This is partially for the sake of Stskeeps, even though he left the
project long ago, but mainly so we can work towards dynamic ticks in
the event loop while guaranteeing latencies for connected clients,
even with fakelag.
- Some small updates to the extended channel mode system: it now has minimal
support for 'local channel modes'. This is really only meant for channel
mode +Z (upcase z), see next.
- Added Channel Mode Z which indicates if a channel is 'secure' or not.
This mode works in conjunction with +z (lower case z).
If +z is set ('only secure users may join'), then the IRCd scans to see
if everyone in the channel is connected through SSL. If so, then the
channel is set +Z as well ('channel is secure').
Whenever an insecure user manages to join, the channel is -Z. And whenever
all insecure users leave, the channel is set +Z.
The 'insecure user being present in a +z channel' can be because:
- An IRCOp joined the channel, and he's not secure
- When servers link together and a user on the other side is not secure
This only happens on net merge (equal time stamp).
On different time stamp, we still kick insecure users on the new side.
- At the time when +z is set, there are insecure users present.
This feature was implemented after a heavy discussion in bug #3720 by fez
and others, and was suggested by Stealth.
Tech note: +Z/-Z is handled locally by each server. Any attempt to
remotely set +Z/-Z (eg: by services) will be ignored.
- As mentioned above, +z can now be set even if any insecure users are
present. Previously, this was not permitted. Now, as soon as the last
non-SSL user leaves, the channel will be set +Z.
- An oper not connected through SSL previously had to /INVITE himself
to a channel and then /JOIN the channel with the key 'override'.
This 'override' key is no longer required, a simple JOIN will suffice.
- Sorted channel modes in /HELPOP ?CHMODES
- Re-enabled 'fishy timestamp' errors in MODE. For some reason this was
commented out, even though the (more annoying and less useful) code in
JOIN was enabled so that did not make a lot of sense. It also now logs to
ircd.log (or whatever you configure). This enables people to easier find
the cause of any timestamp issues (which usually is badly coded services).
commands.so. This module was written to help IRCd maintainers deal
with some sort of ``XPS'' attack in which javascript-initiated HTTP
POST form submissions were able to act as dummy IRC bots. These
simple bots were the cause of much spam. (#3893)
- Add a modules section to the documentation. This was created to put
all documentation specific to the m_post module in one, easy to find
place. The documentation on m_post is likely incomplete, however.
- Server protocol: added PROTOCTL EATH=servername, which allows us to
authenticate the server very early in the handshake process. That way,
certain commands and PROTOCTL tokens can 'trust' the server.
See doc/technical/protoctl.txt for details.
- Server protocol: between new Unreal servers we now do the handshake a
little bit different, so it waits with sending the SERVER command until
the first PROTOCTL is received. Needed for next.
- Server protocol: added PROTOCTL SERVERS=1,2,3,4,etc by which a server can
inform the other server which servers (server numeric, actually) it has
linked. See doc/technical/protoctl.txt and next for details.
- When our server was trying to link to some server, and at the same time
another server was also trying to link with us, this would lead to a
server collision: the server would link (twice) ok at first, but then a
second later or so both would quit with 'Server Exists' with quite some
mess as a result. This isn't unique to Unreal, btw.
This happened more often when you had a low connfreq in your link blocks
(aka: quick reconnects), or had multiple hubs on autoconnect (with same
connfreq), or when you (re)started all servers at the same time.
This should now be solved by a new server handshake design, which detects
this race condition and solves it by closing one of the two (or more)
connections to avoid the issue.
This also means that it should now be safe to have multiple hubs with low
connfreq's (eg: 10s) without risking that your network falls apart.
This new server handshake (protocol updates, etc) was actually quite some
work, especially for something that only happened sporadically. I felt it
was needed though, because (re)linking stability is extremely important.
This new feature/design/fix requires extensive testing.
This feature can be disabled by: set { new-linking-protocol 0; };
new commands SVSNOLAG/SVS2NOLAG (syntax: SVSNOLAG [+|-] NickName). Obviously, care
should be taken when giving such access to a user since he/she will be able to flood
at full speed and could possibly take down the entire IRCd (well, everyone on it).
Suggested by avb, coded by djGrrr.
map the command '/BLAH 5' to 'NICK idiot5'. More info in docs on alias block.
- Modulized: badwords system (src/badwords.c is now gone) and StripColors/StripControlCodes
to m_message, multiple netsynch routines to m_server, send_list to m_list, a certain mode
routine to m_svsmode, all /MSG IRC.. webtv stuff to src/modules/webtv.c which is compiled
with m_message.
This means another ~1500 lines of code are now in modules (and thus can be upgraded on
the fly), which brings the total of modulized lines at 32K.
- Modulized NAMES command (can now be upgraded on the fly, if ever needed).
- Added NAMESX support, seeing both mIRC (5.17) and XChat support this. What this does is
send all rights of all users on the channel in the NAMES reply (eg: @+Syzop if the user is +ov)
instead of only the highest one (@Syzop in previous example). We only do so if the client
explicitly requested this via a NAMESX in a PROTOCTL message (eg: 'PROTOCTL NAMESX').
Note that there is a glitch: since most clients only send the PROTOCTL NAMESX after they
see NAMESX listed in the 005 announce message this has the effect that if there are
set::auto-join channels present (where users are automatically joined to by the server) the
extended NAMES reply will not be sent for those channels, because from the IRC server' point
of view the join happened before the PROTOCTL and hence it does not know the client wanted
NAMESX at that point (the result is not catastrophic: the old-style NAMES is sent for those
channels). Anyway, for all non-autojoin channels this works great. So still worth adding IMO.
Originally suggested in #0000606.
Side note: this does not mean we dropped the idea of (also) having a challenge-response
system for good ;).
and 2000 lines total that can be hotfixed if needed ;). The effort involved in moving all
this sucks a lot though :/. This might need some more testing to make sure it doesn't break
anything.
- Updated support OS list in documentation.
- Redid include dependencies in Makefile, this makes things safer because on any .h change it
would force a recompile of all files, but it could mean things will be a bit slower for us
coders unless we tweak it later on.
- Changed whois a bit to print less useless results.
- Added several indicators to the "detect binary incompatible modules"-system such as detecting
of a ziplinks module on non-ziplinks (on windows this is ok however), nospoof module on a
a server without nospoof server, etc. Hopefully this will help some people preventing odd
crashes because they did not recompile or (re)install modules properly.
- Added './unreal backtrace', so far this has only been tested on Linux and FreeBSD.
- Fixed a bug making ./Config not load the previously stored settings on Solaris 10 and
probably other Unixes, reported by lion-o (#0002474).
- Modulized a lot of commands and related subfunctions: NICK (750 lines), USER (200),
MODE (2300), WATCH (250), JOIN (600), PART (250), MOTD (100), OPERMOTD (100),
BOTMOTD (100), LUSERS (100). More will follow soon (probably including more subfunctions
related to existing commands).
- Module coders: if CmdoverrideAdd() is called for an override that is already in place, it
now sets MODERR_EXISTS as errorcode and returns NULL (previously it added duplicates).
In the past module coders had many issues with PERM mods... you had to use weird tricks,
but now you can (and should!) just override on INIT and on HOOKTYPE_REHASH_COMPLETE.
- Moved register_user declaration to h.h, updated call in m_pingpong.c (due new 'ip' field).
- Usermode +v ('receive dcc send rejection notices') is oper-only now for privacy reasons.
- Added dcc allow { }, which allows one to make exceptions over deny dcc { }.
- Added deny dcc::soft and allow dcc::soft item, if set to 'yes' it allows someone
to explicitly override it per-person via /DCCALLOW (see next).
- Added DCCALLOW system, taken directly from bahamut.
With this system you can block certain (or all) DCC SENDs and then allow the user to
'override' this limit for every user he/she trusts via '/DCCALLOW +User'.
This is an attempt to stop (or at least limit) the spreading of viruses/etc.
See '/DCCALLOW HELP' for more info.
- Added example dccallow.conf which filters everything except some known
'safe types' (jpg, jpeg, png, gif, etc). Note that the purpose of this file
is NOT to get a complete list, rather to limit it to a few 'known safe' entries.
- Added set::maxdccallow: max number of entries of the DCCALLOW list (default: 10).
- Fixed a few wrong macro's (ircstrdup/ircfree) in s_conf.c causing
very weird behavior... This also fixes a bug where set::spamfilter::ban-reason
would have the value of ban-time.
- Improved spamfilter again.
- The new syntax is:
/spamfilter [what] [type] [action] [tkltime] [reason] [regex]
[tkltime] specifies the duration of any *lines placed by this rule.
[reason] specifies the *line, kill and/or block reason.. no spaces
allowed, but '_' will be escaped to a space.
In both cases you can simply use '-' to skip and use the default.
Ex: /spamfilter add p block - - Come watch me on my webcam
/spamfilter add p gline 3h Please_go_to_www.viruscan.xx/
nicepage/virus=blah Come watch me on my webcam
- A message is now shown if the msg/notice/dcc is blocked.
- There are 2 new spamfilter action types:
'dccblock' will mark the user so (s)he's unable to send any files by DCC.
'viruschan' will part the user from all channels and join
set::spamfilter::virus-help-channel (default: #help).
this action might be improved to do more later.
- Internal: added EXTTKL PROTOCTL, this determinates if 10 parameters
instead of 8 are supported for m_tkl (used by spamfilter add).
This new system needs some testing... :)
- Added snomasks 'S' (Spamfilter) which notifies you of any spamfilter matches.
- [internal] always return after spamfilter match, don't continue looping trough
targets list (eg in case of: /msg #a,#b,#c spamspam), otherwise you would get
duplicate notification msgs.
- Added SENDSNO server command, similar to SENDUMODE but for snomasks, this is
used by the spamfilter snomask (+S) so you get network-wide notifications.
- Added "compiled for.." versioning system, this way a beta17 module can't be loaded
on beta18, etc... People often forgot to recompile their modules or had old ones
somewhere by mistake, therefore crashing after upgrades... this should fix this
(in the future). Module coders don't have to do anything for making this work,
it's done automatically (via modules.h).
- Normal users can now get a list, versioninfo will be hidden however.
- Opers get some additional details like hooks and commandoverride's.
- Opers can use /module <servername> to get a remote list of loaded modules.
- Added flag [3RD] to show it's a 3rd party module
This was requested by by quite some people because serveradmins started to load
"spy modules" without clearly mentioning it in the MOTD (which is highly unethical
and in some countries even illegal due to privacy law). Also the remote module
list was requested by quite a few opers.
Sure, this isn't a 100% guarantee but at least if someone goes hiding stuff
then it's clear what their intentions are (and thus will be refused support, ..).
- Changed emailaddr in help window at windows to unreal-users mailinglist.
- Made the cloak mismatch msg during linking a bit more scary.
- Added comment to 'Install as a service' option in installer to help n00bs a bit.
* Removed thread questions from Config, and autoconf code from
configure.in, leaving in the old macros though, but inactive
--enable-standardthreads is dead as of now
* Undefined HOOKTYPE_SCAN_INFO
* Removed CONF_EXCEPT_SCAN
* Removed locking in events, Lock/UnlockEventSystem still active for other
possible uses.
* Removed scanners, web server module
* Removed except scan {}
* Removed SCAN_API stuff from l_commands.c, win32 makefiles, etc
* Removed basically any mentions of threads in source tree, excepting
threads.h which Resolver uses on win32
* Documentation changes not done yet