pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-12 17:14:46 +02:00
Code Activity

Commit Graph

  • 5b6c00946a Optimize set_user_modes_dont_spread(): use _cmd_uid() directly. Only downside is that mtags would be NULL, but we don't use it in cmd_uid() so that's okay. This saves us from generating mtags in do_cmd() when we don't need it. And also a command handler lookup and all that. Saves around 8% of unrealircd CPU for 100k connects. Bram Matthys 2025-10-05 10:57:49 +02:00
  • 80189a6ce9 Replace a HasCapability() with HasCapabilityFast() Since mtags_to_string() is a function that is called a lot, this matters. Bram Matthys 2025-10-05 10:31:56 +02:00
  • fa8a0b2083 Make IsSynched() check if both the "far" server and the "near" server are synched. Both need to be checked, because: * The "far" server may be fully synched to "near" (and thus tagged as synced) but the "near" server may be introducing the "far" server, when we are connecting to "near" * The "near" server may be fully synched but the "far" server is connecting in and may thus not be synched yet Bram Matthys 2025-10-05 10:16:46 +02:00
  • 9b493cfe6a Avoid a get_floodsettings_for_user() call for servers. This didn't show up in initial profiling, but now that other areas are faster, this one starts to show up with 15% for 100k-clone remote server traffic. Easy change :D Bram Matthys 2025-10-05 09:02:51 +02:00
  • c729d18a8c Add (faster) remove_user_from_channel_withmb() and use it from various places. We can use this when we already have the Membership struct, which is the case for PART, (SA)JOIN 0 and QUIT. Saves a couple of iterations. Bram Matthys 2025-10-05 09:01:08 +02:00
  • af0a784464 Make member & membership point to each other so lookups can be much faster. This also makes them proper list items, again to make certain fast operations possible. Main thing is that removing an entry does not require us to walk all of those lists. Not all code has been modified yet to benefit this, actually only very little, the most performance-impacting ones. Bram Matthys 2025-10-05 08:24:14 +02:00
  • 55dd4601f2 Change some find_member_link() to find_membership_link() which is faster. The first one iterates through all channel members (can be hundreds or thousands) and the latter goes through the channels a user is in (typically <15). Bram Matthys 2025-10-04 20:44:34 +02:00
  • 68ef88c0c4 Move from HOOKTYPE_VISIBLE_IN_CHANNEL to invisible setting in member->memb_flags. This so we can use fast(er) techniques here and there. Bram Matthys 2025-10-04 20:31:32 +02:00
  • 1473f52603 Another sendto_channel() optimization in case of some PRIVMSGs. When the channel is +H we broadcast to all servers, so we can simplify that case and don't need to iterate the channel->members. The same is true if set::broadcast-channel-messages is set to 'always', though that is not known to be used much. Bram Matthys 2025-10-04 08:50:42 +02:00
  • e92b8ef3ad Fix uninitialized variable in sendto_channel() Bram Matthys 2025-10-03 19:14:44 +02:00
  • 2e21e7fdbf Make sendto_local_common_channels() use channel->local_members. This too should be a significant performance improvement for multi- server networks. Especially since this isn't just num_channel_members of 1 channel, but about common channels, so could easily be like all channel members of 10 channels combined. Bram Matthys 2025-10-03 19:10:28 +02:00
  • cfe3ce38b2 testssl_profiles/*txt: TLS 1.2 -> TLSv1.2, etc... Bram Matthys 2025-10-03 18:47:32 +02:00
  • 569a12055f Add channel->local_members and use it in sendto_channel(). This makes things a lot faster on multi-server networks, especially for big channels where most of the clients in the channel are remote users. Bram Matthys 2025-10-03 18:01:03 +02:00
  • 86e7ab307a Bump dbufs from 4k to 8k. Gives a 5% performance improvement. That is, during my tests with 1000 TLS clients doing a couple of commands, including one big one (WHO #channel on a 1000 user channel). Bram Matthys 2025-10-03 16:04:00 +02:00
  • 902802a8dc I/O engine: don't request write notification if we don't need it. Bram Matthys 2025-10-03 15:59:50 +02:00
  • 45ef8d1cf1 Fix multi-prefix (#320) Val Lorentz 2025-09-30 23:57:45 +02:00
  • d5332ca765 Fix memory leak in JSON-RPC stats.get Bram Matthys 2025-09-30 16:50:06 +02:00
  • ac9709531a Fix windows compile which was broken on Sep 17 by commit 0c17276039. Bram Matthys 2025-09-29 19:40:07 +02:00
  • 792eca7d4d Fix chathistory test fail... duh.. accidentally set a local var. Bram Matthys 2025-09-29 18:04:24 +02:00
  • 15c8b1aa40 Optimization: Use HasCapabilityFast() in whox.c and extended-monitor.c The whox one saves a lookup for each channel member (so eg 500 for a channel with 500 members). The extended-monitor saves it on delivering watch/monitor notifications, so depends on the # of subscriptions. And that's each time such a command is called. We now only lookup on MOD_LOAD. Bram Matthys 2025-09-29 17:59:30 +02:00
  • 80a381c76a Optimization: history: use HasCapabilityFast() instead of HasCapability() This makes it so the capability bit lookup is done only once on module load and not on each client JOIN. Bram Matthys 2025-09-29 17:17:20 +02:00
  • e42610ebba Optimize MONITOR / WATCH to do ModData lookup only at MOD_LOAD() instead for each MONITOR / WATCH command. We use the same technique in other modules, eg for websockets. Bram Matthys 2025-09-29 16:56:16 +02:00
  • c0a46abd60 ModData API: add ModDataInfo .priority item and use it to speed up things by making the keys with the most lookups first, e.g. "reputation", "geoip", "certfp". This order is based on actual lookup counts during a quick test with 250 clones doing some typical IRC traffic. Bram Matthys 2025-09-29 16:43:25 +02:00
  • db6476e1ab ModData API (internal): split the single linked list into 7 lists, to speed up moddata_client_get() etc -> findmoddata_byname(). Apparently we have 52 moddata registrations (that is without 3rd party modules) so otherwise it is a loooong linked list. Bram Matthys 2025-09-29 16:11:31 +02:00
  • 51625592cb Get rid of a memset() of 16k in labeled response implementation. This was done in lr_pre_command() and lr_post_command(). Nowadays we have BIGLINES stuff from servers that cause MAXLINELENGTH to be 16k, so the LabeledResponseContext ended up being 16k+. Although we normally have the policy to zero out complete structs in UnrealIRCd instead of only individual members (for safety, easy to overlook security bugs), in this case we will do zeroing of struct members explicitly. Added some warnings about this too in the source code. Zeroing 16k twice for each command is a bit too much waste. Bram Matthys 2025-09-28 18:24:23 +02:00
  • cf2c3baca5 Whoops.. fix compile. Bram Matthys 2025-09-28 18:02:12 +02:00
  • 2ee12bf326 Make SHA256 30% faster when used for cloaking and other very small inputs, simply by re-using the context. Bram Matthys 2025-09-28 17:19:04 +02:00
  • b3fd6b9bca Optimization: use umode_letter_to_handler[] for faster has_user_mode() and find_user_mode(). That's one array of 256 elements, instead of iterating a linked list where - if you are unfortunate - one may need like 26 iterations. Bram Matthys 2025-09-28 16:46:50 +02:00
  • e3b92cc084 away_join() optimization: don't bother if user is not away. Otherwise we are iterating <num channel members> all for nothing. Bram Matthys 2025-09-28 16:20:19 +02:00
  • 5a02d4f52c Get rid of the *@unrealircd.com mask in the example vhost as it is commented out now anyway. And thus, get rid of the related comment as well. Bram Matthys 2025-09-28 10:41:00 +02:00
  • c8431b7cb8 Make client->local->caps a 64 bit unsigned int on all archs. This was previously a "long", which could cause issues on 32 bit archs. We ship with 28 CAPs now, and that's without 3rd party modules, so... Bram Matthys 2025-09-28 09:57:20 +02:00
  • a2e099bf47 Extbans: fix various syntax error / usage examples where old single letter is used instead of the full name (eg ~S instead of ~certfp). We have named extended bans since UnrealIRCd 6.0.0 (2021) already... Bram Matthys 2025-09-25 19:27:34 +02:00
  • ddfe7c535c Make TLINE use server_ban_parse_mask() so it uses the same logic as GLINE. This fixes something like TLINE ~country:us not automatically converting to ~country:US, since previously conv_param() was not called. But it also means other code is used in the same way as GLINE (other type of rejections), for example invalid server ext ban will print a better error with syntax info (e.g. TLINE ~certfp:xx). Bram Matthys 2025-09-25 19:14:35 +02:00
  • 65b69f9164 Sync away_since in S2S traffic from now on. Bram Matthys 2025-09-24 13:44:47 +02:00
  • 995b67f785 Module manager: add "last-updated" property to generated module list. Bram Matthys 2025-09-24 09:58:21 +02:00
  • 53707f27b9 Fix unitialized variable in link config test, due to commit from yesterday (4c6e259681). Bram Matthys 2025-09-22 08:25:18 +02:00
  • 602f6c7238 URL API: add .minimum_tls_version, and use TLS1_3_VERSION for central-blocklist. Bram Matthys 2025-09-21 14:18:30 +02:00
  • 507061af46 Add tls-options::signature-algorithms for those who want to override the default. We don't set it in UnrealIRCd at the moment, so this is just to override the OpenSSL defaults at the moment. It is good to have this exposed, in case some vulnerability is discovered or you need some flexibility in tweaking this. Bram Matthys 2025-09-21 13:48:04 +02:00
  • b0b6cc81e2 This belongs to the autoconf upgrade too (see previous) Bram Matthys 2025-09-21 13:39:12 +02:00
  • fd5db98c88 Rebuild ./configure after upgrade of autoconf 2.71 to 2.72 Bram Matthys 2025-09-21 13:37:31 +02:00
  • d1b1a413cf Make code that sets TLS groups also apply to client context. (groups were previously called ecdh-curves) Bram Matthys 2025-09-21 13:22:56 +02:00
  • 4c6e259681 You can now use "password" multiple times in the conf (eg in allow::password). Bram Matthys 2025-09-21 11:31:31 +02:00
  • 877d151da4 Support multiple TLS certificates/keys, e.g. ECDSA + ML-DSA (PQC). Bram Matthys 2025-09-21 09:58:13 +02:00
  • ccc80477ef Fix OOB read in UTF8ONLY code from today. Bram Matthys 2025-09-20 17:00:33 +02:00
  • b4e65b1414 Fix various "too early" cutoffs with new set::utf8-only feature Bram Matthys 2025-09-20 15:52:31 +02:00
  • dbb2d1a5c8 Move isupport_check_for_changes() to the 'isupport' module. Bram Matthys 2025-09-20 15:02:42 +02:00
  • 595f56007b Add the ISUPPORT command, which simply calls the efunction. Bram Matthys 2025-09-20 14:44:23 +02:00
  • 5cb2428567 Some code cleanup to previous, and apparently the batch type is 'draft/isupport' and not 'draft/extended-isupport'. Bram Matthys 2025-09-20 14:40:16 +02:00
  • e78a6a6dbf isupport & extended-isupport module, work in progress. This is mostly from Valware PR https://github.com/unrealircd/unrealircd/pull/310 Will do more changes in later commits.. Bram Matthys 2025-09-20 14:34:28 +02:00
  • 9e490196a8 set::send-isupport-updates: Valware added this, but this is now expanded to all ISUPPORT tokens, instead of only CHANMODES, PREFIX and STATUSMSG. E.g. changing set::min-nick-length would also broadcast the change. Bram Matthys 2025-09-20 13:58:55 +02:00
  • f22f8d0dcd Add set::utf8-only: if set to 'yes' this means all IRC traffic is UTF only. See https://www.unrealircd.org/docs/Set_block#set::utf8-only and the UTF8ONLY specification at https://ircv3.net/specs/extensions/utf8-only for more information. Bram Matthys 2025-09-20 08:54:16 +02:00
  • d763b9c1e3 Some crash reporter tweaks like TLSv1.3+ and max size (will still use TLSv1.2 if OpenSSL does not support TLSv1.3, though.. OpenSSL 1.1.1 that introduced it is from Sep 2018) Bram Matthys 2025-09-17 20:06:49 +02:00
  • 0c17276039 Move https_new_ctx() from src/url_unreal.c to src/tls.c so it is always available (also w/cURL) so it can be used by the crash reporter. And delete duplicate code crashreport_init_tls() function since it is now unused. Bram Matthys 2025-09-17 19:54:57 +02:00
  • 1685d5243f Write some early release notes [skip ci] Bram Matthys 2025-09-17 13:05:00 +02:00
  • 5e54ab5ed7 Remove some old #ifdef SO_ERROR. That's always available on POSIX and Windows. Bram Matthys 2025-09-17 11:01:46 +02:00
  • a6ae945499 Fix built-in https fetcher to also try IPv6. Bram Matthys 2025-09-17 10:41:01 +02:00
  • 82bf4a6beb Add logging category "advice" that is used by best practices (color: blue). Maybe a bit odd since only <10 things use this category but it makes it stand out as a separate thing much better. As for a level (not that it matters) it is between 'info' and 'warn'. Bram Matthys 2025-09-15 14:20:01 +02:00
  • 2798276316 add -Wno-unterminated-string-initialization Without this on some new compilers this raises a warning (or error with -Werror): const char hexchars[16] = "0123456789abcdef"; Bram Matthys 2025-09-15 07:44:54 +02:00
  • 0b147e8044 Probably helps if i include the file that i added in the Makefile (fix broken compile) Bram Matthys 2025-09-14 18:04:18 +02:00
  • 817abc4101 Add security-group::server-port and similary in match item, to match users by server port (eg 6667, 6697, 8000, etc). Bram Matthys 2025-09-14 17:25:34 +02:00
  • b2d0ec1af3 Move/add local_port & server_port to ModData, so remote clients can be tracked. Bram Matthys 2025-09-14 16:47:51 +02:00
  • f73dbfd7ee Remove previous UnrealIRCd PGP key from doc/KEYS (key expired and succeeded) Bram Matthys 2025-09-14 15:41:14 +02:00
  • a08d1faba7 JSON-RPC: Use issuer in set_by by default (PR #317 from Valware) Valerie Liu 2025-09-14 14:38:35 +01:00
  • f42bab778e Include 'away' information in JSON-RPC users object. Reported/requested by CrazyCat: https://forums.unrealircd.org/viewtopic.php?p=40990 Inspired by Valware's PR: https://github.com/unrealircd/unrealircd/pull/319 Bram Matthys 2025-09-14 15:24:01 +02:00
  • 7a63239dde Fix memory leak with DEBUGMODE enabled (should only be used by devs). In debug mode we also - in the JSON log - log the source file and line number in every log message. This requires special care. A good start was made earlier but that fix was incorrect. Should be good now... at least when i ran tests the leak that was previously there was gone. Bram Matthys 2025-09-14 15:02:42 +02:00
  • 8c26cec5fc Fix 'const' in various functions: various arguments were const char * in the EFunction but not in the actual function. That's bad since it means the "const guarantee" got lost. And one or two similar cases with incorrect parameter types and mismatching return types. This was found with some analyzer, we had no bugreports with regards to this. Bram Matthys 2025-09-14 14:58:40 +02:00
  • 13217cc6ff Bump version to 6.2.1-git Bram Matthys 2025-09-14 14:57:43 +02:00
  • 9042dd21c0 ** UnrealIRCd 6.2.0.2 ** Bram Matthys 2025-09-14 14:21:47 +02:00
  • 64eab2c6ae antimixedutf8: fix extended latin, like éí accents leading to a high score. The 4 unicode blocks are now treated as one big Latin block Latin-1 Supplement, Latin Extended-A, Latin Extended-B ==mapped=to==> Basic Latin Bram Matthys 2025-09-13 18:52:46 +02:00
  • 4cc51af280 ** UnrealIRCd 6.2.0.1 ** Bram Matthys 2025-09-12 07:54:41 +02:00
  • 74538e77d4 Another best practices fix: this one is with listen-nontls-port. Bram Matthys 2025-09-10 16:43:22 +02:00
  • 400a6080ab Actually make it possible for set::best-practices::trusted-cert-valid-hostname to be turned off (it was seen as an unknown option). Reported by PeGaSuS. Bram Matthys 2025-09-10 16:29:30 +02:00
  • 76934cb815 Fix incorrect message about non-trusted SSL/TLS certificate when you use the default certificate/key (conf/tls/server.cert.pem) even when that cert is valid and issued by a trusted CA (like Let's Encrypt). You would get such an incorrect "best practices advice" on-boot, but (fortunately) not on each subsequent REHASH. Bram Matthys 2025-09-10 07:29:10 +02:00
  • bc27eb48fb ** UnrealIRCd 6.2.0 ** Bram Matthys 2025-09-09 18:10:49 +02:00
  • 399dfde33e Update curl-ca-bundle.crt to Tue Aug 12 03:12:01 2025 GMT Bram Matthys 2025-09-08 20:10:11 +02:00
  • 256308a707 Switch back to OpenSSL for the Windows build: * In 2016 we switched from OpenSSL to LibreSSL because the OpenSSL codebase was in a bit of bad shape and LibreSSL promised to be a more modern codebase. Now, almost a decade later, OpenSSL has had many code cleanups and is more security aware (code audits etc), especially since OpenSSL v3 things are looking OK and it seems LibreSSL doesn't have much progress nowadays. Which is understandable as they have a lot fewer coders available but has an effect on things like how long it took for TLSv1.3 to appear and for other new things like PQC. It also seems like security fixes are now slower than OpenSSL instead of the other way around. Anyway, I think they did their job well (together with other people) in "triggering" the OpenSSL project to get things back on track. Let's switch back now. * For context: it seems several Linux distro's that used to do go for LibreSSL have also switched back to OpenSSL. * LibreSSL is still and will continue to be a supported library to use with UnrealIRCd (especially with OpenBSD and FreeBSD in mind). So, if there are any issues (compile problems, configuration problems, some feature not detected), then please report it on our bug tracker at https://bugs.unrealircd.org/ ! We will have to rely more on such user-reports now that the main devs will likely only work with OpenSSL. Bram Matthys 2025-09-08 11:05:13 +02:00
  • e58768eb65 antimixedutf8: ignore general punctuation block transitions Since those can happen in ordinary text. Bram Matthys 2025-09-06 14:02:31 +02:00
  • e8673a06df Fix crash with "STATS tld" if tld::motd is not set. (Only IRCOps can do STATS requests normally, unless the niche feature set::allow-user-stats is used) Bram Matthys 2025-08-30 08:31:34 +02:00
  • ed5bbe6ecb Stop sending 'draft/bot', and only send 'bot' (ratified 26-apr-2022) This, obviously, only for umode +B users. Bram Matthys 2025-08-02 17:12:34 +02:00
  • 7603317c9b Fix some potentially confusing wording in release notes. Bram Matthys 2025-08-01 12:08:27 +02:00
  • 5b2c9a9890 Re-order some release notes items (mention spamfilter enhancements earlier) [skip ci] Bram Matthys 2025-08-01 11:43:46 +02:00
  • aa8a8ee135 ** UnrealIRCd 6.2.0-beta3 ** Bram Matthys 2025-08-01 11:27:13 +02:00
  • 19e4a6fee9 Crash reporter: shut down TLS session gracefully It seems like otherwise the request may not come through fully, not sure but this seems to fix it in my tests. Bram Matthys 2025-08-01 11:21:12 +02:00
  • 2c7bcebaca Make spamfilter:input-conversion accept deconfuse and deconfused for confusables (#316) alice 2025-08-01 08:39:43 +01:00
  • 24fde4f889 Fix crash on "REHASH -dns" (IRCOp only) Reported by vectr0n in https://bugs.unrealircd.org/view.php?id=6538 Bram Matthys 2025-07-31 17:51:56 +02:00
  • 5e6bcaea33 After netsplit, wait for class::connfreq seconds before connecting to server. Bram Matthys 2025-07-30 08:57:40 +02:00
  • 84a1e59a44 Best practices: check if the certificate is actually valid for me::name. Bram Matthys 2025-07-28 09:49:36 +02:00
  • 44177f8c86 No valid trusted cert: change wording a bit ("you don't have any valid certificate"...) Expired: this is a warning, not an error (we still want to boot the ircd) Expired: handle the case for link::verify-certificate explicitly to avoid confusion Bram Matthys 2025-07-28 09:18:05 +02:00
  • 5abea8d4d2 Update release notes a bit with recent changes [skip ci] Bram Matthys 2025-07-27 09:52:37 +02:00
  • 7c66adf196 Don't warn plaintext ports open if set::plaintext-policy::user is 'deny' (.. since users won't get online then anyway) Bram Matthys 2025-07-27 08:38:08 +02:00
  • f39269c518 Fix uninitialized variable in config test for listen { } Caused by previous commit 990fe22e64 Bram Matthys 2025-07-27 08:33:46 +02:00
  • 990fe22e64 Print a best practices message if any plaintext port is open (eg 6667). Ports that listen on 127.0.0.1 or ::1 are ignored (useful for e.g. services) Bram Matthys 2025-07-26 15:57:49 +02:00
  • d468473876 Add a comment about port 6667 in example.conf Bram Matthys 2025-07-26 14:43:41 +02:00
  • eae1a2e99a Remove some check for U4 (<4.0.16+). Shouldn't matter but otherwise one could possibly miss this cert verification warning. And since that will later become an error, it is even more important to notice such a (hopefully unusual) case quickly. Bram Matthys 2025-07-26 13:33:02 +02:00
  • 6b0d81fb77 Make a warning actually a warning Bram Matthys 2025-07-26 13:31:50 +02:00
  • a73186362b * Add link::options::no-certificate-verification * Code cleanup: split connect flags in CONNECT_OUTGOING_* and CONNECT_* * Don't print tls_link_notification_verify() stuff for localhost conns Bram Matthys 2025-07-26 13:25:47 +02:00
  • 26fb6b70d6 Fix localhost S2S link downgrading link-security. On the incoming side it was correctly identified as link sec 2, but on the outgoing side the localhost check failed and caused link sec 1 or 0. Bram Matthys 2025-07-26 13:22:21 +02:00
  • 8f23550122 Since 2017[*] we warn about active MITM risks if a cert of a server link is not verified. This changes the wording from "You may want to consider" to a warning, makes it more strong and that in the future we will reject this by default. Bram Matthys 2025-07-26 12:21:04 +02:00
  • fe569346b0 Call unrealircd_set_tls_groups() from url_unreal (remote includes) as well. For url_curl it seems too complicated, added a comment there. Bram Matthys 2025-07-25 14:03:54 +02:00
  • 6178e2b94f *** UnrealIRCd 6.2.0-beta2 *** Bram Matthys 2025-07-25 10:31:44 +02:00