Florian Westphal [Mon, 25 May 2009 20:25:18 +0000 (22:25 +0200)]
enforce upper limit on maximum number of handled commands
reported on #ngircd: pasting lots of lines into a channel can kill off
many people on the channel if the read buffer is drained quickly enough
and the client-side TCP can't keep up with the incoming data.
This implements a throttling scheme:
- an irc client may send up to 3 commands per second before a one second
pause is enforced.
- an irc client may send up to 256 bytes per second before a one second
pause is enforced.
After discussion with Alexander Barton, server <-> server links are
treated specially: There is no artificial limit on the number of bytes
sent per second, and up to 10 commands are processed per second before
a pause is enforced.
It may be neccessary to make those limits tuneable to accomondate larger
networks, but for now they are compile time values.
Florian Westphal [Sun, 17 May 2009 19:32:53 +0000 (21:32 +0200)]
conn.c: fix NumConnections imbalance
New_Server() can call Conn_Close() in its error paths,
but that function decrements the number of current active
connections. Thus we need to increment it earlier.
security: fix remotely triggerable crash in SSL/TLS code
When a server is running with SSL/TLS support compiled in,
it is trivial to crash the server by sending an MOTD request
via another server in the network.
- ONLY servers without ssl/tls support compiled in are not affected.
Disabling SSL in the configuration (no ssl listening ports, etc)
does NOT help.
- servers that are running standalone (i.e., not connected to any
other servers) are not affected, either.
This affects all ngircd releases since ngircd 13 (earlier versions
have no SSL/TLS support).
Alexander Barton [Wed, 29 Apr 2009 00:13:27 +0000 (02:13 +0200)]
Debian: build ngircd-full-dbg package
In addition to the "ngircd" and "ngircd-full" packages a new package named
"ngircd-full-dbg" is build: this package contains all the features of the
"full" package but includes debug code and both the --debug and --sniffer
options and the resulting binaries are _not_ stripped.
When ngircd announces the list of currently known servers
to a new (connecting) server, it sent the introducer of
the servers instead of the top server.
When irc4 connects to irc3, irc3 tells irc4 that irc5 was
connected to irc2. (irc2 had introduced irc5 to irc3; but thats
not what ngircd should have sent to the new server).
Alexander Barton [Fri, 10 Apr 2009 11:22:03 +0000 (13:22 +0200)]
Display IPv6 addresses as "[<addr>]" when accepting connections.
With this patch ngIRCd displays IPv6 addresses as "[<addr>]:<port>" when
accepting new connections and later, if no successful DNS lookup could
be made (or DNS is disabled altogether).
Alexander Barton [Sun, 29 Mar 2009 14:37:06 +0000 (16:37 +0200)]
Updated Debian/Linux init script
- PidFile, ServerUID and ServerGID are read from actual server configuration
- Exit code and behaviour is more LSB compliant
- New "status" and "test" sub-functions
Don't echo multiple syntax error messages (461) on invalid commands,
but break after the first one.
In addition, this solves corrupted 'Unknown mode "+' messages.
TLS/SSL: remove useless error message when ssl connection is closed
When using OpenSSL, the following annoying "error" message was logged whenever
an encrypted connection was shut down in a orderly fashion:
TLS/SSL Connection shutdown: ConnSSL_Read: Unable to determine error
The result is that when a compressed AND encrypted server link goes down
the memory allocated by zlib and the r/w buffers are no longer
free'd as the previous ConnSSL_Free() would then also remove the CONN_ZIP flag
from the flag mask.
Support individual channel keys for pre-defined channels.
This patch introduces the new configuration variable "KeyFile" for
[Channel] sections in ngircd.conf. Here a file can be configured for each
pre-defined channel which contains individual channel keys for different
users. This file is line-based and must have the following syntax:
<user>:<nick>:<key>
<user> and <nick> can contain the wildcard character "*".
Please not that these channel keys are only in effect, when the channel
has a regular key set using channel mode "k"!
- Change Copyright to License
- Update URL
- Make BuildRoot use %{_tmppath} macro
- Add basic BuildRequires
- Compile with zlib and openssl
- Install all docs in standard document location
Xcode: get release number dynamically; new make target "xcode-clean".
- make target "xcode" now detects the release number stored in the
configure.in file and passes it to Xcode.
- new make target "xcode-clean" which removes all files generated by
"make xcode" and removes the Xcode build directory.
Florian Westphal [Wed, 17 Dec 2008 22:27:25 +0000 (23:27 +0100)]
use %ld as format specifier for posix data types
in the same vein as the earlier commit:
cast posix data types (pid_t, ...) to long and use
%ld as format specifier. This will avoid problems
when sizeof(int) != sizeof(type).
We could also cast to int, but this might truncate the value.
Alexander Barton [Fri, 21 Nov 2008 20:31:29 +0000 (21:31 +0100)]
Fix double minus signs in manual pages
This patch fixes the following lintian(1) warning: "Manual page seems
to contain a hyphen where a minus sign was intended. '-' chars are
interpreted as hyphens (U+2010) by groff, not as minus signs (U+002D).
Since options to programs use minus signs (U+002D), this means for
example in UTF-8 locales that you cannot cut&paste options, nor search
for them easily. '-' must be escaped ('\-') to be interpreted as minus."
Alexander Barton [Thu, 20 Nov 2008 22:50:26 +0000 (23:50 +0100)]
Change formatting of some log messages
- Fix formatting of some log messages, mostly punctuation.
- cb_Connect_to_Server(): don't use string concatenation, because it
is not supported by pre-ANSI C compilers ...
Alexander Barton [Wed, 19 Nov 2008 18:11:39 +0000 (19:11 +0100)]
New configuration option "NoIdent" to disable IDENT lookups
The new configuration option "NoIdent" in ngircd.conf can be used to
disable IDENT lookups even when the ngIRCd daemon is compiled with IDENT
lookups enabled.
Alexander Barton [Wed, 19 Nov 2008 17:13:03 +0000 (18:13 +0100)]
Implement the IRC command "SERVLIST"
The IRC command "SERVLIST" lists all the registered services, see RFC 2811, section 3.5.1.
The syntax is "SERVLIST [<mask> [<type>]]". The parameter <type> is not used by ngIRCd at
the moment, all registered services are of type 0 (which is the default when omitted).
Alexander Barton [Mon, 17 Nov 2008 22:27:06 +0000 (23:27 +0100)]
Create local &SERVER channel and log server messages to it
ngIRCd now creates a server-local channel &SERVER with channel modes
+mnPt (moderated, no messages from outside the channel, persistent and
with the topic locked) and logs all the messages to it that a user with
mode +s ("server messages") receives.
If an IRC operator withdraws the +P ("persistent") mode and the &SERVER
channel is freed because of no members, nothing special happens. The
channel can be recerated any time later and ngIRCd would begin logging
to it again.
Alexander Barton [Thu, 13 Nov 2008 23:42:58 +0000 (00:42 +0100)]
Implement local channels (prefix "&")
This patch implements server-local channels, prefix "&", that are only
visible to users of the same local server and not in the network.
Patch written by Scott Perry (2008-06-04), see:
- http://arthur.barton.de/cgi-bin/bugzilla/show_bug.cgi?id=87
- http://arthur.barton.de/cgi-bin/bugzilla/attachment.cgi?id=24&action=view
Alexander Barton [Thu, 13 Nov 2008 22:17:32 +0000 (23:17 +0100)]
Added some missing files of GIT tree to distribution archives
The following bits and bytes were not included in distribution archives:
- contrib: ngindent, ngircd.sh
- contrib/Debian: ngircd.postinst
- contrib/MacOSX: preinstall.sh, postinstall.sh
- doc/src: Doxyfile, header.inc.html, footer.inc.html, ngircd-doc.css
- src/portab: splint.h
Alexander Barton [Thu, 13 Nov 2008 21:46:06 +0000 (22:46 +0100)]
Test suite: start two servers and test server-server links
I changed the test suite to start two test servers (on port 6789 and 6790),
so server-server links can be tested as well for which I included the new
test script "server-link-test.e".
In addition the documentation of the test suite (src/testsuite/README) has
been updated and is more complete now.
Alexander Barton [Wed, 12 Nov 2008 00:23:33 +0000 (01:23 +0100)]
Connection counter: count outgoing connections as well.
This patch lets ngIRCd count outgoing connections as well as incoming
connections (up to now only outgoing connections have been counted). This
change is required because the Conn_Close() function doesn't know whether
it closes an outgoing connection or not and therefore would decrement the
counter below zero when an outgoing connection existed -- which would
trigger an assert() call ...
Please note that this patch changes the (so far undocumented but now fixed)
behaviour of the "MaxConnections" configuration option to account the sum
of the in- and outbound connections!
Alexander Barton [Tue, 11 Nov 2008 22:10:52 +0000 (23:10 +0100)]
Ignore numeric 020 ("please wait while we process your coinnection")
Some servers send the numeric 020 ("please wait while we process your
connection") when a client connects. This is no useful information for
this server, so we simply ignore it :-)