible since TRUE/EX_ALLOW=1 and FALSE/EX_DENY=0.
- Fixed a few bugs with oper override & extended chanmodes, for example
chanmode +T could not be set by a globop w/can_override and non-+hoaq.
- Added snomasks 'S' (Spamfilter) which notifies you of any spamfilter matches.
- [internal] always return after spamfilter match, don't continue looping trough
targets list (eg in case of: /msg #a,#b,#c spamspam), otherwise you would get
duplicate notification msgs.
- Added SENDSNO server command, similar to SENDUMODE but for snomasks, this is
used by the spamfilter snomask (+S) so you get network-wide notifications.
- Added "compiled for.." versioning system, this way a beta17 module can't be loaded
on beta18, etc... People often forgot to recompile their modules or had old ones
somewhere by mistake, therefore crashing after upgrades... this should fix this
(in the future). Module coders don't have to do anything for making this work,
it's done automatically (via modules.h).
William Pitcock