View Issue Details

IDProjectCategoryView StatusLast Update
0003128unrealircdpublic2015-07-19 20:02
ReporterTrocotronic Assigned Tosyzop  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
PlatformAMD K6 32bitsOSWindows XP ProfessionalOS VersionSP2
Product Version3.2.6 
Fixed in Version3.4-beta1 
Summary0003128: Hub VS Leaf
Descriptionif (!aconf->hubmask)
    {
        sendto_locfailops("Link %s cancelled, is Non-Hub but introduced Leaf %s",
            cptr->name, servername);
        return exit_client(cptr, cptr, cptr, "Non-Hub Link");
    }
    if (match(aconf->hubmask, servername))
    {
        sendto_locfailops("Link %s cancelled, linked in %s, which hub config disallows", cptr->name, servername);
        return exit_client(cptr, cptr, cptr, "Not matching hub configuration");
    }
    if (aconf->leafmask)
    {
        if (match(aconf->leafmask, servername))
        {
            sendto_locfailops("Link %s(%s) cancelled, disallowed by leaf configuration", cptr->name, servername);
            return exit_client(cptr, cptr, cptr, "Disallowed by leaf configuration");
        }
    }

As you can see, if you want to use leafmask, you must use hubmask. So, in your conf will be those two entries: hubmask AND leafmask. This could be a confusion for some users (first on me!). I don't see the utility of leafmask. If you miss hubmask, this server acts like a leaf. I think we can remove this entry.
Leafmask isn't used more on all code, only on those lines.
Suggestions?
TagsNo tags attached.
3rd party modules

Activities

avb

2006-11-27 12:41

reporter   ~0012746

Last edited: 2006-11-27 12:43

hubmask - mask of servernames that server CAN introduce, (hub *) - server can introduce any another server;
leafmask - mask of servernames that server CANNOT introduce, (leaf *) - server cannot introduce any leafs;

i guess - it can be useful, if we have new, not "fully trusted" hub, so we can protect the network for example from that hub to link "spurious" services by setting leaf services* or leaf services.mynet.com, but unfortunately there is no way to select multiple hub/leaf masks in the same link block....

Maybe it should be renamed? for example "hub *" > <link block>::options::hub (yes/no), and <link block>::allow-links::<allow-masks> and <link block>::deny-links::<deny-masks> or so....

aquanight

2006-11-27 12:49

reporter   ~0012747

The documentation was a bit sketchy on these two directives. See 0002623.

As avb said, you use leaf with hub as a sort of "exception", for example:
hub *.network.net; <- linked servers allowed if they are in the same domain
leaf services.network.net; <- ensure nonhubs don't try to collide services off.

Trocotronic

2006-11-28 13:36

reporter   ~0012751

So, my question is: if leafmask is a mask of servernames that server CANNOT introduce, this line
   if (match(aconf->leafmask, servername))
should be
   if (!match(aconf->leafmask, servername))
and reject the link. If servername IS like leafmask (!match), then link is aborted. Isn't it?

avb

2006-11-28 19:23

reporter   ~0012755

if (match(aconf->leafmask, servername))

this means
if servername (new server name) matches leafmask ("forbidden" servers mask) - (if hub introduces new server that it shouldn't) - reject the link

aquanight

2006-11-28 19:28

reporter   ~0012756

No, Trocotronic's right. match() returns 0 if it matches (and nonzero for no match) - like strcmp().

avb

2006-11-28 21:03

reporter   ~0012757

so, leafmask actually works incorrect?

Trocotronic

2006-11-29 06:18

reporter   ~0012761

Moreover, actually if there isn't hubmask, leafmask does not take effect, due to line
   if (!aconf->hubmask)
If leafmask is the opposite of hubmask, then why cannot you use ONLY leafmask? For example, I want to only deny *.com links. Actually, I can't. I need to specify an hubmask (hub * indeed).

aquanight

2006-11-29 12:59

reporter   ~0012769

[quote]If leafmask is the opposite of hubmask, then why cannot you use ONLY leafmask? For example, I want to only deny *.com links. Actually, I can't. I need to specify an hubmask (hub * indeed).[/quote]

For the same reason you need an allow {} block before ban user {} is worth anything, probably.

syzop

2015-07-19 20:02

administrator   ~0018535

presume this is fixed with the new link block I added in 3.4-alphaX

Issue History

Date Modified Username Field Change
2006-11-27 12:04 Trocotronic New Issue
2006-11-27 12:41 avb Note Added: 0012746
2006-11-27 12:41 avb Note Edited: 0012746
2006-11-27 12:42 avb Note Edited: 0012746
2006-11-27 12:43 avb Note Edited: 0012746
2006-11-27 12:49 aquanight Note Added: 0012747
2006-11-28 13:36 Trocotronic Note Added: 0012751
2006-11-28 19:23 avb Note Added: 0012755
2006-11-28 19:28 aquanight Note Added: 0012756
2006-11-28 21:03 avb Note Added: 0012757
2006-11-29 06:18 Trocotronic Note Added: 0012761
2006-11-29 12:59 aquanight Note Added: 0012769
2007-04-27 03:27 stskeeps Status new => acknowledged
2015-07-19 20:02 syzop Note Added: 0018535
2015-07-19 20:02 syzop Status acknowledged => closed
2015-07-19 20:02 syzop Assigned To => syzop
2015-07-19 20:02 syzop Resolution open => fixed
2015-07-19 20:02 syzop Fixed in Version => 3.4-beta1