This is UnrealIRCd 6.1.0 stable. It is the direct successor to 6.0.7, there will be no 6.0.8.
This release contains several channel mode +f
enhancements and introduces a new channel mode +F
which works with flood profiles like +F normal
and +F strict
. It is much easier for users than the scary looking mode +f.
UnrealIRCd 6.1.0 also contains lots of JSON-RPC improvements, which is used by the UnrealIRCd admin panel. Live streaming of logs has been added and the webpanel now communicates to UnrealIRCd which web user issued a command (eg: who issued a kill, who changed a channel mode, ..).
Other improvements are whowasdb (persistent WHOWAS history) and a new guide on running a Tor Onion service. The release also fixes a crash bug related to remote includes and fixes multiple memory leaks.
See the full release notes below. As usual on *NIX you can upgrade easily with the command: ./unrealircd upgrade
Enhancements:
- Channel flood protection improvements:
- New channel mode
+F
(uppercase F). This allows the user to choose a "flood profile", which (behind the scenes) translates to something similar to an+f
mode. This so end-users can simply choose an+F
profile without having to learn the complex channel mode+f
.- For example
+F normal
effectively results in[7c#C15,30j#R10,10k#K15,40m#M10,8n#N15]:15
- Multiple profiles are available and changing them is possible, see the documentation.
- Any settings in mode
+f
will override the ones of the+F
profile. To see the effective flood settings, useMODE #channel F
.
- For example
- You can optionally set a default profile via set::anti-flood::channel::default-profile. This profile is used if the channel is
-F
. If the user does not want channel flood protection then they have to use an explicit+F off
. - When channel mode
+f
or+F
detect that a flood is caused by >75% of "unknown-users", the server will now set a temporary ban on~security-group:unknown-users
. It will still set+i
and other modes if the flood keeps on going (eg. is caused by known-users). - Forced nick changes (eg. by NickServ) are no longer counted in nick flood for channel mode
+f
/+F
. - When a server splits on the network, we now temporarily disable +f/+F join-flood protection for 75 seconds (set::anti-flood::channel::split-delay). This because a server splitting could mean that server has network problems or has died (or restarted), in which case the clients would typically reconnect to the remaining other servers, triggering an +f/+F join-flood and channels ending up being
+i
and such. That is not good because we want +f/+F to be as effortless as possible, with as little false positives as possible.- If your network has 5+ servers and the user load is spread evenly among them, then you could disable this feature by setting the amount of seconds to
0
. This because in such a scenario only 1/5th (20%) of the users would reconnect and hopefully don't trigger +f/+F join floods.
- If your network has 5+ servers and the user load is spread evenly among them, then you could disable this feature by setting the amount of seconds to
- All these features only work properly if all servers are on 6.1.0-rc1 or later.
- New channel mode
- New module
whowasdb
(persistentWHOWAS
history): this saves the WHOWAS history on disk periodically and when we terminate, so next server boot still has the WHOWAS history. This module is currently not loaded by default. - New option listen::spoof-ip, only valid when using UNIX domain sockets (so listen::file). This way you can override the IP address that users come online with when they use the socket (default was and still is
127.0.0.1
). - Add a new guide Running Tor Onion service with UnrealIRCd which uses the new listen::spoof-ip and optionally requires a services account.
- JSON-RPC:
- Logging of JSON-RPC requests (eg. via snomask
+R
) has been improved, it now shows:- The issuer, such as the user logged in to the admin panel (if known)
- The parameters of the request
- The JSON-RPC calls
channel.list
,channel.get
,user.list
anduser.get
now support an optional argumentobject_detail_level
which specifies how detailed the Channel and User response object will be. Especially useful if you don't need all the details in the list calls. - New JSON-RPC methods
log.subscribe
andlog.unsubscribe
to allow real-time streaming of JSON log events. - New JSON-RPC method
rpc.set_issuer
to indiciate who is actually issuing the requests. The admin panel uses this to communicate who is logged in to the panel so this info can be used in logging. - New JSON-RPC methods
rpc.add_timer
andrpc.del_timer
so you can schedule JSON-RPC calls, like stats.get, to be executed every xyz msec. - New JSON-RPC method
whowas.get
to fetch WHOWAS history. - Low ASCII is no longer filtered out in strings in JSON-RPC, only in JSON logging.
- Logging of JSON-RPC requests (eg. via snomask
- A new message tag
unrealircd.org/issued-by
which is IRCOp-only (and used intra-server) to communicate who actually issued a command. See docs.
Changes:
- The RPC modules are enabled by default now. This so remote RPC works from other IRC servers for calls like
modules.list
. The default configuration does NOT enable the webserver nor does it cause listening on any socket for RPC, for that you need to follow the JSON-RPC instructions. - The blacklist-module directive now accepts wildcards, eg
blacklist-module rpc/*;
- The setting set::modef-boot-delay has been moved to set::anti-flood::channel::boot-delay.
- We now only exempt
127.0.0.1
and::1
from banning by default (hardcoded in the source). Previously we exempted whole127.*
but that gets in the way if you want to allow Tor with a require authentication block or soft-ban. Now you can just tell Tor to bind to127.0.0.2
so its not affected by the default exemption.
Fixes:
- Crash if there is a parse error in an included file and there are other remote included files still being downloaded.
- Memory leak in WHOWAS
- Memory leak when connecting to a TLS server fails
- Workaround a bug in some websocket implementations where the WSOP_PONG frame is unmasked (now permitted).
Venerdì, Mag 5, 2023
Powered by WHMCompleteSolution