Hybrid-IRCD

From Netsoc Wiki
(Redirected from Hybrid)
Jump to: navigation, search


Hybrid IRCD is Intersocs' chosen IRC distribution. High Performance Internet Relay Chat. is the only documentation they provide on their website http://www.ircd-hybrid.org/, excluding of course their 1300-line monolithic example config file, which, like all fantastically designed software, has errors in its default config which cannot be fixed. Alas, it is evil, but it is Intersocs' traditional IRCD.

cubeirc.netsoc.tcd.ie/irc.netsoc.tcd.ie

The new IRCD on Cube is currently located at 134.226.83.25 with the A record cubeirc.netsoc.tcd.ie and CNAME irc.netsoc.tcd.ie. The main config file is known as ircd.conf and is located at /etc/ircd-hybrid/ircd.conf, and only readable as root and by members of the UNIX group irc as it contains password hashes (and sometimes plaintext passwords - beware) for the opers who manage the server.

ircd.conf

ircd.conf has very particular syntax rules which need to be obeyed. It supports

  • #shell comments
  • / C style comments*/
  • // C++ style comments

Configuration is stored inside blocks - serverinfo, for example. Each block opens with a left brace and closes with a right brace followed by a semicolon. Each config switch ends with a semicolon also, like all statements in C/C++/Java. For example:

serverinfo { name = "irc.netsoc.tcd.ie"; };

After having edited ircd.conf, it is necessary to run the /rehash command while connected to the IRCD as an oper, or invoke-rc.d ircd-hybrid reload on the cubeirc VM (134.226.83.25). For most things, however, some config directives do need a restart to function properly, for example, the SID (Server ID) in serverinfo{}. For this reason, a new IRCD must be extensively tested before going live as restarting disconnects ALL users and servers from the network.

serverinfo{}

The serverinfo config block is the first thing you'll see in your typical ircd.conf. It contains basic information such as the IRCD's name, its SID, and other important things.

  • name is the config switch for the name of the ircd. It takes a string value enclosed by double quotes.

Example: name="irc.netsoc.tcd.ie";

  • sid is the server's unique id, it is a 3 character string starting with a digit from [0-9] and 2 other characters can be any alphanumerical character.

Example: sid="1WO";

  • description is the server's description, which is another string enclosed in double quotes. It simply gives a brief description of the server.

Example: description="TCD Netsoc Intersocs Node";

  • network_name is the name of the network that this server is part of.

Example: network_name="Intersocs";

  • network_desc is the same as description - it just gives a brief description of the IRCD's network.

Example: network_desc="Intersocs IRC Network";

  • hub is the config switch for the IRCD to act as a hub. This allows it to connect to peer against multiple IRCDs at once. It takes a 'yes' or 'no' flag.

Example: hub = yes; Notice that the 'yes' is _not_ enclosed in double quotes.

  • max_clients takes a positive integer value and that is to be the maximum connected users for that IRCD.

Example: max_clients=512;

  • rsa_private_key_file is the path to the server's RSA secret key.

Example: rsa_private_key_file="/etc/ircd-hybrid/keys/ircd.key";

  • ssl_certificate_file is the location of the server's SSL cert.

Example: ssl_certificate_file = "/etc/ircd-hybrid/key/ircd.pem";

  • ssl_server_protocol THIS CONFIG SWITCH EITHER DOESN'T EXIST OR DOESN'T LIKE ME :(

It +apparently+ lets you select between using SSL or TLS for selecting a secure socket wrapping method, but doesn't seem to work and defaults to TLS.

admin{}

The admin block is a lot more easy going than serverinfo with only 3 config switches for use in the /admin IRC command.

  • name The name of the admin of the server. Example: name = "Intersocs Server IRC Admin";.
  • description A field to provide further information about the admin(s) of the server.
  • email An e-mail address to contact the admin.

log{}

The log block describes how the IRCD conducts logging - a very import piece of config.

  • use_logging is the main logging switch, just a yes or no flag.

Example: use_logging = yes;

  • fname_{user,oper,kill,kline,gline}log are switches which hold the path to the different logs. Example: fname_userlog="/etc/ircd-hybrid/logs/userlog";.

class{}

The class block is a bit interesting. This block allows you to put different connections into different classes which dictate how the server may act to different users. For example, it is possible to create a class for opers with a ping timeout of 10 minutes and a class for users with a ping timeout of 3 minutes. The main use is to separate servers from clients as they have different needs.

  • name this is the name which is used to differentiate between different classes. Example: name="servers";.
  • ping_time this is the grace period until which the user or server will be pinged. Example: ping_time = 3 minutes;. ircd.conf allows you to use seconds, minutes,

hours, days, weeks and months as units of time. Quite nice I dare say.

  • ping_warning is a time setting after which the opers are warned that a server or user hasn't ponged back. Only should be used on the server class to avoid spam. Example: ping_warning=15 seconds;.
  • sendq the send queue is the amount of data that the client is allowed to pile up before packets start getting dropped. This varies very differently between servers and users. Example: sendq = 100 kbytes;. ircd.conf allows you to use megabytes/mbytes/mbs,kilobytes/kbytes/kbs, bytes and their non plural forms to describe size of data.
  • connectfreq is the delay before the server reconnect to another server which has split. Example: connectfreq = 5 minutes;.
  • max_number is the maximum number of clients allowed to be connected in that class. Only used in sever classes really. Example: max_number=1;.

listen{}

The listen block specifies the ports and hosts the server binds to. The server can bind to multiple ports and treat clients who connect them based on which ones they use. A port can be setup to only allow SSL or be hidden from a /stats command. Apparently it's possible to setup a server-only port, but either the documentation provided on this is incorrect or ircd.conf's parser is buggy.

  • host is the IP or hostname the server binds to. Example: server="0.0.0.0";.
  • flags is a switch which dictates the features available on the port configured _directly_ underneath it in the config. Example: flags=ssl;port=6667;. It must be placed before the port directive.
  • port specifies a port the server listens on. this switch can also take port ranges for example: port 6660 .. 6670 will reserve all the ports in that range for the IRCD.

auth{}

The auth block is a very important block as it sets from where users can connect, and what they need to have before they connect.

  • user contains the user's host and ident details, it dictates from where users can connect from and who can connect. For example if you wanted to only allow users from the netsoc.tcd.ie network, then you could set user = "*@*.netsoc.tcd.ie" or if you only want users who's idents start with a g to connect then you could set user = "g*@*".
  • class is the class of user that users connecting from the hosts which are set in the *user directive are put in. Example: class="users";.
  • flags describe the requirements and/or privileges for users connecting form a certain host. Example: flags="need_ident";. More options available in the example.conf attached at the bottom or linked somewhere above.

operator{}

The operator block sets up opers. This is a very important block as at least one oper is needed on an IRC server to maintain sanity amongst users and server configuration.

  • name the name of the operator is a setting that is used by the oper when authenticating, /oper *name password*. Example: oper="mloc";.
  • class is required here to set oper specific rules regarding their connection to the IRCD.
  • password is the password of the oper he uses to authenticate to the IRCD, on netsoc this must be encrypted using sha256. This is done by using the mkpasswd program available in the ircd-hybrid suite, if it's not in your PATH then it should be at /usr/local/sbin/mkpasswd. To make a password hash you need to run mkpasswd with argument -5 to specify that you want a sha256 hash. Then type in your plaintext password and then carefully copy the hash to the password directive in your oper block. Example: password="$5$j.ED0JjA8WV/3pcU$mUeTw3H.Ud6hWaPRya1P8EQNiO5XQ6z04RCNAi91g/5"
  • flags is the oper's privileges on the IRCD, full documentation of what each of these flags do is available in the example.conf, and an opers guide will be written if it isn't already by the time you're reading this. Example: flags = global_kill, remote, kline, unkline, xline,die, rehash, nick_changes, admin, operwall;.

channel{}

The channel block sets how users create and manage channels, and by create I mean join an empty channel.

  • disable_fake_channels stops users creating channels with non-printing characters and mIRC color codes. Example: disable_fake_channels=yes;.
  • restrict_channels stops users from creating channels except for opers. Example: restrict_channels=no;
  • disable_local_channels stops users from creating local channels or &channels. Example: disable_local_channels = no;
  • use_invex allows users to set invite exception masks which I think allows chanops to invite everyone with a certain hostmask.
  • use_except allows the use of ban exceptions in channels or +e. Example: use_except = yes;
  • use_knock allows the use /knock to ask for an invite if it is +i. Example: use_knock = yes;
  • knock_delay sets the amount of time between successive /knock commands. Example: knock_delay = 5 minutes;.
  • knock_delay_channel set time amount of time a knocker has to wait before the channel can be knocked on again, regardless of who knocked on it before. Example:

knock_delay_channel = 1 minute;.

  • burst_topicwho is a switch which decides if who set the topic on a channel is maintained in a topic burst. If this is enabled then people in DCU can see that terran set the topic, rather then the name of their IRCD, which is the alternative.
  • max_chans_per_user simple enough, just sets how many channels a user can join. Example: max_chans_per_user = 25;.
  • quiet_on_ban means that users banned on a channel cannot talk until unbanned. Example: quiet_on_ban = yes;.
  • max_bans means the maximum amount of bans you can set in 1 channel. Example: max_bans = 25;.
  • join_flood_count means the amount of users that join a channel in the last X settings where X is the *join_flood_time before it's considered flooding. Example: join_flood_count = 16; join_flood_time=8 seconds;.
  • default_split_user_count I _think_ that these directives are how the IRCD knows it's have a netsplits which is were an IRCD gets disconnected from one of it's peering IRCDs. Example: default_split_user_count=0;
  • default_split_server_count Same as above but for users. Example: default_split_server_count=0;.
  • no_create_on_split means that for the duration of the netsplit, new channels cannot be made. Example: no_create_on_split = yes;.
  • no_join_on_split means that for the duration of the netsplit, users cannot join channels. Example: no_join_on_split = no;

serverhide{}

This block allows the server to be hidden from the rest of the network, not necessary in Intersocs since we are a private network.

  • flatten_links means to pretend to our server is connected to every IRCD directly. Example: flatten_links = no;.
  • hidden hides the server from the /links command. Example: hidden = no;
  • disable_hidden prevents other servers from hiding themselves from /link. Example: disable_hidden =
  • hide_server_ips hides the ip address or actual hostname of the IRCD. Example: hide_server_ips = no;.

general{}

The general block contains an arseload of config that wouldn't fit anywhere else. Most of it just needs to be copied over if ever a new IRCD is being setup. If you need/want details please read them from the example.conf file.

glines{}

This block configures how glines work on the network. A gline or a global kill line is a network wide ban on a (or a range of) hosts.

  • enable simply enables or disables them. Example enable=yes;
  • duration is the default duration of glines, if not permanent. Example: duration = 14 days;.
  • logging is the amount of logging done for glines, since glines need to be voted on by other opers on the network. Example: logging=reject;. More information on glines is available in the example.conf.

connect{}

The connect block describes the config that is used to peer between IRCD.

  • name is the name of the peering IRCD.
  • host is where the server is connecting from.
  • {send,receive}_passwords are the passwords that are sent and then received to authenticate the server.
  • encrpyion is whether or not the above passwords are encrypted.
  • hub_mask is the mask of the servers that it is allowed to hub.
  • port the port that it expects the connection on.
  • class the class defining the server's connection settings.
  • flags set if the server is transmitting using SSL, ziplinks or other features.

resv{}

This block contains reserved disallowed nicknames and channel names.

  • nick is a nick that is disallowed on this server. Example: nick="oper";.
  • channel is a channel that is disallowed or reserved on this server. Example: channel="#help";.