1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 09:03:12 +02:00
Commit Graph

9740 Commits

Author SHA1 Message Date
Bram Matthys acbedd5938 Also trigger hi connection warning when near maxconnection limit 2023-06-04 10:06:12 +02:00
Val Lorentz a94884c6a9 Mention that hbm_return_after actually implements BETWEEN (#252) 2023-06-04 07:58:57 +00:00
Bram Matthys 635c4e22dc README: Sync "About UnrealIRCd" with the text on the site
[skip ci]
2023-05-31 18:20:46 +02:00
Bram Matthys 61cd88c710 Update market share percentage in README to match IRCStats Dec'2022 2023-05-31 16:09:56 +02:00
Bram Matthys f1a5e30e8a ** UnrealIRCd 6.1.1-rc1 ** 2023-05-31 08:16:57 +02:00
Bram Matthys 0816cf79bc TOPIC does not need CMD_BIGLINES anymore after commit
c32ff22a3e
[skip ci]
2023-05-31 07:33:08 +02:00
Bram Matthys e3bd914ad8 Add a link in release notes
[skip ci]
2023-05-29 19:18:33 +02:00
Bram Matthys c32ff22a3e Change the meaning of CMD_BIGLINES of yesterday.
Without CMD_BIGLINES: parameters to commands can be 510 bytes max
(but eg. strlen(parv[1])+strlen(parv[2]) can be >510, like 510*2,
 when received from servers with BIGLINES support).
If someone does set CMD_BIGLINES in their CommandAdd() then the
parameter(s) size is not limited an can be up to 16k.

This is a bit more risky than previous but i think most command
handlers can handle parameters of max BUFSIZE/512 just fine
and care less about the grand total. Also, the risk is only
from server traffic and not from user traffic. Still, we will
keep going through the source to check for issues.
2023-05-29 15:16:18 +02:00
Bram Matthys bb419b95d1 Remove set::maxbanlength as it is not useful and only confusing.
https://www.unrealircd.org/docs/Set_block#set::maxbanlength
2023-05-28 20:25:02 +02:00
Bram Matthys 23bddde416 Server w/o BIGLINES: fix line cutting at wrong place in parse2() 2023-05-28 18:37:13 +02:00
Bram Matthys 7820676616 SetDeadSocket() in close_connection()
to avoid a crash in todays code which was like:
1) exit_client gets called
2) close_connection() sets client->direction to NULL
3) a bit further it calls remove_dependents()
4) a sendto is attempted and the new code accesses
   client->direction which is unexpected to be NULL

Actually i should probably trace the cause of the sendto_one()
but that is another story ;)
2023-05-28 18:13:34 +02:00
Bram Matthys e3262c6bd8 Change default for set::topic-setter and set::ban-setter to 'nick-user-host',
previously it was set to 'nick'

Also allow the full topic length for the nick-user-host case, now that
we have BIGLINES support. For non-BIGLINES-servers this could mean a
potential cutoff of the last 20 characters of the topic, which is why we
restricted it to 340 instead of 360 for nick-user-host previously, but
that is really only in the corner case / worst case, like with max NICKLEN,
max USERLEN, max HOSTLEN, max CHANNELLEN, etc... i think we can live
with that small "problem" until all servers upgrade.
2023-05-28 17:54:44 +02:00
Bram Matthys 82dd83f7dc Use BIGLINES in RRPC when possible (and deal with splitting up again
when it is not possible, mixed server scenario).
Now a big RRPC response like server.module_list for a remote server
(44KB) fits in only 3 lines, instead of almost 100 lines.
2023-05-28 16:11:38 +02:00
Bram Matthys 2fcb5b4669 * Server to server lines can now be 16384 bytes in size when
`PROTOCTL BIGLINES` is set. This will allow us to do things more
  efficiently and possibly raise some other limits in the future.
  This 16k is the size of the complete line, including sender,
  message tags, content and \r\n. Also, in server-to-server traffic
  we now allow 30 parameters (MAXPARA*2).
  The original input size limits for non-servers remain the same: the
  complete line can be 4k+512, with the non-mtag portion limit set
  at 512 bytes (including \r\n), and MAXPARA is still 15 as well.
* I chose 16k because I don't want to first raise it to like 8k
  and then realize later that 16k would be better and raise it again.
* To receive BIGLINES in a command, you need to `CommandAdd()` with
  flags `CMD_BIGLINES`, without it you still get regular 512 max.
  This is so, because a lot of the code does not expect longer than
  512 bytes lines or in parameters, so we can gradually change that
  (where needed).
2023-05-28 15:06:32 +02:00
Bram Matthys 5e64991296 Fix CHATHISTORY BETWEEN accidentally including a message too much
Reported by progval in https://bugs.unrealircd.org/view.php?id=5952
2023-05-28 11:08:46 +02:00
Bram Matthys a4d7ca022e Update CHATHISTORY AROUND to include middle message
Reported by progval in https://bugs.unrealircd.org/view.php?id=5953
2023-05-28 10:15:51 +02:00
Val Lorentz f768b34050 chathistory: Advertize MSGREFTYPES ISUPPORT token (#251)
https://ircv3.net/specs/extensions/chathistory#isupport-tokens

The spec says they should be 'in order of decreasing preference'.
As currently the only backend is in-memory, this doesn't matter so I
picked `msgid` first (as it's less ambiguous); but this can be revisited
later if/when adding a backend which is more efficient with timestamps.
2023-05-28 05:57:36 +00:00
Bram Matthys b6179d87d0 Update release notes a bit
[skip ci]
2023-05-27 19:21:59 +02:00
Bram Matthys 1a8653de19 Fix require module not working on one side, sending SMOD too early.
Has to do with running HOOKTYPE_SERVER_CONNECT too soon, before
introducing ourselves to the other side. This bug was created in
commit ddf639836b so exists in
all UnrealIRCd 6 versions (-beta1 and up).

The hook call is now moved further down.
2023-05-27 19:14:27 +02:00
Bram Matthys 8e2527741b Update shipped libraries: c-ares to 1.19.1 2023-05-27 16:03:59 +02:00
Bram Matthys e0bce86445 Fix config check for old webirc { } block (if missing password) 2023-05-27 08:44:17 +02:00
Bram Matthys 55670c5865 Fix memory leak created today on REHASH (free the proxy blocks) 2023-05-26 16:41:02 +02:00
Bram Matthys 257ec35931 Require proxy blocks to have a name, like proxy nginx { }
Not sure yet where/when this will be used or displayed (WHOIS?
connect line?), but better require it straight from the start.
2023-05-26 16:32:23 +02:00
Bram Matthys 995d28cacb Add duplicate_security_group() function, and also:
unreal_duplicate_masks()
duplicate_nvplist()
duplicate_name_list()

And use this for when proxy::type is web, to duplicate the
exact criteria to the ban exception as mentioned in previous
commit.
2023-05-26 16:15:09 +02:00
Bram Matthys f241fef575 For proxy::type web, automatically add proxy::mask to exceptions
for blacklist, connect-flood, handshake-data-flood
(Well, unless mask::ip is used with a wildcard, due to current
 technical limitations, that will be resolved later)
2023-05-26 15:56:17 +02:00
Bram Matthys fa4b39d4aa Fix "function returns an aggregate" to make GCC happy.
Actually I don't think this was really wrong as this is an
enum, which is probably why clang does not complain...
but still... whatever....
2023-05-26 14:40:24 +02:00
Bram Matthys cf5808dc44 Error on listen::options::websocket::forward and tell to use proxy { } block.
[skip ci]
2023-05-26 14:36:20 +02:00
Bram Matthys a7cf24c45d Mention new https://www.unrealircd.org/docs/Proxy_block in release notes
and also for safety when redoing DNS and ident due to IP change,
we now:
ClearIdentLookupSent(client);
ClearIdentLookup(client);
ClearDNSLookup(client);
2023-05-26 14:26:26 +02:00
Bram Matthys fb54d4a2c6 Replace do_parse_forwarded_header() and set WEB(client)->forwarded
depending on what we get from the proxy, so it can be used later
in the websocket module for setting the user secure or not
(the latter similar to what k4be already did in the old code).
2023-05-26 13:31:01 +02:00
Bram Matthys d2f45fcaaf Move webserver proxy handling from the websocket to the webserver module.
This now requires a proxy { } block -- docs follow soon

This uses part of k4be's code still, to do the parsing,
so still only "Forwarded" and quick workaround for bug
when for=XXX is the final item.
2023-05-26 13:05:30 +02:00
Bram Matthys c537a72c10 Make proxy::mask and webirc::mask a generic mask item almost all
others in the config - https://www.unrealircd.org/docs/Mask_item
2023-05-26 12:39:11 +02:00
Bram Matthys 9aafdb7f9c Move handling of webirc { } block into new proxy { } block (allow the old name)
This is untested, as I'm first working on the rest...
2023-05-26 12:23:51 +02:00
Bram Matthys c2d465c5dd Move chunk of code from start_of_normal_client_handshake() to
a function called start_dns_and_ident_lookup(). This can then
be easily called from other places as well, like the code k4be
did in src/modules/websocket.c to handle proxies.

Side-effect is that ident lookups would now be done, if we are
configured to do so, for forwarded webirc stuff (not that I
think many people use that feature at the moment...).
2023-05-26 11:24:01 +02:00
Bram Matthys 52472a9a88 Add support for set unknown-users { } and the like:
It is now possible to override some set settings per-security group by
having a set block with a name, like `set unknown-users { }`
* You could use this to set more limitations for unknown-users:
  ```
  set unknown-users {
          max-channels-per-user 5;
          static-quit "Quit";
          static-part yes;
  }
  ```
* Or to set higher values (higher than the normal set block)
  for trusted users:
  ```
  security-group trusted-bots {
          account { BotOne; BotTwo; }
  }
  set trusted-bots {
          max-channels-per-user 25;
  }
  ```
* Currently the following settings can be used in a set xxx { } block:
  set::auto-join, set::modes-on-connect, set::restrict-usermodes,
  set::max-channels-per-user, set::static-quit, set::static-part.
2023-05-22 12:07:43 +02:00
Bram Matthys e575d0ea05 Update modules.default.conf with more examples of what can go wrong
if you decide to go with your own modules.custom.conf, and why
blacklist-module is a safer approach.
[skip ci]
2023-05-22 08:02:30 +02:00
Bram Matthys 58228e28b3 Prevent people from using an old modules.default.conf.
That file has such a clear warning in it but still people
manage to load old ones. That being said, usually it is not
deliberate, like an cp ../unrealircd.old/conf/* conf/
2023-05-22 07:52:06 +02:00
Bram Matthys 6bbb5dee37 Add str_starts_with* and str_ends_with* functions:
int str_starts_with_case_sensitive(const char *haystack, const char *needle);
int str_ends_with_case_sensitive(const char *haystack, const char *needle);
int str_starts_with_case_insensitive(const char *haystack, const char *needle);
int str_ends_with_case_insensitive(const char *haystack, const char *needle);
[skip ci]
2023-05-22 07:42:26 +02:00
Bram Matthys 3652940c2c Add set::anti-flood::<secgroup>::max-channels-per-user setting to override
the default set::max-channels-per-user (also called set::maxchannelsperuser).

This way you can give known-users a higher max-channels-per-user,
or even a special security group for trusted users (that you may
already have given a more lax flood setting and lower lag-penalty
etc. etc. so that fits in nicely)

And yeah this also:
* Makes it both in set and the anti-flood block accept both
  maxchannelsperuser and max-channels-per-user.
* Removes old MAXCHANNELS= in 005, as we already have CHANLIMIT=
This does not:
* Re-announce the 005 CHANLIMIT= if someone transitions from a security
  group with a different max-channels-per-user. We don't do that for
  IRCOps either, and I think no IRCd does that actually...
  To be honest i wonder if sending the limit in 005 is useful at all,
  do client really track this and limit their GUI based on it?? Doubt it!
2023-05-19 21:47:23 +02:00
Bram Matthys f2015ad865 Fix crash when removing a listen { } block with websocket or rpc
(or changing the port number). Reported by Nini.

Rather complex case: when the listen block is removed, obviously
the config hooks are not called for the (now non-existing) listen
block, and thus the websocket->request_handler and such are not
set to the new address of the websocket handler.
We now use a slightly silly workaround / new hook to fix this
corner case. Ideally there would be an extra layer in-between
like a handler lookup by name, or something like that.
(Or make the websocket module PERM but we don't want that!)
2023-05-19 19:29:46 +02:00
Bram Matthys 9ea1e0e99c Update release notes a bit
[skip ci]
2023-05-18 13:23:22 +02:00
Bram Matthys 815c97c81e Update release notes on the new functionality of today.
[skip ci]
2023-05-18 13:21:44 +02:00
Bram Matthys f804c5ed65 Add detection and set the high connect rate to 1000 per seconds.
https://www.unrealircd.org/docs/FAQ#hi-conn-rate
This finishes https://bugs.unrealircd.org/view.php?id=5532
2023-05-18 13:15:17 +02:00
Bram Matthys 82dbc4a297 Add except ban { } for IRCCloud for maxperip & connect-flood.
In both the release notes to illustrate and in example*.conf
because this is generally a good idea.
2023-05-18 12:01:29 +02:00
Bram Matthys 9b9434e442 Delay throttling check until IP is resolved or failed to resolve.
This so you can use throttling exceptions (eg in ELINE) on hostnames.

That is, the above is during normal circumstances. Similar to previous
commit we will turn this feature of during high connection rates.
That is a TODO item.
2023-05-18 11:51:22 +02:00
Bram Matthys 89075e532a Send throttling and some other error messages to SSL/TLS users (encrypted).
This is the start of "be more friendly to TLS users with disconnect
error messages" from https://bugs.unrealircd.org/view.php?id=5532

As that bug explains:
Consider doing the SSL/TLS handshake even for throttling errors and such
when the (reject) connection rate is below a certain amount per second.  If
it is higher than a certain rate, then fall back to the original behavior to
reject the user instantly without handshake or looking at any data.
Rationale: the current/original behavior is there so the ircd can handle
floods, both in terms of traffic and in terms of CPU usage (the SSL/TLS
handshake is quite costly after all).  The downside of the current behavior
is that TLS users don't see the error message, usually.  This feature
request tries to find a middle ground.

Still a TODO item:
* We don't detect high rates yet, so we only do this new behavior atm
  and not yet the old behavior during high connection rates.
* Verify that error messages/behavior hasn't changed (too) much,
  like the throttling and the banning disconnect messages.
2023-05-18 11:17:37 +02:00
Bram Matthys 40bdef6cd9 Make exceeds_maxperip() use a hash table (performance improvement) 2023-05-17 19:44:10 +02:00
Bram Matthys 63cfe56208 Use LineCache in sendto_local_common_channels() 2023-05-15 17:12:38 +02:00
Bram Matthys b19b70e876 Speed up invisibility checks for delayjoin mode (and when not used too).
This adds user_can_see_member_fast() which is used in at least 3 places
now, more places may follow later. It has extra paramters for membership
and membership modes that is very likely already looked up by the caller
(or if not, it is worth doing so by the caller).

This is work in progress so if everything crashes or people mysteriously
seem not present in channels (or the other way around) i would not be
surprised :D.
2023-05-15 16:58:51 +02:00
Bram Matthys 0874e376bc Add LineCache which is used when sending a message to a channel.
When sending to channel members this will cache full IRC protocol
lines, including message tags and \r\n, for similar clients.
This avoid the need for many mtags_to_string() calls and also
entire parts of sendbuf_to_one() can be skipped as well.
The "Similar clients" cache entries are defined as clients that:
1) Are of the same type: normal local client, ircop local client
   or remote client.
2) Have the same CAPs set, that is: we only look at CAPs that actually
   have anything to do with message tags ('clicaps_affecting_mtag')
3) Optionally there can be an explicit line_opts. It is not used yet
   but could be used when there are different type of lines sent
   depending on other criteria, such as chanop status or something
   else that doesn't fit in #1 and #2.
2023-05-15 15:27:52 +02:00
Bram Matthys 5b071d7bfd Change return value of add_listmode() / add_listmode_ex(). This fixes
a bug when two servers merge, you could see +beI items being set that
already exist, if the timestamp or setter differed between servers.
Now they are updated but no +beI is shown.
https://bugs.unrealircd.org/view.php?id=5681
2023-05-08 18:52:22 +02:00