View Issue Details

IDProjectCategoryView StatusLast Update
0004374unrealircdpublic2015-07-19 18:33
Reportermiwob Assigned Tosyzop  
Status resolvedResolutionfixed 
Fixed in Version3.4-beta2 
Summary0004374: Change client connecting notice to include IP address
DescriptionChange default client connecting notices to include IP addresses (I think mostly all ircds do that nowaday) and get rid of "PROTOCTL HCN".
That way HOPM users are no longer required to add a separate perform = "PROTOCTL HCN"; to their scanner's conf.
Ideally 'far' connecting notices should be changed to include IP addresses as well.
TagsNo tags attached.
3rd party modules



2015-07-10 15:28

administrator   ~0018473

I like the idea of including IP's in connection messages by default, it's after all valuable information.

What I don't like is loosing the information we have, such as the ssl info, so don't want to use PROTOCTL HCN format as-is.

I presume we can find a way to have both? What is your scanner looking for, what is the format you expect, exactly? Where can we add "additional data" safely?

Sorry, about to leave to somewhere else (yeah pretending I have a life), so haven't checked. Just figured I'd post here before I forget :)


2015-07-16 11:36

reporter   ~0018507

Last edited: 2015-07-16 11:38

View 3 revisions

I think the messages themselves could be simplified, as opposed to the current format which is:
 *** Notice -- Client connecting on port 6667: mibbot_stats ( [clients]
^ why do we really need these stars and "notice" and so on?

That could be simplified to:
CONNECT: <server:port(ifknown)> mibbot_stats ( [IP-Address] [clients] [ssl-info etc]

likewise with disconnect messages:
DISCONNECT: <server> mibbot_stats ( [IP-Address] [Client exited]


2015-07-19 18:02

administrator   ~0018518

Amiga600: Good point. Now you mention it I find the "*** Notice --" rather silly too. I kept the "***" but removed the silly "Notice -- " in the... notice :D.

miwob: (30m later) I see this breaks your reference regex of HOPM now.

Anyway, so here we are again, currently (as in right now):

*** Client connecting on port 5667: Ein_ (~none@syzop.testnet) [clients] [secure AES256-GCM-SHA384]

Hybrid style:
*** Client connecting: Ein_ (~none@syzop.testnet) [192.168.xx.xx] {clients}

If we can find a hybrid (:D) where we can use the hybrid style but keep the secure/SSL stuff then it's good for me. I don't think the port stuff is particularly interesting.

So can I safely put something at the end or something? I'm asking you because you write the thing that parses it.. so you probably have seen others as well.

This would look cleanest:
*** Client connecting: Ein_ (~none@syzop.testnet) [192.168.xx.xx] {clients} [secure AES256-GCM-SHA384]
Or would that confuse your search for ip in []'s (would be strange if you would look for it twice in the same line, but who knows..)

I find this ugly, but it's an option:
*** Client connecting: Ein_ (~none@syzop.testnet) [192.168.xx.xx] {clients} {secure AES256-GCM-SHA384}

When we're at it, I think we should take a look at the exiting notice as well -- if we would go hybrid style.
It's now:
*** Client exiting: Ein_ (~none@syzop.testnet) [hai hai] [192.168.xx.xx]
That's just odd and ugly. How about:
*** Client exiting: Ein_ (~none@syzop.testnet) [192.168.xx.xx] (hai hai)


2015-07-19 18:27

administrator   ~0018519

I've taken the liberty to do the above. Rather than wait another week for a reply -- i looked at the HOPM example conf anyway ;)

I'll try to summarize:
1) PROTOCTL HCN is ripped out
2) connect format: *** Client connecting: Zwei (none@syzop.testnet) [192.168.xx.xx] {clients} [secure BLABLA]
3) disconnect format: *** Client exiting: Zwei (none@syzop.testnet) [192.168.xx.xx] (Read error)
4) the remote connect/disconnect messages are IDENTICAL except the sender isn't :your.server but :remote.server. Since any normal client displays the sender of a notice this results in things like: *** Client connecting: ....etc... :)

If something is wrong let me know.


2015-07-19 18:28

administrator   ~0018520

Last edited: 2015-07-19 18:29

View 2 revisions

So you'd only need to change:
    connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";

to.. what is it?
    connregex = "\\*\\*\\*( Notice --)? Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9\\.]+)\\].*";

or whatever :)


2015-07-19 18:33

administrator   ~0018521

*update regex in comment of above* :D. untested, though.

Issue History

Date Modified Username Field Change
2015-07-10 12:34 miwob New Issue
2015-07-10 15:28 syzop Note Added: 0018473
2015-07-16 11:36 Amiga600 Note Added: 0018507
2015-07-16 11:37 Amiga600 Note Edited: 0018507 View Revisions
2015-07-16 11:38 Amiga600 Note Edited: 0018507 View Revisions
2015-07-19 18:02 syzop Note Added: 0018518
2015-07-19 18:27 syzop Note Added: 0018519
2015-07-19 18:27 syzop Status new => resolved
2015-07-19 18:27 syzop Fixed in Version => 3.4-beta2
2015-07-19 18:27 syzop Resolution open => fixed
2015-07-19 18:27 syzop Assigned To => syzop
2015-07-19 18:28 syzop Note Added: 0018520
2015-07-19 18:29 syzop Note Edited: 0018520 View Revisions
2015-07-19 18:33 syzop Note Added: 0018521