The io_event_create error handling seems to miss a 'return'
statement.
Fix this by moving io_event_create() call around so we do not
need the Conn_Close/Init calls in the error case.
When the write buffer space grows too large, ngircd has to disconnect
the client to avoid wasting too much memory.
ngircd logs this with a scary 'write buffer overflow' message.
Change this to a more descriptive wording.
When enabled, this configuration option lets ngIRCd send a PING with an
numeric "token" to clients logging in; and it will not become registered
in the network until the client responds with the correct PONG.
This is used by QuakeNet for example (ircu/snircd), and looks like this:
NICK nick
:irc.example.net PING :1858979527
USER user . . :real name
PONG 1858979527
:irc.example.net 001 nick :Welcome to the Internet Relay Network ...
This patch
- makes the server write buffer bigger: 64k,
- makes the regular write buffer bigger: 32k,
- tries to flush the write buffer starting at 4K.
Before this patch, a client got disconnected if the buffer flushing at 4k
failed, now regular clients can store up to 32k and servers up 64k even
if flushing is not possible at the moment (e.g. on slow links).
ngircd unfortunately uses several options using double-negation, e.g.
NoIdent = No, NoPam = No, etc.
This renames all options by dropping the "No" prefix, e.g.
"NoIdent = no" becomes "Ident = yes".
The old options will continue to work, but will cause a warning
message.
Also update man pages and default config.
To prevent silly
'Ident = yes' from appearing in --configtest output in the
'ident support not compiled in and Ident Option not used' case,
make default value depend on feature availability.
If feature is available, enable by default, otherwise disable.
We might consider moving these options to a new
[Feature]
section, or something like that, because none of these options are
essential.
Another possible improvement:
'Ident = yes' option in ngircd.conf causes a warning if ngircd was
built without ident support.
This does not happen with e.g. zeroconf....
If a hostname resolves to more than one IP address (round-robin DNS,
IPv4 and IPv6) and an attempt to connect to the first address fails,
ngIRCd should try to connect to the 2nd address, 3rd address etc.
But because of a wrong variable used in the call to New_Server(),
the wrong server structure has been used in further connection attemps
which possibly lead to connection attempts to already connected servers.
This allows to compile ngIRCd using a pre-ANSI K&R C compiler again:
all source files are automatically converted by the included ansi2knr
program (of GNU automake/autoconf) before compiling them with the
K&R C compiler, but a few coding standards must be met.
Tested on Apple A/UX 3.x.
Regression testing on Linux and Mac OS X.
now that the main signal handling is done from the dispatcher
loop we can call NGIRCD_Rehash() directly.
the /REHASH handler can queue the Rehash() function for
execution by sending a SIGHUP. It will be run when we
return back to the dispatch loop.
Allows to defer/queue signal processing for execution on the next
event dispatch call, i.e. we can perform any signal action in
normal, non-signal context.
Example uses:
- Reload everything on HUP without writing a global "SIGHUP_received"
variable
- Dump status of internal Lists on SIGUSR1, etc.
Fix synchronization of established connections and configured server
structures after a configuration update:
- Not only test servers that already have a connection, but also check
and update configured servers to which a new connection is beeing
established (SERVER_WAIT state).
- And do the server name comparision case-insensitive.
Let CheckServers() not only skip servers that already have a
connection, but also skip servers to which a new connection is
already beeing established (SERVER_WAIT state).
This fixes PING-PONG lag calculation (which resulted in "0" before).
The "lastping" time is still reset it if a time shift backwards has
been detected to prevent the daemon from miscalculating ping timeouts.
This avoids a race and potentionally killing the wrong process on
systems that use randomized process IDs; now the child itself is
responsible to exit in a timely manner using SIGALRM.
The logic isn't as described in the source and intended by this code:
ngIRCd doesn't wait for the asynchronous resolver process until the set
penalty time is over, but until the forked process terminates or the
initial connection timeout (= PongTimeout) triggers.
So don't set the penalty time at all and remove the wrong comment.
We want to use this process status variable not only for the
resolver subprocesses but other asynchronous tasks as well;
so let's name it more generic.
The new "module" proc.c is used for functions dealing with child
processes. At the moment, it is only used by the asynchronous resolver.
All the functions already implemented habe been migrated from the
resolver code base, and the rest of the ngIRCd source code has been
adepted to the new namespace and calling conventions.
The goal is to develop "generic" process handling functions that can
be used for other purposes as well, e.g. running processes on client
connects etc.
When we get there then the ssl handshake has failed, or
we could not create a ssl context because ssl library
initialization failed on startup.
Reflect that in the log message.
When ngIRCd restarts, all the connection counters are preserved now,
as well as the command counters for example.
It's unclear if resetting or not resetting is the "correct" behaviour,
but it's quite clear that the behaviour should be consistent for all the
counters ngIRCd uses ...
And initializing "WCounter", the global but temporary write counter,
is not necessarry at all: it is initialized (reset) before its use in
the command parser (see parse.c).
This patch enables ngIRCd to count the highest maximum simultaneous
connections and all the connections accepted since startup.
New functions:
- Conn_Count(): get current connections
- Conn_CountMax(): maximum simultaneous connections
- Conn_CountAccepted(): number of connections accepted
This fixes the following error when compiling on e.g. FreeBSD 6.x:
In file included from conn.c:40:
/usr/include/netinet/ip.h:160: error: syntax error before "n_long"
/usr/include/netinet/ip.h:163: error: syntax error before "n_long"
This patch fixes two warnings of gcc 4.4.3 when used with eglibc 2.11.1:
ngircd.c: In function ‘NGIRCd_Init’:
ngircd.c:801: warning: ignoring return value of ‘chdir’, declared with
attribute warn_unused_result
conn.c: In function ‘Simple_Message’:
conn.c:2041: warning: ignoring return value of ‘write’, declared with
attribute warn_unused_result
The first by checking the return code and an appropriate error message,
the second by "better" ignoring it (which is correct there!) ...
The WEBIRC command is used by some Web-to-IRC gateways to set the correct
user name and host name of users instead of their own.
Syntax: WEBIRC <password> <username> <hostname> <ip-address>
The <password> must be set using the new configuration variable "WebircPassword" in the [Global] section of ngircd.conf.
Please note that the <ip-address> is currently not used by ngIRCd (we don't store it in the CLIENT structure, only the resolved hostname).
A configured server could have been removed while a connection apptempt
is still in progress. So the cb_connserver() callback has to test if the
server configuration record is still valid.
if more than one ip address is returned for a single host
name, ngircd is supposed to try other addresses in case
connect() to the first address returned fails for some
reason.
Alexander Barton noticed that this did not work at all,
as the additional results were not stored.
reported on #ngircd: pasting lots of lines into a channel can kill off
many people on the channel if the read buffer is drained quickly enough
and the client-side TCP can't keep up with the incoming data.
This implements a throttling scheme:
- an irc client may send up to 3 commands per second before a one second
pause is enforced.
- an irc client may send up to 256 bytes per second before a one second
pause is enforced.
After discussion with Alexander Barton, server <-> server links are
treated specially: There is no artificial limit on the number of bytes
sent per second, and up to 10 commands are processed per second before
a pause is enforced.
It may be neccessary to make those limits tuneable to accomondate larger
networks, but for now they are compile time values.
New_Server() can call Conn_Close() in its error paths,
but that function decrements the number of current active
connections. Thus we need to increment it earlier.
When a server is running with SSL/TLS support compiled in,
it is trivial to crash the server by sending an MOTD request
via another server in the network.
- ONLY servers without ssl/tls support compiled in are not affected.
Disabling SSL in the configuration (no ssl listening ports, etc)
does NOT help.
- servers that are running standalone (i.e., not connected to any
other servers) are not affected, either.
This affects all ngircd releases since ngircd 13 (earlier versions
have no SSL/TLS support).
With this patch ngIRCd displays IPv6 addresses as "[<addr>]:<port>" when
accepting new connections and later, if no successful DNS lookup could
be made (or DNS is disabled altogether).
- Fix formatting of some log messages, mostly punctuation.
- cb_Connect_to_Server(): don't use string concatenation, because it
is not supported by pre-ANSI C compilers ...
The new configuration option "NoIdent" in ngircd.conf can be used to
disable IDENT lookups even when the ngIRCd daemon is compiled with IDENT
lookups enabled.
This patch lets ngIRCd count outgoing connections as well as incoming
connections (up to now only outgoing connections have been counted). This
change is required because the Conn_Close() function doesn't know whether
it closes an outgoing connection or not and therefore would decrement the
counter below zero when an outgoing connection existed -- which would
trigger an assert() call ...
Please note that this patch changes the (so far undocumented but now fixed)
behaviour of the "MaxConnections" configuration option to account the sum
of the in- and outbound connections!
Config option claimed to be 'number of connections' but in reality this
was treated as 'largest file descriptor allowed'.
This also fixes another bug in New_connection, where the
ng_ipaddr_tostr_r error path was missing a return statement.
Up to now ngIRCd accepted CR+LF as well as a single CR or LF in "non RFC
compliant" mode (the default). But ngIRCd became confused when it received
data containing mixed line endings (e. g. "111\r222\n333\r\n").
This patch enables ngIRCd (in "non RFC compliant" mode) to detect CR+LF,
CR, and LF as equally good line termination sequences and to always end the
command after the first one detected.
Some clients (for exmaple Trilian) are that ... broken to send such mixed
line terminations ...
First patch proposed by Scott Perry <scperry@ucsd.edu>,
Thanks to Ali Shemiran <ashemira@ucsd.edu> for testing!
In addition, the "timeout" variable has been removed because it is
unnecessary today: Handle_Buffer() handles all the data it can handle,
and io_dispatch() returns immediately when new data is available. So
we don't have to double-check but better sleep. Pointed out by Florian.
this also obsoletes ListenIPv4 and ListenIPv6 options.
If Listen is unset, it is treated as Listen="::,0.0.0.0".
Note: ListenIPv4 and ListenIPv6 options are still recognized,
but ngircd will print a warning if they are used in the config file.
Also, some plattforms require that ai_socktype
is set in the getaddrinfo() hints structure.
Code cleanup and fix for Bug #83, "ngIRCd chokes on 1-character messages" in
function Handle_Buffer(): the buffer is now correctly cleared when ngIRCd
receives 1-character messages terminated with either CR or LF (in violation
to RFC 2812, section 2.3 "Messages", 5th paragraph).
all references to struct sockaddr/in_addr have been
removed from src/ngircd.
libngipaddr (in src/ipaddr/) hides all the gory details.
See src/ipaddr/ng_ipaddr.h for API description.
struct Conf_Server stored the ip address to connect to
in dotted-decimal notation; but we only need this for connect()
so long-time storage isn't necessary.
Florian Westphal