This is UnrealIRCd 6.1.0 stable. It is the direct successor to 6.0.7, there will be no 6.0.8.

This release contains several channel mode +f enhancements and introduces a new channel mode +F which works with flood profiles like +F normal and +F strict. It is much easier for users than the scary looking mode +f.

UnrealIRCd 6.1.0 also contains lots of JSON-RPC improvements, which is used by the UnrealIRCd admin panel. Live streaming of logs has been added and the webpanel now communicates to UnrealIRCd which web user issued a command (eg: who issued a kill, who changed a channel mode, ..).

Other improvements are whowasdb (persistent WHOWAS history) and a new guide on running a Tor Onion service. The release also fixes a crash bug related to remote includes and fixes multiple memory leaks.

See the full release notes below. As usual on *NIX you can upgrade easily with the command: ./unrealircd upgrade

Enhancements:

  • Channel flood protection improvements:
    • New channel mode +F (uppercase F). This allows the user to choose a "flood profile", which (behind the scenes) translates to something similar to an +f mode. This so end-users can simply choose an +F profile without having to learn the complex channel mode +f.
      • For example +F normal effectively results in [7c#C15,30j#R10,10k#K15,40m#M10,8n#N15]:15
      • Multiple profiles are available and changing them is possible, see the documentation.
      • Any settings in mode +f will override the ones of the +F profile. To see the effective flood settings, use MODE #channel F.
    • You can optionally set a default profile via set::anti-flood::channel::default-profile. This profile is used if the channel is -F. If the user does not want channel flood protection then they have to use an explicit +F off.
    • When channel mode +f or +F detect that a flood is caused by >75% of "unknown-users", the server will now set a temporary ban on ~security-group:unknown-users. It will still set +i and other modes if the flood keeps on going (eg. is caused by known-users).
    • Forced nick changes (eg. by NickServ) are no longer counted in nick flood for channel mode +f/+F.
    • When a server splits on the network, we now temporarily disable +f/+F join-flood protection for 75 seconds (set::anti-flood::channel::split-delay). This because a server splitting could mean that server has network problems or has died (or restarted), in which case the clients would typically reconnect to the remaining other servers, triggering an +f/+F join-flood and channels ending up being +i and such. That is not good because we want +f/+F to be as effortless as possible, with as little false positives as possible.
      • If your network has 5+ servers and the user load is spread evenly among them, then you could disable this feature by setting the amount of seconds to 0. This because in such a scenario only 1/5th (20%) of the users would reconnect and hopefully don't trigger +f/+F join floods.
    • All these features only work properly if all servers are on 6.1.0-rc1 or later.
  • New module whowasdb (persistent WHOWAS history): this saves the WHOWAS history on disk periodically and when we terminate, so next server boot still has the WHOWAS history. This module is currently not loaded by default.
  • New option listen::spoof-ip, only valid when using UNIX domain sockets (so listen::file). This way you can override the IP address that users come online with when they use the socket (default was and still is 127.0.0.1).
  • Add a new guide Running Tor Onion service with UnrealIRCd which uses the new listen::spoof-ip and optionally requires a services account.
  • JSON-RPC:
    • Logging of JSON-RPC requests (eg. via snomask +R) has been improved, it now shows:
      • The issuer, such as the user logged in to the admin panel (if known)
      • The parameters of the request
    • The JSON-RPC calls channel.list, channel.get, user.list and user.get now support an optional argument object_detail_level which specifies how detailed the Channel and User response object will be. Especially useful if you don't need all the details in the list calls.
    • New JSON-RPC methods log.subscribe and log.unsubscribe to allow real-time streaming of JSON log events.
    • New JSON-RPC method rpc.set_issuer to indiciate who is actually issuing the requests. The admin panel uses this to communicate who is logged in to the panel so this info can be used in logging.
    • New JSON-RPC methods rpc.add_timer and rpc.del_timer so you can schedule JSON-RPC calls, like stats.get, to be executed every xyz msec.
    • New JSON-RPC method whowas.get to fetch WHOWAS history.
    • Low ASCII is no longer filtered out in strings in JSON-RPC, only in JSON logging.
  • A new message tag unrealircd.org/issued-by which is IRCOp-only (and used intra-server) to communicate who actually issued a command. See docs.

Changes:

  • The RPC modules are enabled by default now. This so remote RPC works from other IRC servers for calls like modules.list. The default configuration does NOT enable the webserver nor does it cause listening on any socket for RPC, for that you need to follow the JSON-RPC instructions.
  • The blacklist-module directive now accepts wildcards, eg blacklist-module rpc/*;
  • The setting set::modef-boot-delay has been moved to set::anti-flood::channel::boot-delay.
  • We now only exempt 127.0.0.1 and ::1 from banning by default (hardcoded in the source). Previously we exempted whole 127.* but that gets in the way if you want to allow Tor with a require authentication block or soft-ban. Now you can just tell Tor to bind to 127.0.0.2 so its not affected by the default exemption.

Fixes:

  • Crash if there is a parse error in an included file and there are other remote included files still being downloaded.
  • Memory leak in WHOWAS
  • Memory leak when connecting to a TLS server fails
  • Workaround a bug in some websocket implementations where the WSOP_PONG frame is unmasked (now permitted).

 

 



Friday, May 5, 2023

« Back

Powered by WHMCompleteSolution