1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 05:03:12 +02:00
Files
unrealircd/doc/RELEASE-NOTES
T
2019-04-30 09:23:44 +02:00

122 lines
6.9 KiB
Plaintext

UnrealIRCd 4.2.3 Release Notes
===============================
This UnrealIRCd release adds new modules to combat drones, it bumps the
default concurrent user limit, and UnrealIRCd can now easily deal with
1 million *LINE's placed on *@IP without any noticeable performance impact.
There is also one important change with regards to old style 'posix'
spamfilters (see under "Deprecated"), these will raise a warning but
will continue to work for now.
Enhancements:
* New optional modules 'reputation' and 'connthrottle' to fight drones:
* The 'reputation' module will learn what users (IP addresses) are
frequently seen on your server and classify these as "known IP's".
For every 5 minutes that someone is connected, the IP address receives
+1 point. IP's with registered users receive +2 points per 5 minutes.
An IRCOp can /WHOIS a user to view this "reputation score".
The "/REPUTATION nick" and "/REPUTATION ip" commands are also available.
Note that the reputation score is capped at a maximum of 10000 and
entries expire if the IP has not been seen online for 30 days (or
even sooner for very low reputation scores).
* The 'connthrottle' module puts users in one of these two groups:
* "known users" with IP addresses that have been online before on
your network for some time. By default: 2+ hours past 30 days.
* "new users" who have not been seen online before (or too short).
Users in the "known users" group can connect without any limitation.
Similarly, users who authenticate to services using SASL can also
always get in. However, "new users" can be limited, for example
at a maximum rate of 20 "new users" per minute.
The end result and goal is that in case of a drone attack, 99% of
your regular users can still connect as usual. This, while drones
and other unknown IP's are limited at, for example, 20 per minute.
By limiting the connection rate for drones and other unknown users
the damage is limited. It also gives IRCOps a chance to react and
take additional countermeasures, if possible.
* The modules are not loaded by default. If you want to use them,
then have a look at their example configuration in the file
conf/modules.optional.conf
* The reputation module needs to be running for some time before it
contains a meaningful database of "known users". Therefore the
connthrottle module will be disabled until the reputation module
has gathered sufficient data. This defaults to 1 week.
* Full documentation: https://www.unrealircd.org/docs/Connthrottle
* On *NIX we now default to 'auto' mode to discover MAXCONNECTIONS.
On systems that support it this means UnrealIRCd supports up to 8192
connections by default. It automatically falls back to a lower value
such as 2048 or 1024 if the user account has a lower limit or if the OS
does not support it. We recommend users to no longer set any specific
value in ./Config and just leave it at 'auto'. If you want to see the
effective limit, then look at this message when you start the server
on the console: "This server can handle XYZ concurrent sockets".
* UnrealIRCd now uses a technique that makes KLINE's, GLINE's and (G)ZLINE's
placed on individual IP's (*@IP) extremely fast. Just to illustrate:
* Previously it took 129 seconds to add 100k ZLINE's, now it takes 2.5 secs.
* Checking a connection against 100,000 ZLINE's is now 250 times faster.
* Previously 7,500 clients could connect per minute, now 33,560 per minute.
* Even with 1 million ZLINE's on *@IP it can handle 30,000 connections p/m.
* Rejecting Z-lined users is even faster at 435,000 connections per minute
with 100,000 active ZLINE's.
Benchmarked on a 2GHz Intel Xeon Skylake CPU with Linux 4.15.
To benefit from these speed improvements, just place a *LINE on *@IP.
* When the server has just been restarted, many users will reconnect and
rejoin channels. We now disable the join flood limit in channel mode +f
during the first 75 seconds since startup. This so the channel does not
become +i or +R due to "flooding". See:
https://www.unrealircd.org/docs/Set_block#set::modef-boot-delay
Deprecated:
* Spamfilter has 3 matching methods: 'simple', 'regex' and 'posix'.
The old method 'posix' is deprecated as this uses the TRE regex library
which contains bugs and has not been maintained for more than 10 years.
On *NIX the 'make install' script will try to upgrade the example
spamfilter.conf. This may not work if you have customizations in that
file or if it was originating from 3.2.x. Helpful warnings or error
messages are printed when you try to start UnrealIRCd, to guide the
user in this upgrade process. For details see:
https://www.unrealircd.org/docs/FAQ#spamfilter-posix-deprecated
https://www.unrealircd.org/docs/FAQ#old-spamfilter-conf
Major issues fixed:
* None
Minor issues fixed:
* Changing the set::anti-flood::invite-flood setting had no effect.
* Sometimes when a server (re)links to the network via 2+ connections it
could trigger a race condition where the server would be delinked again.
Module coders / Developers:
* We now compile with a lot more compiler warnings enabled by default.
Similarly, our Travis-CI compiles with --with-werror which enables the
-Werror compiler option, which you may want to use as well. This enables
the compiler to detect more possible bugs and sketchy code.
* Some modules still prepend DLLFUNC to functions. This is unnecessary.
* Similarly, if (!cep->ce_varname) is unnecessary, it never happens.
* The functions del_Command() and such have been removed. You never needed
to use this. Just use CommandAdd() and UnrealIRCd takes care of the rest.
* For command functions we encourage you to use CMD_FUNC(m_something),
this is not new. New is that we now also have something similar for
command overrides, namely: CMD_OVERRIDE_FUNC(override_something).
This way you don't have to type yourself the int parc, char *parv[] etc.
stuff and this way we can also easily change the passed parameters in
the future in an automatic way. Eg: provide more variables.
* If you use linked lists and you use AddListItem() or DelListItem() then
you should always have pointers to prev and next at the beginning of
your struct (and in that order!), otherwise you risk memory corruption.
Because this is an easy mistake to make we will now abort() we detect
such an error at runtime in AddListItem or DelListItem (on *NIX).
IRC protocol:
* Many things changed in previous release (4.2.2).
* No changes in this release.
Future versions:
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
in the summer of 2019. This will deny /OPER when used from a non-SSL
connection. For security, IRC Operators should really use SSL/TLS!
==[ CHANGES IN OLDER RELEASES ]==
For changes in previous UnrealIRCd releases see doc/RELEASE-NOTES.old or
https://raw.githubusercontent.com/unrealircd/unrealircd/unreal42/doc/RELEASE-NOTES.old