UnrealIRCd 4.2.3 released

News about the UnrealIRCd project, including release announcements
Post Reply
UnrealIRCd head coder
Posts: 2089
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl

UnrealIRCd 4.2.3 released

Post by Syzop »

Hi everyone,

UnrealIRCd 4.2.3 (stable) is now available for download. This release adds new modules to combat drones, it bumps the default concurrent user limit, and UnrealIRCd can now easily deal with 1 million *LINE's placed on *@IP without any noticeable performance impact.
There is also one important change with regards to old style 'posix' spamfilters (see under "Deprecated"), these will raise a warning but will continue to work for now.

Changes between version 4.2.2 and 4.2.3:

  • New optional modules reputation and connthrottle to fight drones:
    • The reputation module will learn what users (IP addresses) are frequently seen on your server and classify these as "known IP's".
      For every 5 minutes that someone is connected, the IP address receives +1 point. IP's with registered users receive +2 points per 5 minutes.
      An IRCOp can /WHOIS a user to view this "reputation score". The "/REPUTATION nick" and "/REPUTATION ip" commands are also available. Note that the reputation score is capped at a maximum of 10000 and entries expire if the IP has not been seen online for 30 days (or even sooner for very low reputation scores).
    • The connthrottle module puts users in one of these two groups:
      • "known users" with IP addresses that have been online before on your network for some time. By default: 2+ hours past 30 days.
      • "new users" who have not been seen online before (or too short).
      Users in the "known users" group can connect without any limitation. Similarly, users who authenticate to services using SASL can also always get in.
      However, "new users" can be limited, for example at a maximum rate of 20 "new users" per minute.
      The end result and goal is that in case of a drone attack, 99% of your regular users can still connect as usual. This, while drones and other unknown IP's are limited at, for example, 20 per minute.
      By limiting the connection rate for drones and other unknown users the damage is limited. It also gives IRCOps a chance to react and take additional countermeasures, if possible.
    • The modules are not loaded by default. If you want to use them, then have a look at their example configuration in the file conf/modules.optional.conf
    • The reputation module needs to be running for some time before it contains a meaningful database of "known users". Therefore the connthrottle module will be disabled until the reputation module has gathered sufficient data. This defaults to 1 week.
    • Full documentation is available at https://www.unrealircd.org/docs/Connthrottle
  • On *NIX we now default to 'auto' mode to discover MAXCONNECTIONS. On systems that support it this means UnrealIRCd supports up to 8192 connections by default.
    It automatically falls back to a lower value such as 2048 or 1024 if the user account has a lower limit or if the OS does not support it.
    We recommend users to no longer set any specific value in ./Config and just leave it at 'auto'.
    If you want to see the effective limit, then look at this message when you start the server on the console: "This server can handle XYZ concurrent sockets".
  • UnrealIRCd now uses a technique that makes KLINE's, GLINE's and (G)ZLINE's placed on individual IP's (*@IP) extremely fast. Just to illustrate:
    • Previously it took 129 seconds to add 100k ZLINE's, now it takes 2.5 secs.
    • Checking a connection against 100,000 ZLINE's is now 250 times faster.
    • Previously 7,500 clients could connect per minute, now 33,560 per minute.
    • Even with 1 million ZLINE's on *@IP it can handle 30,000 connections p/m.
    • Rejecting Z-lined users is even faster at 435,000 connections per minute with 100,000 active ZLINE's.
    Benchmarked on a 2GHz Intel Xeon Skylake CPU with Linux 4.15. To benefit from these speed improvements, just place a *LINE on *@IP.
  • When the server has just been restarted, many users will reconnect and rejoin channels. We now disable the join flood limit in channel mode +f during the first 75 seconds since startup.
    This so the channel does not become +i or +R due to "flooding". See: https://www.unrealircd.org/docs/Set_blo ... boot-delay
  • Spamfilter has 3 matching methods: 'simple', 'regex' and 'posix'.
    The old method 'posix' is deprecated as this uses the TRE regex library which contains bugs and has not been maintained for more than 10 years.
    On *NIX the 'make install' script will try to upgrade the example spamfilter.conf. This may not work if you have customizations in that file or if it was originating from 3.2.x.
    Helpful warnings or error messages are printed when you try to start UnrealIRCd, to guide the user in this upgrade process. For details see:
    FAQ: ERROR: Spamfilter type 'posix' is DEPRECATED
    FAQ: You have old examples in your spamfilter.conf
Minor issues fixed:
  • Changing the set::anti-flood::invite-flood setting had no effect.
  • Sometimes when a server (re)links to the network via 2+ connections it could trigger a race condition where the server would be delinked again.
For module coders:
  • We now compile with a lot more compiler warnings enabled by default.
    Similarly, our Travis-CI compiles with --with-werror which enables the -Werror compiler option, which you may want to use as well. This enables the compiler to detect more possible bugs and sketchy code.
  • Some modules still prepend DLLFUNC to functions. This is unnecessary.
  • Similarly, if (!cep->ce_varname) is unnecessary, it never happens.
  • The functions del_Command() and such have been removed. You never needed to use this. Just use CommandAdd() and UnrealIRCd takes care of the rest.
  • For command functions we encourage you to use CMD_FUNC(m_something), this is not new.
    New is that we now also have something similar for command overrides, namely: CMD_OVERRIDE_FUNC(override_something).
    This way you don't have to type yourself the int parc, char *parv[] etc. stuff and this way we can also easily change the passed parameters in the future in an automatic way. Eg: provide more variables.
    If you use linked lists and you use AddListItem() or DelListItem() then you should always have pointers to prev and next at the beginning of your struct (and in that order!), otherwise you risk memory corruption.
    Because this is an easy mistake to make we will now abort() we detect such an error at runtime in AddListItem or DelListItem (on *NIX).
IRC protocol:
This section is intended for client coders and people interested in IRC protocol technicalities
  • Many things changed in previous release (4.2.2)
  • No changes in this release.
Future versions (heads up):
  • We intend to change the default plaintext oper policy from warn to deny in the summer of 2019. This will deny /OPER when issued from a non-SSL connection. For security, IRC Operators should really use SSL/TLS when connecting to an IRC server!
As always, you can download UnrealIRCd from www.unrealircd.org.
Post Reply