View Issue Details

IDProjectCategoryView StatusLast Update
0005304unrealircdpublic2019-09-09 09:21
Reporterk4beAssigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status feedbackResolutionopen 
Product Version4.2.3 
Target VersionFixed in Version 
Summary0005304: Allow different options/features for different IP addresses or ports of the same ircd
DescriptionCurrently we have to run multiple instances of the ircd to achieve that.
One possible solution would be to allow "set" options in "class" blocks, and allow selecting ports in "allow" blocks.
Example (i have added "no" prefix to disable the following option in case it's enabled in the global set block):

class normal {
 pingfreq 100;
 maxclients 1000;
 sendq 100k;
 recvq 4000;
 set {
  prefix-quit "Quit";
  options {
   no websocket;
   identd-check;
   show-connect-info;
  };
};

class websocket {
 pingfreq 100;
 maxclients 1000;
 sendq 100k;
 recvq 4000;
 set {
  prefix-quit "Web client exited";
  options {
   websocket;
   no identd-check;
   no show-connect-info;
  };
};

allow {
 ip *@*;
 // all ports except those "caught" by allow blocks below
 class normal;
 maxperip 10;
};

allow {
 ip *@*;
 port 8080;
 class websocket;
 maxperip 2;
};

listen {
 ip *;
 port 6667-6669;
};

listen {
 ip *;
 port 8080;
 options { ssl; };
};
TagsNo tags attached.
3rd party modules

Activities

syzop

2019-05-29 22:17

administrator   ~0020710

Last edited: 2019-05-29 22:24

View 2 revisions

The problem with this suggestion is that allow block matching, and thus class block matching, happens after DNS and after ident checking and after USER/NICK/PASS/CAP.
This because the allow block depends on it, since it may contain an ident in ip something@xxx and host something@xxx, it would require DNS for host xxx, and optionally has a password xxx.
But you want it to reverse-depend, so it sort of becomes a chicken-and-egg problem :). That is, for: (no) identd-check, (no) show-connect-info, websocket, etc.
Of course, this is no problem for, say, prefix-quit, but.. I don't think that one is particularly useful.

syzop

2019-05-29 22:23

administrator   ~0020711

Last edited: 2019-05-29 22:33

View 6 revisions

So, I see more possibilities in those identd-check/show-connect-info options in specific listeners.
Worth mentioning is that there's a plan to specify websockets explicitly as an option is in 0004900.

(EDIT: removed other incorrect comments from myself, where I confused your request with webirc)

k4be

2019-06-05 16:36

reporter   ~0020721

So probably the only way to do it would be to specify these settings in listen blocks.

blacky

2019-09-09 09:21

reporter   ~0020877

We have similar issues and feature request as k4be.

We would like to have two listen blocks i.e.:

first port 6697 SSL (public IP address) which would allow user connection just by providing password
and second port 6840 non-ssl which would bind only on localhost 127.0.0.1 for webirc.

If listen blocks would have same functionality as allow blocks would be great.

Issue History

Date Modified Username Field Change
2019-05-26 20:10 k4be New Issue
2019-05-29 22:17 syzop Note Added: 0020710
2019-05-29 22:23 syzop Note Added: 0020711
2019-05-29 22:24 syzop Note Edited: 0020710 View Revisions
2019-05-29 22:27 syzop Note Edited: 0020711 View Revisions
2019-05-29 22:30 syzop Note Edited: 0020711 View Revisions
2019-05-29 22:31 syzop Note Edited: 0020711 View Revisions
2019-05-29 22:33 syzop Note Edited: 0020711 View Revisions
2019-05-29 22:33 syzop Note Edited: 0020711 View Revisions
2019-05-29 22:34 syzop Status new => feedback
2019-06-05 16:36 k4be Note Added: 0020721
2019-09-09 09:21 blacky Note Added: 0020877