View Issue Details

IDProjectCategoryView StatusLast Update
0005304unrealircdpublic2024-09-23 17:39
Reporterk4be Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status feedbackResolutionopen 
Product Version4.2.3 
Summary0005304: Allow different options/features for different IP addresses or ports of the same ircd
DescriptionCurrently we have to run multiple instances of the ircd to achieve that.
One possible solution would be to allow "set" options in "class" blocks, and allow selecting ports in "allow" blocks.
Example (i have added "no" prefix to disable the following option in case it's enabled in the global set block):

class normal {
 pingfreq 100;
 maxclients 1000;
 sendq 100k;
 recvq 4000;
 set {
  prefix-quit "Quit";
  options {
   no websocket;
   identd-check;
   show-connect-info;
  };
};

class websocket {
 pingfreq 100;
 maxclients 1000;
 sendq 100k;
 recvq 4000;
 set {
  prefix-quit "Web client exited";
  options {
   websocket;
   no identd-check;
   no show-connect-info;
  };
};

allow {
 ip *@*;
 // all ports except those "caught" by allow blocks below
 class normal;
 maxperip 10;
};

allow {
 ip *@*;
 port 8080;
 class websocket;
 maxperip 2;
};

listen {
 ip *;
 port 6667-6669;
};

listen {
 ip *;
 port 8080;
 options { ssl; };
};
TagsNo tags attached.
3rd party modules

Activities

syzop

2019-05-29 22:17

administrator   ~0020710

Last edited: 2019-05-29 22:24

The problem with this suggestion is that allow block matching, and thus class block matching, happens after DNS and after ident checking and after USER/NICK/PASS/CAP.
This because the allow block depends on it, since it may contain an ident in ip something@xxx and host something@xxx, it would require DNS for host xxx, and optionally has a password xxx.
But you want it to reverse-depend, so it sort of becomes a chicken-and-egg problem :). That is, for: (no) identd-check, (no) show-connect-info, websocket, etc.
Of course, this is no problem for, say, prefix-quit, but.. I don't think that one is particularly useful.

syzop

2019-05-29 22:23

administrator   ~0020711

Last edited: 2019-05-29 22:33

So, I see more possibilities in those identd-check/show-connect-info options in specific listeners.
Worth mentioning is that there's a plan to specify websockets explicitly as an option is in 0004900.

(EDIT: removed other incorrect comments from myself, where I confused your request with webirc)

k4be

2019-06-05 16:36

developer   ~0020721

So probably the only way to do it would be to specify these settings in listen blocks.

blacky

2019-09-09 09:21

reporter   ~0020877

We have similar issues and feature request as k4be.

We would like to have two listen blocks i.e.:

first port 6697 SSL (public IP address) which would allow user connection just by providing password
and second port 6840 non-ssl which would bind only on localhost 127.0.0.1 for webirc.

If listen blocks would have same functionality as allow blocks would be great.

syzop

2024-09-23 17:39

administrator   ~0023378

This sounds like what we have been doing with security groups + set options per security group. I know this feature request is from 2019 and that new stuff is since 6.1.1 from June 14 2023.

How about if I add a "server-port" option to security-groups and then add set nameofsecgroup { } support for things like set::options::identd-check and such... that might do it ? Let's see below...

security-group non-webclients {
    server-port { 6667; 6697; } // but not like 8080 (web)
}

set {
    options {
        // don't set identd check and show connect info etc in the normal set block, so they are off by default.
    }
}

/* Only enabled for non-webclients */
set non-webclients {
    options {
        identd-check;
        show-connect-info;
    }
}

Issue History

Date Modified Username Field Change
2019-05-26 20:10 k4be New Issue
2019-05-29 22:17 syzop Note Added: 0020710
2019-05-29 22:23 syzop Note Added: 0020711
2019-05-29 22:24 syzop Note Edited: 0020710
2019-05-29 22:27 syzop Note Edited: 0020711
2019-05-29 22:30 syzop Note Edited: 0020711
2019-05-29 22:31 syzop Note Edited: 0020711
2019-05-29 22:33 syzop Note Edited: 0020711
2019-05-29 22:33 syzop Note Edited: 0020711
2019-05-29 22:34 syzop Status new => feedback
2019-06-05 16:36 k4be Note Added: 0020721
2019-09-09 09:21 blacky Note Added: 0020877
2024-09-23 17:39 syzop Note Added: 0023378