-Release Notes for ircu2.10.10
+Release notes for ircu2.10.12
+Last updated: 1 Sep 2005
+Written by Michael Poole <mdpoole@troilus.org>
+Based on earlier documents by Kev <klmitch@mit.edu> and
+Braden <dbtem@yahoo.com>.
+
+This document briefly describes changes in ircu2.10.12 relative to
+ircu2.10.11. ircu2.10.12 is only compatible with servers that
+implement the P10 protocol. It has been tested to link against
+ircu2.10.11, but some features (notably IPv6 support and oplevels) are
+not supported by ircu2.10.11.
+
+Semantic Changes (TAKE NOTE):
+
+Channel keys and passwords (see the "oplevels" enhancement below)
+listed in a JOIN are now only checked against the corresponding
+channel. In ircu2.10.11, "JOIN #a,#b key" would attempt to use "key"
+as the key for both #a and #b. ircu2.10.12 will only attempt to use
+it as the key for #a. ircu2.10.12's behavior matches that documented
+in RFC 1459.
-This is a brief description of the changes we have made to the server
-since the release of ircu2.10.07.
+Enhancements:
-This is the first Undernet server that is fully P10, it is no longer
-compatible with older P9 only servers. The server has been verified
-to be compatible with Undernet server versions 2.10.06 and above.
+The configuration file format has changed to one that is easier to
+read. It is based on the configuration parser found in ircd-hybrid.
+As usual, an example configuration file can be found in the doc
+subdirectory.
+
+ircu now supports IPv6 clients. If your operating system provides
+IPv6 socket support, ircu can accept connections on IPv6 addresses.
+Even if your operating system does not support IPv6 sockets, you can
+link (using IPv4) to a server that has IPv6 clients, and ircu will
+treat the IPv6 clients correctly.
+
+The DNS resolver has been replaced with a streamlined version (also
+from ircd-hybrid) that avoids some of the complications from using
+the full libresolv or adns libraries.
+
+The server can query an IAUTH external authorization server. The
+protocol is described in doc/readme.iauth. This allows an external
+program to accept or reject any client that connects to the server
+and allows that external program to assign an account stamp to the
+incoming user.
+
+A new feature called "oplevels" has been added. It uses new channel
+keys (+A for the administrator, +U for users) to grant chanop status
+when you join using those keys. Part of this channel protection is
+that you cannot be deopped in channel by someone who you opped.
+
+A new channel mode, +D, has been added for auditorium-style channels.
+These are channels where most users listen but do not speak or receive
+ops or voice. The effect of +D is that the server waits to send the
+JOIN message for new users until the user gets ops or voice or sends a
+message to the channel. A list of join-delayed users in a channel may
+be retrieved by using /NAMES -d #channel. The response to /NAMES -d
+uses the same format as numeric 353, but uses numeric 355 instead. If
+an op removes +D while there are still join-delayed users, the server
+automatically sets mode +d, and removes +d when the last user's join
+is shown. It is not possible to set channel mode +d manually; its
+purpose is to warn channel users that there are "hidden" users in the
+channel.
+
+More than one hashing mechanism is now supported for oper passwords,
+and a new tool (ircd/umkpasswd) is provided to generate them.
+
+Commands that send messages to specified services may be defined in
+the configuration file by using Pseudo blocks. This lets users use
+commands like /X or /CHANSERV from their client, without tying the
+admin to a particular arrangement or naming of services.
+
+The /stats command accepts string identifiers in addition to
+single-character identifiers. For example, "/stats access" shows the
+same data as "/stats i". Supported names are shown by /stats. New
+/stats options are: /stats a (nameservers), to list DNS nameservers in
+use; /stats L (modules), to list loaded modules; and /stats R
+(mappings), to list privmsg helper commands defined by Pseudo blocks.
+By default, all of these are hidden from normal users.
+
+Client blocks (previously I: lines), Operator blocks (previously O:
+and o: lines), channel bans and silences may use CIDR notation instead
+of simple wildcards. You may also have silence exceptions by putting
+'~' before the mask; for example, if you wish to silence everyone
+except X, you could use SILENCE *!*@*,~X!cservice@undernet.org.
+
+The server will no longer kick "net riders" in keyed (+k) channels if
+both sides of the net join have the same key.
+
+IP masks (as used in bans, G-lines, etc) are now parsed in a more
+forgiving manner. 127.0.0.0/8, 127.* and 127/8 are all accepted and
+mean the same thing. Ambiguous expressions like 127/8 are interpreted
+as IPv4 masks; to interpret it as an IPv6 mask, use 127:/8.
-Enhancements:
-All server to server communications use tokenization and numeric id's,
-this reduces the bandwidth requirements approximately 10-20%.
+Configuration Changes:
-Much of the network code has been rewritten and many old bugs relating
-to the networking core of the server have been fixed.
+As mentioned above, the configuration file format has changed
+radically. Please consult doc/example.conf for details on the
+new format. Some prominent changes follow.
-The port handling code has been rewritten to allow much better control
-over listeners.
+The old contents of H: lines have been merged into the Connect block
+that describes the peer server(s) that should be allowed to hub.
-The server supports extended numerics which theoretically would allow
-the entire population of the planet to participate on a network without
-running out of unique values.
+Two default virtual host addresses may be specified, one for IPv4
+sockets and one for IPv6 sockets.
-Added ISUPPORT messages on client connects to allow client coders to
-detect network specific enhancements to the client protocol.
+Nickname jupes have their own blocks, and do not share structure with
+UWorld server declarations.
-Server aliasing and virtual hosting (port forwarding) are available for
-larger DoS attack prone networks. This will be improved in the next
-release.
+Operator connection classes and individual operator blocks may be
+assigned privileges, rather than having them controlled globally.
+Because of this, the feature settings that controlled the privileges
+globally have been removed.
-Status messages are sent to connecting clients so connections don't
-seem to hang during client registration.
+The maximum number of clients allowed per IP may be set in a Client
+block (the equivalent of C: lines).
-The server now uses a bit less memory and cpu under full load, we
-estimate around a 10% improvement in resource usage over the previous
-version.
+New feature settings (see doc/readme.features for explanations):
+ANNOUNCE_INVITES, HIS_STATS_L, HIS_STATS_a, HIS_STATS_R,
+LOCAL_CHANNELS, TOPIC_BURST.
-Configuration Changes:
-Please read example.conf in the doc directory for detailed information
-on various configuration options.
-Virtual host IP addresses are now in the password field of the server M:line,
-there is no longer a command line option for specifying them. This is the
-address the server will bind to for all outgoing server to server connections.
-The port field of the server M:line is no longer used and is ignored when
-the server reads the configuration file, server ports are now specified
-only on P:lines.
-The server ignores N:lines, C:lines are used for all connect server
-information now. This means that the passwords for both sides of the
-connection must match, this change does not degrade server connection
-security of the existing protocol.
-There are several new configuration options for P:lines (listener ports).
+Deleted features, since they had no effect even in 2.10.11: AUTOHIDE,
+HIS_DESYNCS, TIMESEC.
+
+Deleted features since they are now controlled by other configuration
+entries: VIRTUAL_HOST, oper and locop privilege features.
+
+Deleted feature since it no longer applies: HIS_STATS_h.
Compile Time Options:
-If you are planning on hosting more than 1000 clients on your server
-we recommend that you do not turn on asserts and heap checking or
-debug messages. This is known to cause problems.
-There are several new compile time options that you will automatically
-be prompted for when you configure the server which should be self
-explanitory.
-
-Undocumented Features:
-Every Undernet server released has had at least one undocumented
-feature ;-) Here are a few of the ones available in ircu2.10.10.
-I'm sure there are a few more we are unaware of, these are the ones
-we know about.
-To enable these you need to add them to the extra CFLAGS when you
-run make config.
--DEXTENDED_NUMERICS This option configures the server to send
-extended numerics as well as parse them. This option should only
-be used on networks that run ircu2.10.07 and above only.
--DFERGUSON_FLUSHER If you have a server with a lot of resources
-available this option will cause the server to attempt to flush
-it's internal buffers before dropping clients during a netbreak.
-Don't define this if you don't know, if you're not careful this
-can end up rebooting FreeBSD boxes.
--DWALLOPS_OPER_ONLY Setting this option removes the ability for
-clients that are not opered to see wallops messages.
+
+A listing of supported compile-time options may be seen by running
+"./configure --help". The defaults should be sane. In particular,
+you should NOT compile with --enable-debug or with --disable-symbols
+on a production network.
+
+Otherwise Undocumented Features:
+
+Despite our preferences to keep these undocumented, they are
+occasionally useful, and are described here for users who may
+need them.
+
+To enable these, you need to add them to CFLAGS prior to running
+./configure, usually as in: CFLAGS="-O2 -D<option>" ./configure
+
+-DNICKLEN=20
+
+ This allows you change the maximum nick length from 15 to 20 (or
+whatever number you use at the end). It MUST be the same on all
+servers on your network, or bad things will happen. You should also
+use the NICKLEN feature in ircd.conf.
+
+-DNOTHROTTLE
+ This disables the throttling code. This is used for debugging
+*only*. It lets you connect up to 255 clients from one host with no
+time considerations. If this is enabled on a production server Kev will
+personally drive your server into the ground. You have been warned.
+
Operating System and Kernel Requirements:
-If you plan allowing more than 1000 clients on your server, you
-may need to adjust your kernel resource limits for networking
-and I/O. There are two things you will need to pay particular
-attention to, the number of file descriptors available and the
-number of buffers the kernel has available to read and write
-data to the file descriptors.
-
-To calculate kernel buffer requirements a good place to start
-is to multipy the expected number connections expected on the machine
-by the amount of data we buffer for each connection.
-Doubling the result of the above calculation and dividing it by the
-size of the buffers the kernel uses for I/O should give you a starting
-place.
-
-The server uses 2K kernel buffers for clients, and 64K kernel
-buffers for servers (actual use may be somewhat higher).
+
+If you plan allowing more than 1000 clients on your server, you may
+need to adjust your kernel resource limits for networking and
+I/O. There are two things you will need to pay particular attention
+to, the number of file descriptors available and the number of buffers
+the kernel has available to read and write data to the file
+descriptors.
+
+To calculate kernel buffer requirements a good place to start is to
+multiply the expected number connections expected on the machine by
+the amount of data we buffer for each connection. Doubling the result
+of the above calculation and dividing it by the size of the buffers
+the kernel uses for I/O should give you a starting place.
+
+The server uses 2K kernel buffers for clients, and 64K kernel buffers
+for servers (actual use may be somewhat higher).
c_count - number of clients expected
c_q - number of bytes buffered for each client
If the client count is 2000 and the server count is 1 (normal leaf)
and your server uses 2K as an I/O buffer size:
-You need (2 * (2000 * 2048 + 1 * 65536)) / 2048 or a minimum
-of 4064 buffers available, if the kernel uses 512 byte buffers you
-will need a minimum of 16256 kernel buffers.
+You need (2 * (2000 * 2048 + 1 * 65536)) / 2048 or a minimum of 4064
+buffers available, if the kernel uses 512 byte buffers you will need a
+minimum of 16256 kernel buffers.
+
+These settings may be a bit light for net-breaks under full client
+load you will need to experiment a bit to find the right settings for
+your server.
+
+FreeBSD --WildThang
-These settings may be a bit light for netbreaks under full client load
-you will need to experiment a bit to find the right settings for your
-server.
+You may want to increase your kernel resources if you want to put a
+lot of clients on your machine here are a few values to start with:
-FreeBSD
-You may want to increase your kernel resources if you want to put
-a lot of clients on your machine here are a few values to start with:
CHILD_MAX=4096
OPEN_MAX=4096
FD_SETSIZE=4096
NMBCLUSTERS=8096
+If you have trouble connecting *out* from your machine try:
+ sysctl -w net.inet.ip.portrange.last=10000
+
+Solaris 2.6 --Tar
+
+Increase the default hard limit for file descriptors in /etc/system:
+
+set rlim_fd_max = 4096
+
+The server will raise the soft limit to the hard limit.
+
+Linux 2.2 -- [Tri]/Isomer
+
+The kernel has a kernel destination cache size of 4096. If the kernel
+sees more than 4096 IP's in 60s it warns 'dst cache overflow'. This
+limit can be changed by modifying /proc/sys/net/ipv4/route/max_size.
+A patch to select is also recommended if you have regular poll/select
+errors.
projects / ircu2.10.12-pk.git / blobdiff