Log in | Back to darenet.org

DareNET IRCd Configuration/1.5

(Connect block)
 
(68 intermediate revisions not shown)
Line 1: Line 1:
__NOTOC__
__NOTOC__
-
This is a reference guide for ircd-darenet 1.4.1+'s configuration file.
+
This is a reference guide for ircd-darenet 1.5.x's configuration file.
-
The configuration format consists of various blocks, each containing name-value pairs, tags and/or string data. It is designed to be easily readable by both human and ircd.
+
The configuration format consists of various blocks, each containing name-value pairs, tags or string data. It is designed to be easily readable by both human ircd.
-
A block consists of a block name, an opening '{' brace, statements, a closing '}' brace, and a ';' semicolon. A statement consists of a name possibly followed by an '=' equals sign and a value, ending with a semicolon. All strings are surrounded by '"' double quotes.
+
A block consists of a name, an opening '{' brace, statements, a closing '}' brace, and a ';' semicolon. A statement consists of a name possibly followed by an '=' equals sign and a value, ending with a semicolon. All strings must be surrounded by '"' double quotes.
A sample block:
A sample block:
-
<html><pre>blockname {
+
<html><pre><strong>blockname</strong> {
     name = value;
     name = value;
-
     name = "string";
+
     name = <span class="qstring">"string"</span>;
-
     name = 123;
+
     name = <span class="integer">123</span>;
     tag;
     tag;
};</pre></html>
};</pre></html>
-
All elements of the configuration are separated by whitespace, and can be packed on one line, or broken up over several lines. Whitespace is defined as space, tab or carriage return/linefeed. Three form of comments are allowed:
+
All elements of the configuration are separated by whitespace, and can be packed on one line, or broken up over several lines. Whitespace is defined as space, tab or carriage return/linefeed. Three forms of comments are allowed:  
-
* C style single/multi-line
+
<pre>/* C style single/multi-line */
-
* C++ style single-line
+
-
* Shell style single-line
+
-
'''Important notes:''' When the configuration file is parsed, blocks are used in reverse order than how they are listed. This means you should start multiple block definitions with the "fall through", and end with the most detailed. Class {} blocks MUST be specified before anything that uses them. That means they must be defined before client {}, connect {} and operator {}.
+
// C++ style single-line
-
Times / durations are written as:
+
# Shell style single-line
 +
</pre>
-
* A number in seconds (e.g., 60)
+
{{info|text=Blocks are used in the reverse order than how they're listed, when the configuration file is parsed. This means you should start multiple block definitions with the "fall through", and end with the most detailed.}}
-
* 1 hours 30 minutes 10 seconds
+
-
* An arithmetic expression (e.g., 1*60+20)
+
-
Valid units of time:
+
== General block ==
-
* Decade, year, month, week, day, hour, minute, second
+
{| class="simpletable" width="100%"
 +
|width="250px"|Requirement:
 +
|REQUIRED
 +
|-
 +
|Old conf format equivalents:
 +
|<code>M:name:vhost:description::numeric</code>
 +
|}
-
Valid units of size:
+
The General block defines information about the server itself. It is required for the server to start.
-
* terabyte / tbyte
+
<html><pre><strong>General</strong> {
-
* gigabyte / gbyte
+
    <span class="comment">/* name: the name of our server. */</span>
-
* megabyte / mbyte
+
    name = <span class="qstring">"test.area.zone.darenet.org"</span>;
-
* kilobyte / kbyte
+
-
* byte
+
-
Sizes and times may be specified as singular or plural.
+
    <span class="comment">/* description: the description of our server. */</span>
 +
    description = <span class="qstring">"ircd-darenet test server"</span>;
-
== General Block ==
+
    <span class="comment">/* numeric: the unique server numeric for our server. It must be a
 +
    * digit between 0 and 4095, and is not updated on a rehash.
 +
    */</span>
 +
    numeric = <span class="integer">999</span>;
 +
    <span class="comment">/* vhost: the IP to bind to when we connect outward to other servers.
 +
    * It must contain either a * or a valid ipv4 address in dotted quad notation.
 +
    */</span>
 +
    vhost = <span class="qstring">"192.169.0.1"</span>;
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
    <span class="comment">/* ssl_private_key: our ssl private key. */</span>
-
| Requirement:
+
    ssl_private_key = <span class="qstring">"etc/ircd.key"</span>;
-
| REQUIRED
+
-
|-
+
-
| Old conf format equivalents:
+
-
| M:line
+
-
|}
+
-
The General {} block defines information about the server itself.
+
    <span class="comment">/* ssl_pem: file containing our ssl certificate and private key */</span>
 +
    ssl_pem = <span class="qstring">"etc/ircd.pem"</span>;
-
<pre>General
+
    <span class="comment">/* dpass: (optional) password for DIE command. */</span>
-
{
+
    dpass = <span class="qstring">"encrypted pass"</span>;
-
  name = "servername";
+
-
  description = "description";
+
-
  numeric = numericnumber;
+
-
  vhost = "ipv4vhost";
+
-
  ssl_pem = "path/to/ircd.pem";
+
-
  ssl_private_key = "path/to/ircd.key";
+
-
};</pre>
+
-
'''Required tokens:''' <code>name, description, numeric</code>
+
    <span class="comment">/* rpass: (optional) password for RESTART command. */</span>
 +
    rpass = <span class="qstring">"$PLAIN$password"</span>; 
 +
};
 +
</pre></html>
-
'''Optional tokens:''' <code>vhost, ssl_pem, ssl_private_key</code>
+
The server name may only be changed by a server restart. The description can be changed on rehash, but will not propagate to other linked servers.
-
Note that the server <numeric> must be unique on the network the server is linked to, and may be between 0 and 4095. It is not updated on a rehash. If linking to DareNET, you should use the numeric assigned to you by the Infrastructure team.
+
There must be exactly one General block.
-
If <vhost> is specified, it must contain either a <code>*</code> or a valid IPv4 address in dotted quad notation (e.g., 127.0.0.1). The address MUST be the address of a physical interface on the host. It is used only for outgoing connections; see Port {} blocks for listener virtual hosting. If in doubt what to put here, use the IP of your primary interface.
+
== Admin block ==
-
If SSL is enabled, you MUST specify the path to your pem (containing your cert and private key) and private key files using the ssl_pem and ssl_private_key tokens.
+
{| class="simpletable" width="100%"
 +
|width="250px"|Requirement:
 +
|SUGGESTED
 +
|-
 +
|Old conf format equivalents:
 +
|<code>A:line1:line2:line3</code>
 +
|}
-
There may only be one General {} block.  
+
The Admin block defines information that can be retrieved with the <code>/ADMIN</code> command.
-
'''Example block:'''
+
<html><pre><strong>Admin</strong> {
 +
    location = <span class="qstring">"DareNET - http://www.darenet.org"</span>;
 +
    location = <span class="qstring">"Infrastructure Team"</span>;
 +
    contact = <span class="qstring">"&lt;infrastructure@darenet.org&gt;"</span>;
 +
};
 +
</pre></html>
-
<c>General
+
Not all lines are required. There may only be one Admin block.
-
{
+
-
  name = "servername.area.zone.darenet.org";
+
-
  description = "DareNET Client Server";
+
-
  numeric = 10;
+
-
  vhost = "127.0.0.1";
+
-
  ssl_pem = "etc/ircd.pem";
+
-
  ssl_private_key = "etc/ircd.key";
+
-
};</c>
+
-
== Admin Block ==
+
== Class block ==
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
{| class="simpletable" width="100%"
-
| Requirement:
+
|width="250px"|Requirement:
-
| SUGGESTED
+
|RECOMMENDED
 +
|-
 +
|Old conf format equivalents:
 +
|<code>Y:class:pingfreq::maxlinks:sendq (clients)</code><br /><code>Y:class:pingfreq:connectfreq:maxlinks:sendq (servers)</code>
|-
|-
-
| Old conf format equivalents:
 
-
| A:line
 
|}
|}
-
The Admin {} block defines information that can be retrieved with the /ADMIN command.
+
The Class blocks define connection classes. All connections to the server are associated with a "connection class", whether they be incoming or outgoing (initiated by the server), be they clients or servers.
-
There may only be one Admin {} block.
+
<html><pre><strong>Class</strong> {
 +
    <span class="comment">/* name: a name for the connection class. */</span>
 +
    name = <span class="qstring">"Users"</span>;
-
<pre>Admin
+
    <span class="comment">/* pingfreq: how often to PING idle connections. */</span>
-
{
+
    pingfreq = 1 minute 30 seconds;
-
  Location = "string 1 here";
+
-
  Location = "string 2 here";
+
-
  Contact = "string 3 here";
+
-
};</pre>
+
-
'''Example block:'''
+
    <span class="comment">/* sendq: send buffer limit (i.e., the amount of data allowed in
 +
    * a client's queue before they are dropped.
 +
    */</span>
 +
    sendq = 100 kilobytes;
-
<c>Admin
+
    <span class="comment">/* maxlinks: the maximum number of connections that may use this
-
{
+
    * class. May be between 0 and 4,000,000,000.
-
  Location = "DareNET";
+
    */</span>
-
  Location = "Infrastructure Team";
+
    maxlinks = <span class="integer">100</span>;
-
  Contact = "<infrastructure@darenet.org>";
+
-
};</c>
+
-
== Class Block ==
+
    <span class="comment">/* usermode: an optional list of user modes that should set
 +
    * upon the user while connecting.
 +
    */</span>
 +
    usermode = <span class="qstring">"+iw"</span>;
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
    <span class="comment">/* maxchans: the maximum number of channels that clients may join.
-
| Requirement:
+
    */</span>
-
| SUGGESTED
+
    maxchans = <span class="integer">50</span>;
-
|-
+
};
-
| Old conf format equivalents:
+
-
| Y:line
+
-
|}
+
-
The Class {} blocks define connection classes. All connections to the server are associated with a "connection class", whether they be incoming or outgoing (initiated by the server), be they clients or servers.
+
<strong>Class</strong> {
 +
    name = <span class="qstring">"Opers"</span>;
 +
    pingfreq = 2 minutes;
 +
    sendq = 100 kilobytes;
 +
    maxlinks = <span class="integer">10</span>;
 +
    usermode = <span class="qstring">"+iw"</span>;
 +
    whox;
 +
};
-
<pre>Class
+
<strong>Class</strong> {
-
{
+
    name = <span class="qstring">"Server"</span>;
-
  name = "<class>";
+
    pingfreq = 3 minutes;
-
  pingfreq = time;
+
-
  connectfreq = time;
+
-
  maxlinks = number;
+
-
  sendq = size;
+
-
  usermode = "+modes";
+
-
};</pre>
+
-
'''Required tokens:''' <code>name, pingfreq, sendq</code>
+
    <span class="comment">/* connectfreq: this token applies only to servers, and specifies
 +
    * the frequency that the server tries to auto connect. Setting this to 0 will cause a
 +
    * server to attempt to connect repeatedly, with no delay until the maxlinks condition
 +
    * is satisfied (which is not a good thing).
 +
    */</span>
 +
    connectfreq = 5 minutes;
-
'''Optional tokens (client classes only):''' <code>maxlinks, usermode</code>
+
    <span class="comment">/* maxlinks: for server classes, specifies the maximum number of
 +
    * servers to autoconnect to. This should be 0 for hubs, and 1 for leafs.
 +
    */</span>
 +
    maxlinks = <span class="integer">0</span>;
-
'''Optional tokens (server classes only):''' <code>connectfreq</code>
+
    sendq = 10 megabytes;
 +
};
-
For connection classes used on server links, maxlinks should be set to either 0 (for hubs) or 1 (for leafs). Client connection classes may use maxlinks between 0 and approximately 4,000,000,000. A maxlinks of 0 means there is no limit on the number of connections using the class.
+
<strong>Class</strong> {
 +
    name = <span class="qstring">"Leaf_Server"</span>;
 +
    pingfreq = 3 minutes;
 +
    connectfreq = 5 minutes;
 +
    maxlinks = 1;
 +
    sendq = 10 megabytes;
 +
};
 +
</pre></html>
-
<connect freq> applies only to servers, and specifies the frequency that the server tries to auto connect. Setting this to 0 will cause the server to attempt to connect repeatedly with no delay until the <maximum links> condition is satisfied. This is a Bad Thing(tm). Time can be specified as a number, or by giving something like: 1 minutes 2 seconds, or 1*60+20.
+
For connection classes intended for operator use, you can specify privileges the operator should be granted when the Operator block names the class. The local privilege MUST be defined by either the Class or Operator block. It is highly recommended that most privileges be explicitly specified in the operator's Operator block on DareNET.
-
For connection classes intended for operator use, you can specify privileges used when the Operator {} block (see below) names this class. The local (aka globally_opered) privilege MUST be defined by either the Class or Operator block. It is highly recommended privileges be specified in the operator's Operator {} block, instead of in Class {} blocks.
+
A "default" class is created internally. This class is used when no other class is specified, but its settings are not useful for most situations. Custom classes are strongly recommended.
-
A "default" class is created internally. This class is used when no other class is specified, but its settings are not useful for most situations. Custom classes are strongly suggested.
+
There may be multiple Class blocks; at least one is recommended.
-
There may be multiple Class {} blocks.
+
== Client block ==
-
'''Example blocks:'''
+
{| class="simpletable" width="100%"
 +
|width="250px"|Requirement:
 +
|RECOMMENDED
 +
|-
 +
|Old conf format equivalents:
 +
|<code>I:ipmask:passwd:hostmask:port:class</code>
 +
|}
-
Uplinks you are not a hub for:
+
The Client blocks define the hosts client connections are allowed from, and places them into classes. While the server will start without a Client block, it will not be usable.
-
<c>Class
+
-
{
+
-
  name = "Server";
+
-
  pingfreq = 1 minutes 30 seconds;
+
-
  connectfreq = 5 minutes;
+
-
  maxlinks = 1;
+
-
  sendq = 9000000;
+
-
};</c>
+
-
Leaf servers you hub for:
+
-
<c>Class
+
-
{
+
-
  name = "Leaf Server";
+
-
  pingfreq = 1 minutes 30 seconds;
+
-
  connectfreq = 5 minutes;
+
-
  maxlinks = 0;
+
-
  sendq = 9000000;
+
-
};</c>
+
-
All clients:
+
-
<c>Class
+
-
{
+
-
  name = "Users";
+
-
  pingfreq = 1 minutes 30 seconds;
+
-
  sendq = 60000;
+
-
  usermode = "+iw";
+
-
};</c>
+
-
Opers:
+
-
<c>Class
+
-
{
+
-
  name = "Opers";
+
-
  pingfreq = 1 minutes 30 seconds;
+
-
  sendq = 60000;
+
-
  whox = yes;
+
-
};</c>
+
-
== Client Block ==
+
<html><pre><strong>Client</strong> {
 +
    <span class="comment">/* host: resolved user@host mask allowed to connect. This is optional
 +
    * if you are using the ip mask to match against.  Additionally, if you specify *@loc for
 +
    * this field it will match all LOC users.
 +
    */</span>
 +
    host = <span class="qstring">"*@*.wirehub.net"</span>;
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
    <span class="comment">/* ip: unresolved user@ip mask allowed to connect. */</span>
-
| Requirement:
+
    ip = <span class="qstring">"*@195.86.128.*"</span>;
-
| SUGGESTED
+
-
|-
+
-
| Old conf format equivalents:
+
-
| I:line
+
-
|}
+
-
To allow clients to connect, they need authorization. This can be done based on hostmask, address mask and/or with a password. With intelligent use of classes and the maxlinks field in the Client {} blocks, you can let in a specific domain, but get rid of all other domains in the same top level, thus setting up some sort of "reverse Kill {} block."
+
    <span class="comment">/* password: (optional) password that is required to use this block.
 +
    * This password string is not encrypted.
 +
    */</span>
 +
    password = <span class="qstring">"letMEHin"</span>;
-
<pre>Client
+
    <span class="comment">/* class: the class the user should be placed in. */</span>
-
{
+
    class = <span class="qstring">"Users"</span>;
-
  host = "host";
+
-
  ip = "127.0.0.0/8";
+
-
  password = "password";
+
-
  class = "classname";
+
-
  maxlinks = number;
+
-
};</pre>
+
-
Everything in a Client {} block is optional. If a username mask is specified, it must match the clients username from the IDENT protocol. If a hostmask is given, the client's hostname must resolve and match the hostmask. If a CIDR-style IP mask is given, the client must have an IP matching that range. If maxlinks is given, it limits the number of matching clients allowed from a particular IP address.
+
    <span class="comment">/* maxlinks: if specified, the server will only accept clients when
 +
    * the total number of connections to the network from the same IP number doesn't exceed
 +
    * this number.
 +
    */</span>
 +
    maxlinks = <span class="integer">6</span>;
-
'''Technical Description:'''
+
    <span class="comment">/* port: (optional) a port to limit this block to. */</span>
 +
    port = <span class="integer">6660</span>;
 +
};
 +
</pre></html>
-
For every connectiong client, the IP address is known. A reverse lookup is performed on this IP-number to get the (/all) hostname(s). Each hostname that belongs to this IP-number is matched to <hostmask>, and the Client {} block is used when any matches; the client will then show with this particular hostname. If none of the hostnames match, then the IP-number is matched against the <IP mask ...> field, and if this matches, the Client {} block is used nevertheless and the client will show with the first (main) hostname, if any. If the IP-number does not resolve, then the client will show with the dot notation of the IP-number.
+
The server uses a default deny policy for incoming connections. You need to define at least one Client block if you wish to use your server.
-
There is a special case for UNIX domain sockets and localhost connections. In these cases, the <IP mask...> field is compared with the name of the server (thus not with any IP-number representation). The name of the server is the one returned in the numeric 002 reply. For example:
+
The <code>host</code> and <code>ip</code> fields specify which connections the block matches. The server always performs a DNS and ident lookup for connections. If DNS cannot find a hostname, the IP address is used instead. If ident cannot get a valid reply, "unknown" is used during this state. The client's resolved hostname, IP address, ident reply, and username (from the USER line) are used according to the results of the matches described below.
-
<code>002 Your host is 2.darenet.org[jolan.ppro], running version ...</code>
+
'''Note:''' There is a specify case for UNIX domain sockets and localhost connections. In these cases, the <code>ip / host</code> field is compared with the name of the server, and thus not with any IP number representation. The name of the server is that returned in the numeric 002 reply, example: <code>002 Your host is 2.darenet.org[jolan.ppro]. running version ...</code> In this example, "jolan.ppro" is the name used for matching; therefore, UNIX domain sockets and connections to localhost would match a block containing: <code>host = "*@jolan.ppro";</code>.
-
In this example, "jolan.ppro" is the name used for matching. Therefore, UNIX domain sockets, and connections to localhost, would match this block:
+
The <code>host</code> field attempts to match first against the resolved hostname, if available, and then against the IP address. To include the connection's ident reply in the match, use a mask in the form "ident@host". If a client matches, it appears on IRC using its resolved hostname.
-
<code>host = "*@jolan.ppro";</code>
+
The <code>ip</code> field attempts to match against the IP address only. An ident may be specified to match against, as well.
-
Example blocks:
+
'''Note:''' If the ident portion is specified in a mask (i.e., "ident@host" instead of "host"), and no ident reply is received from the client, it will appear on IRC with its username prefixed with a '~' tilde. If the matching mask used only the "host" form, the client's username is not prefixed. If a valid ident reply is received, it is always used and not prefixed.
-
Prevent unresolved clients from connecting:
+
You need only specify a <code>host</code> or <code>ip</code> field, not both. If both are used, <code>host</code> is matched against first.
-
<c>Client
+
-
{
+
-
  host = "*@*";
+
-
  class = "Users";
+
-
  maxlinks = 5;
+
-
};</c>
+
-
Only accept two connections from dial up accounts that have "dial??.*" as host mask:
+
There may be multiple Client blocks; at least one is recommended.
-
<c>Client  
+
-
{
+
-
  host = "*@dial??.*";
+
-
  class = "Users";
+
-
  maxlinks = 2;
+
-
};</c>
+
-
Allow anyone to connect:
+
== Motd block ==
-
<c>Client
+
-
{
+
-
  host = "*@*";
+
-
  ip = "*@*";
+
-
  class = "Other";
+
-
  maxlinks = 5;
+
-
};</c>
+
-
== motd Block ==
+
{| class="simpletable" width="100%"
-
 
+
|width="250px"|Requirement:
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
|OPTIONAL
-
| Requirement:
+
-
| OPTIONAL
+
|-
|-
-
| Old conf format equivalents:
+
|Old conf format equivalents:
-
| T:line
+
|<code>T:hostmask&#124;classnumber:path</code>
|}
|}
-
It is possible to show a different Message of the Day (MOTD) to a connecting client depending on its origin.
+
The Motd blocks allow a different Message of the Day to be shown to connecting clients based on their origin.
-
<pre>motd
+
<html><pre><strong>Motd</strong> {
-
{
+
    <span class="comment">/* host: a hostmask, class number or class name to match against. */</span>
-
  host = "Users";
+
    host = <span class="qstring">"*.jp"</span>;
-
  file = "path/to/motd/file";
+
-
};</pre>
+
-
More than one <code>host = "mask";</code> entry may be present in one block; this has the same effect as one motd {} block for each host entry, but makes it easier to update the message's filename. Additionally, you may specify a the name of a Class {} block to match against in the <host> portion.
+
    <span class="comment">/* file: the path to the MOTD file to be shown (relative to DPATH). */</span>
 +
    file = <span class="qstring">"jp.motd"</span>;
 +
};
 +
</pre></html>
-
Example block:
+
More then one <code>host</code> field may be present in an Motd block.
-
<c>motd
+
There may be multiple Motd blocks.
-
{
+
-
  host = "*@*.jp";
+
-
  file = "japanese.motd";
+
-
};</c>
+
-
== Connect Block ==
+
== Connect block ==
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
{| class="simpletable" width="100%"
-
| Requirement:
+
|width="250px"|Requirement:
-
| OPTIONAL
+
|OPTIONAL
|-
|-
-
| Old conf format equivalents:
+
|Old conf format equivalents:
-
| C:line, H:line, L:line
+
|<code>C:host:cpassword:name:port:class</code><br /><code>N:host:apassword:name:flags:class</code><br /><code>H:host::name:maxhops</code><br /><code>L:host::mask:depth</code>
|}
|}
-
Connect {} blocks define what servers the server may connect to, and which servers are allowed to connect.
+
The Connect blocks define links to other servers.
-
IRC servers connect to other servers forming a network with a star or tree topology. Loops are not allowed. In this network, two servers can be distinguished: "hub" and "leaf". Leaf servers connect to hubs; hubs connect to each other. Of course, many servers can't be directly classified in either of these categories. Both a fixed and a rule-based decision making system for server links exists to aide ircd in deciding what links to allow, what to let humans do themselves and what links to (forcefully) disallow.
+
<html><pre><strong>Connect</strong> {
 +
    <span class="comment">/* name: the name of the server. */</span>
 +
    name = <span class="qstring">"uplink.darenet.org"</span>;
-
<pre>Connect
+
    <span class="comment">/* host: the host or IP to connect to. If a hostname is used it
-
{
+
    * must match the reverse dns of the server.
-
  name = "servername";
+
    */</span>
-
  host = "hostnameORip";
+
    host = <span class="qstring">"192.168.0.1"</span>;
-
  password = "passwd";
+
-
  port = portno;
+
-
  class = "classname";
+
-
  maxhops = 2;
+
-
  hub;
+
-
  leaf = no;
+
-
  autoconnect = no;
+
-
};</pre>
+
-
The "port" field defines the default port the server tries to connect to if an operator uses /CONNECT without specifying a port. This is also the port used when the server attempts to auto-connect to the remote server. You may tell ircd-darenet to not automatically connect to a server by adding <code>"autoconnect = no;"</code>; the default is to auto connect.
+
    <span class="comment">/* password: the password we send and accept. */</span>
 +
    password = <span class="qstring">"somepass"</span>;
-
The maxhops field causes an SQUIT if a hub tries to introduce servers farther away than that; the element 'leaf;' is an alias for a maxhops of 0. The hub field limits the names of servers that may be introduced by a hub; the element 'hub;' is an alias for <code>hub = "*";</code>.
+
    <span class="comment">/* port: the port to connect to this server on. This is also the
 +
    * port used when the server attempts to auto-connect (if enabled).
 +
    */</span>
 +
    port = <span class="integer">7325</span>;
-
Example block:
+
    <span class="comment">/* class: the class this server should be placed in. */</span>
 +
    class = <span class="qstring">"Server"</span>;
-
Our primary uplink:
+
    <span class="comment">/* maxhops: the max number of hops a hub may introduce. If a hub
-
<c>Connect
+
    * tries to introduce servers farther away than what is specified here, an SQUIT is
-
{
+
    * issued. The 'leaf' token is an alias for "maxhops = 0;".  
-
  name = "servername.hub.darenet.org";
+
    */</span>
-
  host = "1.2.3.4";
+
    maxhops = <span class="integer">2</span>;
-
  password = "passwd";
+
-
  port = 7325;
+
-
  class = "Server";
+
-
  hub;
+
-
};</c>
+
-
== CRULE Block ==
+
    <span class="comment">/* hub: (optional) the mask of servers that this server may hub
 +
    * for. The tag 'hub' is an alias for 'hub = "*";'.
 +
    */</span>
 +
    hub = <span class="qstring">"*.us.darenet.org"</span>;
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
    <span class="comment">/* autoconnect: (optional) determines if we should try to
-
| Requirement:
+
    * automatically connect to this server. The default is to autoconnect.
-
| OPTIONAL
+
    */</span>
 +
    autoconnect = no; 
 +
};
 +
</pre></html>
 +
 
 +
There may be multiple Connect blocks.
 +
 
 +
== CRule block ==
 +
 
 +
{| class="simpletable" width="100%"
 +
|width="250px"|Requirement:
 +
|OPTIONAL
|-
|-
-
| Old conf format equivalents:
+
|Old conf format equivalents:
-
| D:line, d:line
+
|<code>D:servermask::rule</code><br /><code>d:servermask::rule</code>
|}
|}
-
For an advanced, real-time rule-based routing decision making system, you can use the crule {} blocks. For more information, see doc/readme.crules. If more than one server mask is present in a single rule, the rule applies to all servers.
+
The CRule (connection rule) blocks control ircd-darenet's advanced, real-time rule-based routing decision making system.
-
Using <code>all = yes;</code> makes the rule always apply; otherwise, it only applies to auto connects.
+
<html><pre><strong>CRule</strong> {
 +
    <span class="comment">/* server: rules will be applied towards servers matching this mask. */</span>
 +
    server = <span class="qstring">"*.eu.darenet.org"</span>;
-
<pre>CRULE
+
    <span class="comment">/* rule: the connection rule. */</span>
-
{
+
    rule = <span class="qstring">"connected(amsterdam.eu.*)"</span>;
-
  server = "servermask";
+
-
  rule = "connectrule";
+
-
  all = yes;
+
-
};</pre>
+
-
Example blocks:
+
    <span class="comment">/* all: (optional) setting this to 'yes' will make the rule always
 +
    * apply; otherwise, it only applies to autoconnects.
 +
    */</span>
 +
    all = yes;
 +
};
 +
</pre></html>
-
<c>CRULE
+
If more than one server mask is present in a single crule, the rule will apply to all servers.
-
{
+
-
  server = "*.us.darenet.org";
+
-
  rule = "connected(*.us.darenet.org)";
+
-
};</c>
+
-
Recommended for all leafs:
+
See doc/readme.crules for more information on the crule system, including examples of allowed rules.
-
<c>CRULE
+
 
-
{
+
There may be multiple CRule blocks.
-
  server = "*";
+
-
  rule = "directcon(*)";
+
-
};</c>
+
== Port Block ==
== Port Block ==
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
{| class="simpletable" width="100%"
-
| Requirement:
+
|width="250px"|Requirement:
-
| SUGGESTED
+
|REQUIRED
|-
|-
-
| Old conf format equivalents:
+
|Old conf format equivalents:
-
| P:line
+
|<code>P:hostmask:interface:<[CES][H]>:port</code>
|}
|}
-
As more users use the server, you will notice delays when trying to connect to the primary listening port. It is possible, via Port {} blocks, to specify additional ports for the ircd to listen for connections on. De facto ports are: 6667 - standard; 6660-6669, 7000 - additional client ports; 6697 & 9999 = SSL. DareNET uses 7325 for server listener ports.
+
The Port blocks define where the server will accept connections. At least one port block is required to start.
-
These are just hints, they are in no way official IANA or IETF policies. IANA says we should use port 194, but that requires us to run as root, so we don't do that.
+
<html><pre><strong>Port</strong> {
 +
    <span class="comment">/* port: the specific port to listen on. */</span>
 +
    port = <span class="integer">7325</span>;
-
<pre>Port
+
    <span class="comment">/* mask: (optional) the IP address (or a range of IP addresses) that
-
{
+
    * the server will allow connections from.
-
  port = number;
+
    */</span>
-
  mask = "ipmask";
+
    mask = <span class="qstring">"127.0.*.*"</span>;
-
  // Use this to control the interface you bind to.
+
-
  vhost = "virtual host ip";
+
-
  // Setting to yes makes this server only.
+
-
  server = yes;
+
-
  // Setting to yes makes the port "hidden" from stats.
+
-
  hidden = yes;
+
-
  // Setting to yes makes the port accept SSL connections from clients.
+
-
  crypt = yes;
+
-
  // Setting to yes makes the port exempt from connection restrictions
+
-
  // during a timed /restart or /die.
+
-
  exempt = yes;
+
-
};</pre>
+
-
The mask setting allows you to specify a range of IP addresses that you will allow connections from. This should only contain IP addresses and '*' if used. This field only uses IP addresses. This does not use DNS in any way, so you can't use it to allow *.jp or *.uk, and so on. Attemptinh to specify anything other than numbers, dots and starts [0-9.*] will result in the port allowing connections from anyone.
+
    <span class="comment">/* vhost: (optional) set a specific IP/host the port (listed after
 +
    * the 'port' token) will listen for.
 +
    */</span>
 +
    vhost = <span class="qstring">"127.0.0.1"</span>;
-
The <virtual host> setting allows multiple homed hosts to specify which interface to use on a port by port basis. If an interface is not specified, the default interface will be used. The interface MUST be the complete IP address for a real hardware interface on the machine running ircd. If you want to use virtual hosting YOU MUST USE THIS; otherwise, it WILL bind to all interfaces -- not what most people seem to expect.
+
    <span class="comment">/* server: setting this to yes makes this a server only port. */</span>
 +
    server = yes;
-
Example blocks:
+
    <span class="comment">/* hidden: (optional) setting this to 'yes' makes the port
 +
    * "hidden" from stats replies.
 +
    */</span>
 +
    hidden = yes;
-
<c>Port
+
    <span class="comment">/* crypt: (optional) setting this to 'yes' makes the port accept
-
{
+
    * SSL connections.
-
  port = 7325;
+
    */</span>
-
  vhost = "127.0.0.1";
+
    crypt = yes;
-
  server = yes;
+
-
  hidden = yes;
+
-
};</c>
+
-
<c>Port
+
    <span class="comment">/* exempt: (optional) setting this to 'yes' makes the port exempt
-
{
+
    * from connection restrictions during a timed /RESTART or /DIE.
-
  port = 6667;
+
    */</span>
-
  vhost = "168.8.21.107";
+
    exempt = no;
-
  crypt = yes;
+
};
-
};</c>
+
</pre></html>
 +
 
 +
The <code>mask</code> field should only contain IP addresses (CIDR notation is supported) or '*', if used. This does not use DNS in any way, so you cannot use it to allow *.dk or *.uk, for example. Attempting to specify anything other than IP addresses will result in the port allowing connections from anyone (as if you used '*').
 +
 
 +
If the <code>vhost</code> field (i.e., bind address) is not specified, the server will listen on all available interfaces for that port.
-
== Operator Block ==
+
There may be multiple Port blocks.
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
== Operator block ==
-
| Requirement:
+
 
-
| SUGGESTED
+
{| class="simpletable" width="100%"
 +
|width="250px"|Requirement:
 +
|SUGGESTED
|-
|-
-
| Old conf format equivalents:
+
|Old conf format equivalents:
-
| O:line
+
|<code>O:host:password:name:flags:class</code><br /><code>o:host:password:name:flags:class</code>
|}
|}
-
The Operator {} block defines a server operator. Oper status grants some special privileges to a user, like the power to make the server break or (try to) establish a connection with another server. and to "kill" users off the network.
+
The Operator blocks define server operators. One or more of these blocks is recommended if you intend to maintain your server.
-
More than one host = "mask"; entry may be present in one block; this has the same effect as one Operator block for each host entry, but makes it easier to update operator nicks, passwords, classes, and privileges.
+
<html><pre><strong>Operator</strong> {
 +
    <span class="comment">/* name: the oper's username. */</span>
 +
    name = <span class="qstring">"johndoe"</span>;
-
There may be multiple Operator {} blocks.
+
    <span class="comment">/* host: the user@host/IP mask required for this operator. CIDR
 +
    * notation is supported. Multiple host="" lines are supported.
 +
    */</span>
 +
    host = <span class="qstring">"god@*"</span>;
 +
    host = <span class="qstring">"*@127.0.0.1"</span>;
-
<pre>Operator
+
    <span class="comment">/* password: the password required to oper. By default, the password is
-
{
+
    * hashed using the system's native crypt() function. Other password
-
  name = "opername";
+
    * mechanisms are available; the umkpasswd utility located in the ircd
-
  host = "host/IP mask";
+
    * directory can hash passwords using those mechanisms. If you use a
-
  password = "encryptedpass";
+
    * password format that is not generated by umkpasswd, ircd-darenet will
-
  flags = "oper flags";
+
    * not recognize the oper's password.
-
  class = "classname";
+
    */</span>
-
  local = no;
+
    password = <span class="qstring">"/home/irc/keys/johndoe.key"</span>;
-
  snomask = "snomask";
+
-
  display_mode = yes;  routing = yes;  routeinfo = yes;
+
-
};</pre>
+
-
'''Required tokens:''' <code>name, host, password, flags</code>
+
    <span class="comment">/* flags: misc options for the oper. */</span>
 +
    flags = <span class="qstring">"OAWInFR"</span>;
-
'''Optional tokens:''' <code>class, snomask</code>
+
    <span class="comment">/* snomask: (optional) specific server notice mask on oper up. If this
 +
    * is specified, an oper will not be given sno_default.
 +
    */</span>
 +
    snomask = <span class="qstring">"+cegGiKorRs"</span>;
-
By default, the password is hashed using the system's native crypt() function. Other password mechanisms are available; the umkpasswd utility located in the ircd directory can hash passwords using those mechanisms. If you use a password format that is NOT generated by umkpasswd, ircd-darenet will not recognize the oper's password. If you want to use a non-encrypted password, prefix the password with $PLAIN$ (e.g., "$PLAIN$aPplE123"). NOTE: Plain passwords are not allowed on DareNET.
+
    <span class="comment">/* privileges: (optional) you can specify privileges an oper will be
 +
    * explicitly granted (or denied) upon opering. Any privileges defined
 +
    * will override any privilege settings that may be present in the class
 +
    * block specified above, and the default setting for those privileges.
 +
    */</span>
 +
    local = no;    routing = yes;    routeinfo = yes;
 +
};
 +
</pre></html>
-
A SSL client certificate fingerprint can be used in place of a password. To use this method, specify the fingerprint as the password, and add the S flag to the blocks oper flag string. This will allow the oper to simply use "/OPER opername" to oper, provided they are connected using SSL and have a matching certificate fingerprint.
+
The <code>name</code> and <code>password</code> fields match the parameters of the <code>OPER</code> command. To authenticate as an IRC operator, a client must match one of the <code>host</code> fields, which may be a resolved hostname or IP address.
-
If you want to use a even more secure password authentication system then generate a 1024bit RSA key, specify the path to the key as the password and add R as the oper flag. This will use the /CHALLENGE system instead of /OPER. See doc/challenge.txt for more information.
+
To use an unencrypted password, prefix the password with '$PLAIN', e.g., "$PLAIN$aPpLe".
-
Note that the <connection class> is optional, but omitting it puts the oper in class "default". which usually only accepts one connection at a time. If you want users to be able to /OPER more than once per block, then use a connection class that allows more than one connection.
+
If you want to use a more secure password authentication system, generate a 1024bit RSA key, and specify the path to the key as the password (as shown in the example above), and add 'R' to the <code>flags</code> field. This will use the <code>/CHALLENGE</code> system instead of <code>/OPER</code>. See doc/challenge.txt for more details.
-
Once you /OPER, your connection class changes no matter where you are or what your previous connection class was. If the defined connections class is Opers for the Operator {} block, then your new connection class is Opers.
+
A client may also use their SSL client certificate fingerprint to authenticate as an IRC operator. To use this method, specify the client's certificate fingerprint as the password, and add 'S' to the <code>flags</code> field.
-
'''Privileges:'''
+
Only one password authentication method may be used at a time. That is, you cannot use <code>CHALLENGE</code> and SSL client certificate fingerprint at the same time.
-
Operator privileges may be specified within the Operator {} block itself. A privilege defined for a single operator will override any privilege settings that may be present in the specified Class {} block, and the default setting.
+
There are currently 9 different oper flags:
 +
* o - Local operator
 +
* O - Global operator
 +
* A - Server administrator
 +
* r - This operator block may be used from remote servers
 +
* W - Allowed to set user mode +W
 +
* I - Allowed to set user mode +I
 +
* n - Allowed to set user mode +n
 +
* F - Allowed to set user mode +F
 +
* S - Use SSL client certificate fingerprint to <code>/OPER</code>
 +
* R - Use <code>/CHALLENGE</code> password authentication system.
 +
* j - Allowed to use juped nicknames.
-
NOTE: On DareNET, adding privileges you have not been authorized to your operator block may result in it being removed during periodic audits and/or the server being juped.
+
The <code>class</code> field specifies the connection class the client will be placed in, regardless of their previous connection class. If not specified, the default class is used; see the Class block description for details.
-
For a list of all supported privileges, go [[Operator Privileges|here]].
+
There may be multiple Operator blocks.
-
'''Oper flags:'''
+
== UWorld block ==
-
There are currently 9 different oper flags:
+
{| class="simpletable" width="100%"
 +
|width="250px"|Requirement:
 +
|OPTIONAL
 +
|-
 +
|Old conf format equivalents:
 +
|<code>U:server:jupednicks:*</code>
 +
|}
-
* o - Local Operator
+
The Uworld block defines "U-lined" servers, which are allowed to do special network things. Used for network services.
-
* O - Global Operator
+
-
* A - Server Administrator
+
-
* r - Operator {} block an be used from remote servers
+
-
* W - Allowed to set user mode +W (whois notice)
+
-
* I - Allowed to set user mode +I (hide idle)
+
-
* n - Allowed to set user mode +n (hide channels)
+
-
* S - Use SSL client certificate fingerprint to /OPER
+
-
* R - Use /CHALLENGE instead of /OPER
+
-
* j - Allowed to use juped nicknames
+
-
* F - Allowed to set user mode +F (flood exempt)
+
-
Note that you need at least an o or O flag for your block. Additionally, you cannot specify <code>*@*</code> in the host field.  
+
<html><pre><strong>UWorld</strong> {
 +
    <span class="comment">/* name: the server name or wildcard mask the "U-line" applies to. */</span>
 +
    name = <span class="qstring">"services.darenet.org"</span>;
 +
    name = <span class="qstring">"stats.darenet.org"</span>;
 +
};
 +
</pre></html>
-
Example block:
+
UWorld servers are permitted to do things typical network services would want to do, such as apply network bans, manage channel modes, etc; the details are too numerous and complex to provide here.
-
<c>Operator
+
-
{
+
-
  name = "JoeOper";
+
-
  host = "*joe@*.uu.net";
+
-
  password = "/home/irc/keys/joeoper.key";
+
-
  flags = "OrWInR";
+
-
  class = "Opers";
+
-
  local = no;
+
-
  kill = yes;
+
-
};</c>
+
-
== UWorld Block ==
+
There may be multiple UWorld blocks; all blocks are combined into one list.
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
== NickJupe block ==
-
| Requirement:
+
 
-
| OPTIONAL
+
{| class="simpletable" width="100%"
 +
|width="250px"|Requirement:
 +
|OPTIONAL
|-
|-
-
| Old conf format equivalents:
+
|Old conf format equivalents:
-
| U:line
+
|<code>U:server:jupednicks:*</code>
|}
|}
-
UWorld {} blocks allow a server to broadcast any mode change (without regard to TimeStamps), among other things. Used for network services.
+
The NickJupe blocks disallow certain nicknames from being used.
-
<pre>UWorld
+
<html><pre><strong>NickJupe</strong> {
-
{
+
    <span class="qstring">"ChanServ"</span> = <span class="qstring">"Reserved for Services"</span>;
-
  name = "realservername";
+
    <span class="qstring">"NickS?rv"</span> = <span class="qstring">"Reserved for Services"</span>;
-
};</pre>
+
};
 +
</pre></html>
-
Note, these lines must be the same on every single server; otherwise, results may be disastrous.
+
Entries are specified in a key-value format, with the key being the nick to disallow (the '*' and '?' wildcards are supported), and the value being the reason (a single-line reason for the restriction, which is sent to clients along with the rejection notice).
-
You may have have more than one name listed in a block. There may be multiple UWorld {} blocks.
+
There may be multiple NickJupe blocks; all blocks are combined into one list.
-
Example block:
+
== Quarantine block ==
-
<c>UWorld
+
{| class="simpletable" width="100%"
-
{
+
|width="250px"|Requirement:
-
  name = "services.darenet.org";
+
|OPTIONAL
-
  name = "statistics.darenet.org";
+
-
};</c>
+
-
 
+
-
== NickJupe Block ==
+
-
 
+
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+
-
| Requirement:
+
-
| OPTIONAL
+
|-
|-
-
| Old conf format equivalents:
+
|Old conf format equivalents:
-
| New ''(split from old U:line)''
+
|<code>Q:channel:reason</code>
|}
|}
-
It is possible to "jupe" nicknames, so that users may not use them. This also prevents opers from using them, unless their Operator {} block contains the 'j' oper flag. You may also specify wildcards of * and ?. The <reason> is shown to the user when trying to use a juped nickname.
+
The Quarantine blocks disallow certain channel names from being used by non-opers.
-
You may have more than one nick/reason pair listed in a block. There may be multiple NickJupe {} blocks.
+
<html><pre><strong>Quarantine</strong> {
 +
    <span class="qstring">"#help"</span> = <span class="qstring">"For assistance, please join #Support instead."</span>;
 +
};
 +
</pre></html>
-
<pre>NickJupe
+
Entries are specified in a key-value format, with the key being the channel to disallow, and the value being the reason (a single-line reason for the restriction, which is sent to clients along with the rejection notice). Note, these are only checked at <code>/JOIN</code>, so if you add a channel and rehash, users will not be kicked if they're already in the channel.
-
{
+
-
  "nick" = "reason";
+
-
};</pre>
+
-
'''Example block:'''
+
There may be multiple Quarantine blocks; all blocks are combined into one list.
-
 
+
-
<c>NickJupe
+
-
{
+
-
  "*ChanS?rv*" = "Reserved for Services.";
+
-
  "*NickS?rv*" = "Reserved for Services.";
+
-
  "DareNET" = "Reserved for network staff.";
+
-
};</c>
+
== Ban Block ==
== Ban Block ==
Line 669: Line 651:
<mask> is an ident@ip/host/cidr mask that is to match the user to be exempted. <flags> is one or more of the following flags to specify what the exempt is to match.
<mask> is an ident@ip/host/cidr mask that is to match the user to be exempted. <flags> is one or more of the following flags to specify what the exempt is to match.
 +
* k - Except affects KLINEs.
* g - Except affects GLINEs.
* g - Except affects GLINEs.
* i - Except affects ident challenges (see IDENT_CHALLENGE feature).
* i - Except affects ident challenges (see IDENT_CHALLENGE feature).
-
* j - Except affects NickJupes.
+
* n - Except for notilde.
* s - Except affects SHUNs.
* s - Except affects SHUNs.
* z - Except affects ZLINEs.
* z - Except affects ZLINEs.
Line 681: Line 664:
NOTE: For throttling/clone exemptions (I), only IP addresses are supported, since these checks are performed before any DNS resolutions or identd replies are received.
NOTE: For throttling/clone exemptions (I), only IP addresses are supported, since these checks are performed before any DNS resolutions or identd replies are received.
 +
NOTE: For notilde (n), IP/Host is required.
Example block:
Example block:
Line 686: Line 670:
<c>Except
<c>Except
{
{
-
   host = "*@*.darenet.org";
+
   mask = "*@*.darenet.org";
   flags = "kgzsL";
   flags = "kgzsL";
};</c>
};</c>
Line 692: Line 676:
<c>Except
<c>Except
{
{
-
   host = "*@127.0.0.1";
+
   mask = "*@127.0.0.1";
-
   flags = "T";
+
   flags = "I";
};</c>
};</c>
Line 815: Line 799:
   host = "127.0.0.1";
   host = "127.0.0.1";
   username = "*";
   username = "*";
-
};</c>
 
-
 
-
== Quarantine Block ==
 
-
 
-
{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
 
-
| Requirement:
 
-
| OPTIONAL
 
-
|-
 
-
| Old conf format equivalents:
 
-
| Q:line
 
-
|}
 
-
 
-
Quarantine {} blocks, in ircd-darenet, allow you to specify channels that non-opers cannot join. The reason specified will be shown to users when they try to join the channel. Note, these are only checked at /JOIN. So, if you add a channel and rehash, users will not be kicked if they're already in the channel.
 
-
 
-
<pre>Quarantine
 
-
{
 
-
  "<channel>" = "reason";
 
-
};</pre>
 
-
 
-
Example block:
 
-
 
-
<c>Quarantine
 
-
{
 
-
  "#help" = "For assistance, please join #Support instead.";
 
};</c>
};</c>

Current revision as of 18:00, 17 June 2013

This is a reference guide for ircd-darenet 1.5.x's configuration file.

The configuration format consists of various blocks, each containing name-value pairs, tags or string data. It is designed to be easily readable by both human ircd.

A block consists of a name, an opening '{' brace, statements, a closing '}' brace, and a ';' semicolon. A statement consists of a name possibly followed by an '=' equals sign and a value, ending with a semicolon. All strings must be surrounded by '"' double quotes.

A sample block:

blockname {
    name = value;
    name = "string";
    name = 123;
    tag;
};

All elements of the configuration are separated by whitespace, and can be packed on one line, or broken up over several lines. Whitespace is defined as space, tab or carriage return/linefeed. Three forms of comments are allowed:

/* C style single/multi-line */

// C++ style single-line

# Shell style single-line

Blocks are used in the reverse order than how they're listed, when the configuration file is parsed. This means you should start multiple block definitions with the "fall through", and end with the most detailed.

General block

Requirement: REQUIRED
Old conf format equivalents: M:name:vhost:description::numeric

The General block defines information about the server itself. It is required for the server to start.

General {
    /* name: the name of our server. */
    name = "test.area.zone.darenet.org";

    /* description: the description of our server. */
    description = "ircd-darenet test server";

    /* numeric: the unique server numeric for our server. It must be a
     * digit between 0 and 4095, and is not updated on a rehash.
     */
    numeric = 999;

    /* vhost: the IP to bind to when we connect outward to other servers.
     * It must contain either a * or a valid ipv4 address in dotted quad notation. 
     */
    vhost = "192.169.0.1";

    /* ssl_private_key: our ssl private key. */
    ssl_private_key = "etc/ircd.key";

    /* ssl_pem: file containing our ssl certificate and private key */
    ssl_pem = "etc/ircd.pem";

    /* dpass: (optional) password for DIE command. */
    dpass = "encrypted pass";

    /* rpass: (optional) password for RESTART command. */
    rpass = "$PLAIN$password";  
};

The server name may only be changed by a server restart. The description can be changed on rehash, but will not propagate to other linked servers.

There must be exactly one General block.

Admin block

Requirement: SUGGESTED
Old conf format equivalents: A:line1:line2:line3

The Admin block defines information that can be retrieved with the /ADMIN command.

Admin {
    location = "DareNET - http://www.darenet.org";
    location = "Infrastructure Team";
    contact = "<infrastructure@darenet.org>";
};

Not all lines are required. There may only be one Admin block.

Class block

Requirement: RECOMMENDED
Old conf format equivalents: Y:class:pingfreq::maxlinks:sendq (clients)
Y:class:pingfreq:connectfreq:maxlinks:sendq (servers)

The Class blocks define connection classes. All connections to the server are associated with a "connection class", whether they be incoming or outgoing (initiated by the server), be they clients or servers.

Class {
    /* name: a name for the connection class. */
    name = "Users";

    /* pingfreq: how often to PING idle connections. */
    pingfreq = 1 minute 30 seconds;

    /* sendq: send buffer limit (i.e., the amount of data allowed in
     * a client's queue before they are dropped.
     */
    sendq = 100 kilobytes;

    /* maxlinks: the maximum number of connections that may use this
     * class. May be between 0 and 4,000,000,000.
     */
    maxlinks = 100;

    /* usermode: an optional list of user modes that should set
     * upon the user while connecting.
     */
    usermode = "+iw"; 

    /* maxchans: the maximum number of channels that clients may join.
    */
    maxchans = 50;
};

Class {
    name = "Opers";
    pingfreq = 2 minutes;
    sendq = 100 kilobytes;
    maxlinks = 10;
    usermode = "+iw";
    whox;
};

Class {
    name = "Server";
    pingfreq = 3 minutes;

    /* connectfreq: this token applies only to servers, and specifies
     * the frequency that the server tries to auto connect. Setting this to 0 will cause a
     * server to attempt to connect repeatedly, with no delay until the maxlinks condition
     * is satisfied (which is not a good thing).
     */
    connectfreq = 5 minutes;

    /* maxlinks: for server classes, specifies the maximum number of
     * servers to autoconnect to. This should be 0 for hubs, and 1 for leafs.
     */
    maxlinks = 0;

    sendq = 10 megabytes;
};

Class {
    name = "Leaf_Server";
    pingfreq = 3 minutes;
    connectfreq = 5 minutes;
    maxlinks = 1;
    sendq = 10 megabytes;
};

For connection classes intended for operator use, you can specify privileges the operator should be granted when the Operator block names the class. The local privilege MUST be defined by either the Class or Operator block. It is highly recommended that most privileges be explicitly specified in the operator's Operator block on DareNET.

A "default" class is created internally. This class is used when no other class is specified, but its settings are not useful for most situations. Custom classes are strongly recommended.

There may be multiple Class blocks; at least one is recommended.

Client block

Requirement: RECOMMENDED
Old conf format equivalents: I:ipmask:passwd:hostmask:port:class

The Client blocks define the hosts client connections are allowed from, and places them into classes. While the server will start without a Client block, it will not be usable.

Client {
    /* host: resolved user@host mask allowed to connect. This is optional
     * if you are using the ip mask to match against.  Additionally, if you specify *@loc for 
     * this field it will match all LOC users.
     */
    host = "*@*.wirehub.net";

    /* ip: unresolved user@ip mask allowed to connect. */
    ip = "*@195.86.128.*";

    /* password: (optional) password that is required to use this block.
     * This password string is not encrypted.
     */
    password = "letMEHin";

    /* class: the class the user should be placed in. */
    class = "Users";

    /* maxlinks: if specified, the server will only accept clients when 
     * the total number of connections to the network from the same IP number doesn't exceed
     * this number.
     */
    maxlinks = 6;

    /* port: (optional) a port to limit this block to. */
    port = 6660;
};

The server uses a default deny policy for incoming connections. You need to define at least one Client block if you wish to use your server.

The host and ip fields specify which connections the block matches. The server always performs a DNS and ident lookup for connections. If DNS cannot find a hostname, the IP address is used instead. If ident cannot get a valid reply, "unknown" is used during this state. The client's resolved hostname, IP address, ident reply, and username (from the USER line) are used according to the results of the matches described below.

Note: There is a specify case for UNIX domain sockets and localhost connections. In these cases, the ip / host field is compared with the name of the server, and thus not with any IP number representation. The name of the server is that returned in the numeric 002 reply, example: 002 Your host is 2.darenet.org[jolan.ppro]. running version ... In this example, "jolan.ppro" is the name used for matching; therefore, UNIX domain sockets and connections to localhost would match a block containing: host = "*@jolan.ppro";.

The host field attempts to match first against the resolved hostname, if available, and then against the IP address. To include the connection's ident reply in the match, use a mask in the form "ident@host". If a client matches, it appears on IRC using its resolved hostname.

The ip field attempts to match against the IP address only. An ident may be specified to match against, as well.

Note: If the ident portion is specified in a mask (i.e., "ident@host" instead of "host"), and no ident reply is received from the client, it will appear on IRC with its username prefixed with a '~' tilde. If the matching mask used only the "host" form, the client's username is not prefixed. If a valid ident reply is received, it is always used and not prefixed.

You need only specify a host or ip field, not both. If both are used, host is matched against first.

There may be multiple Client blocks; at least one is recommended.

Motd block

Requirement: OPTIONAL
Old conf format equivalents: T:hostmask|classnumber:path

The Motd blocks allow a different Message of the Day to be shown to connecting clients based on their origin.

Motd {
    /* host: a hostmask, class number or class name to match against. */
    host = "*.jp";

    /* file: the path to the MOTD file to be shown (relative to DPATH). */
    file = "jp.motd";
};

More then one host field may be present in an Motd block.

There may be multiple Motd blocks.

Connect block

Requirement: OPTIONAL
Old conf format equivalents: C:host:cpassword:name:port:class
N:host:apassword:name:flags:class
H:host::name:maxhops
L:host::mask:depth

The Connect blocks define links to other servers.

Connect {
    /* name: the name of the server. */
    name = "uplink.darenet.org";

    /* host: the host or IP to connect to. If a hostname is used it
     * must match the reverse dns of the server.
     */
    host = "192.168.0.1";

    /* password: the password we send and accept. */
    password = "somepass";

    /* port: the port to connect to this server on. This is also the
     * port used when the server attempts to auto-connect (if enabled). 
     */
    port = 7325;

    /* class: the class this server should be placed in. */
    class = "Server";

    /* maxhops: the max number of hops a hub may introduce. If a hub
     * tries to introduce servers farther away than what is specified here, an SQUIT is
     * issued. The 'leaf' token is an alias for "maxhops = 0;". 
     */
    maxhops = 2;

    /* hub: (optional) the mask of servers that this server may hub
     * for. The tag 'hub' is an alias for 'hub = "*";'.
     */
    hub = "*.us.darenet.org";

    /* autoconnect: (optional) determines if we should try to
    * automatically connect to this server. The default is to autoconnect.
    */
    autoconnect = no;  
};

There may be multiple Connect blocks.

CRule block

Requirement: OPTIONAL
Old conf format equivalents: D:servermask::rule
d:servermask::rule

The CRule (connection rule) blocks control ircd-darenet's advanced, real-time rule-based routing decision making system.

CRule {
    /* server: rules will be applied towards servers matching this mask. */
    server = "*.eu.darenet.org";

    /* rule: the connection rule. */
    rule = "connected(amsterdam.eu.*)";

    /* all: (optional) setting this to 'yes' will make the rule always
     * apply; otherwise, it only applies to autoconnects.
     */
    all = yes;
};

If more than one server mask is present in a single crule, the rule will apply to all servers.

See doc/readme.crules for more information on the crule system, including examples of allowed rules.

There may be multiple CRule blocks.

Port Block

Requirement: REQUIRED
Old conf format equivalents: P:hostmask:interface:<[CES][H]>:port

The Port blocks define where the server will accept connections. At least one port block is required to start.

Port {
    /* port: the specific port to listen on. */
    port = 7325;

    /* mask: (optional) the IP address (or a range of IP addresses) that
     * the server will allow connections from.
     */
    mask = "127.0.*.*";

    /* vhost: (optional) set a specific IP/host the port (listed after
     * the 'port' token) will listen for.
     */
    vhost = "127.0.0.1";

    /* server: setting this to yes makes this a server only port. */
    server = yes;

    /* hidden: (optional) setting this to 'yes' makes the port
     * "hidden" from stats replies.
     */
    hidden = yes;

    /* crypt: (optional) setting this to 'yes' makes the port accept
     * SSL connections.
     */
    crypt = yes;

    /* exempt: (optional) setting this to 'yes' makes the port exempt
     * from connection restrictions during a timed /RESTART or /DIE.
     */
    exempt = no;
};

The mask field should only contain IP addresses (CIDR notation is supported) or '*', if used. This does not use DNS in any way, so you cannot use it to allow *.dk or *.uk, for example. Attempting to specify anything other than IP addresses will result in the port allowing connections from anyone (as if you used '*').

If the vhost field (i.e., bind address) is not specified, the server will listen on all available interfaces for that port.

There may be multiple Port blocks.

Operator block

Requirement: SUGGESTED
Old conf format equivalents: O:host:password:name:flags:class
o:host:password:name:flags:class

The Operator blocks define server operators. One or more of these blocks is recommended if you intend to maintain your server.

Operator {
    /* name: the oper's username. */
    name = "johndoe";

    /* host: the user@host/IP mask required for this operator. CIDR
     * notation is supported. Multiple host="" lines are supported.
     */
    host = "god@*";
    host = "*@127.0.0.1";

    /* password: the password required to oper. By default, the password is
     * hashed using the system's native crypt() function. Other password
     * mechanisms are available; the umkpasswd utility located in the ircd
     * directory can hash passwords using those mechanisms. If you use a
     * password format that is not generated by umkpasswd, ircd-darenet will
     * not recognize the oper's password.
     */
    password = "/home/irc/keys/johndoe.key";

    /* flags: misc options for the oper. */
    flags = "OAWInFR";

    /* snomask: (optional) specific server notice mask on oper up. If this
     * is specified, an oper will not be given sno_default.
     */
    snomask = "+cegGiKorRs";

    /* privileges: (optional) you can specify privileges an oper will be
     * explicitly granted (or denied) upon opering. Any privileges defined
     * will override any privilege settings that may be present in the class
     * block specified above, and the default setting for those privileges.
     */
    local = no;    routing = yes;    routeinfo = yes;
};

The name and password fields match the parameters of the OPER command. To authenticate as an IRC operator, a client must match one of the host fields, which may be a resolved hostname or IP address.

To use an unencrypted password, prefix the password with '$PLAIN', e.g., "$PLAIN$aPpLe".

If you want to use a more secure password authentication system, generate a 1024bit RSA key, and specify the path to the key as the password (as shown in the example above), and add 'R' to the flags field. This will use the /CHALLENGE system instead of /OPER. See doc/challenge.txt for more details.

A client may also use their SSL client certificate fingerprint to authenticate as an IRC operator. To use this method, specify the client's certificate fingerprint as the password, and add 'S' to the flags field.

Only one password authentication method may be used at a time. That is, you cannot use CHALLENGE and SSL client certificate fingerprint at the same time.

There are currently 9 different oper flags:

  • o - Local operator
  • O - Global operator
  • A - Server administrator
  • r - This operator block may be used from remote servers
  • W - Allowed to set user mode +W
  • I - Allowed to set user mode +I
  • n - Allowed to set user mode +n
  • F - Allowed to set user mode +F
  • S - Use SSL client certificate fingerprint to /OPER
  • R - Use /CHALLENGE password authentication system.
  • j - Allowed to use juped nicknames.

The class field specifies the connection class the client will be placed in, regardless of their previous connection class. If not specified, the default class is used; see the Class block description for details.

There may be multiple Operator blocks.

UWorld block

Requirement: OPTIONAL
Old conf format equivalents: U:server:jupednicks:*

The Uworld block defines "U-lined" servers, which are allowed to do special network things. Used for network services.

UWorld {
    /* name: the server name or wildcard mask the "U-line" applies to. */
    name = "services.darenet.org";
    name = "stats.darenet.org";
};

UWorld servers are permitted to do things typical network services would want to do, such as apply network bans, manage channel modes, etc; the details are too numerous and complex to provide here.

There may be multiple UWorld blocks; all blocks are combined into one list.

NickJupe block

Requirement: OPTIONAL
Old conf format equivalents: U:server:jupednicks:*

The NickJupe blocks disallow certain nicknames from being used.

NickJupe {
    "ChanServ" = "Reserved for Services";
    "NickS?rv" = "Reserved for Services";
};

Entries are specified in a key-value format, with the key being the nick to disallow (the '*' and '?' wildcards are supported), and the value being the reason (a single-line reason for the restriction, which is sent to clients along with the rejection notice).

There may be multiple NickJupe blocks; all blocks are combined into one list.

Quarantine block

Requirement: OPTIONAL
Old conf format equivalents: Q:channel:reason

The Quarantine blocks disallow certain channel names from being used by non-opers.

Quarantine {
    "#help" = "For assistance, please join #Support instead.";
};

Entries are specified in a key-value format, with the key being the channel to disallow, and the value being the reason (a single-line reason for the restriction, which is sent to clients along with the rejection notice). Note, these are only checked at /JOIN, so if you add a channel and rehash, users will not be kicked if they're already in the channel.

There may be multiple Quarantine blocks; all blocks are combined into one list.

Ban Block

Requirement: OPTIONAL
Old conf format equivalents: K:line

Ban {} blocks disallow connections from clients based on specific ident, host and/or gecos masks. They are a flexible general client ban mechanism.

Ban
{
  host = "user@host";
  reason = "The reason the user will see";
  klineprompt;
  name = "mark";
};

Required tokens (at least one of): host, realname, username

Optional tokens: klineprompt, reason, name, file

If klineprompt; is present, users may bypass the ban by using Login-on-Connect (LOC). You can also mark clients by using name = "mark here";

Ban
{
  realname = "realname here";
  reason = "The reason the user will see";
};

It is also possible to ban based on username.

Ban
{
  username = "username here";
  reason = "The reason the user will see";
};

It is also possible to use a file as comment for the ban, using.

Ban
{
  host = "user@host";
  file = "path/to/file/with/reason/to/show";
};

The file can contain for example, a reason, a link to the server rules and a contact address. Also, note the combination of username and host in the host field. IP-based Ban {} blocks apply to all hosts, even if an IP address has a properly resolving host name. CIDR format is the most efficient, and should be used when possible. The server will attempt to convert wildcard IP masks to CIDR form internally.

Additionally, you may specify a hostmask prefixed with $V to indicate a match should be performed against the CTCP version of the user rather han the host/IP.

Ban
{
  version = "string";
  reason = "reason here";
};

There may be multiple Ban {} blocks.

Example blocks:

Ban
{
  host = "*@*.aol.com";
  reason = "Due to abuse, AOL users must login with their DareNET account to connect.";
  klineprompt;
};
Ban
{
  host = "192.168.*";
  reason = "Monkeys.";
};
Ban
{
  host = "192.168.0.0/16";
  reason = "Monkeys.";
};
Ban
{
  username = "sub7";
  realname = "s*7*";
  reason = "You are infected with a Trojan";
};
Ban
{
  username = "sub7";
  realname = "s*7*";
  reason = "You are infected with a Trojan";
};

Except Block

Requirement: OPTIONAL
Old conf format equivalents: E:line

Except {} blocks can be used to exempt a user from Kill {} blocks, GLINEs, ZLINEs, SHUNs, spam filters, IDENT_CHALLENGE and LIST restrictions.

Except
{
  mask = "<mask>";
  flags = "<flags>";
};

<mask> is an ident@ip/host/cidr mask that is to match the user to be exempted. <flags> is one or more of the following flags to specify what the exempt is to match.

  • k - Except affects KLINEs.
  • g - Except affects GLINEs.
  • i - Except affects ident challenges (see IDENT_CHALLENGE feature).
  • n - Except for notilde.
  • s - Except affects SHUNs.
  • z - Except affects ZLINEs.
  • F - Forces umode +F on user to bypass message flood checks.
  • I - Exempts user from rapid (re)connection throttling & clone checks.
  • L - Except affects LIST restrictions.
  • N - Exempts user from "no connections" restrictions, allowing them to connect anyway.
  • S - Except affects spam filters.

NOTE: For throttling/clone exemptions (I), only IP addresses are supported, since these checks are performed before any DNS resolutions or identd replies are received. NOTE: For notilde (n), IP/Host is required.

Example block:

Except
{
  mask = "*@*.darenet.org";
  flags = "kgzsL";
};
Except
{
  mask = "*@127.0.0.1";
  flags = "I";
};

Command Block

Requirement: OPTIONAL
Old conf format equivalents: B:line

Command {} blocks aim to improve the generic IRC users ability to use network services. Each block sets up a /<service> alias so that users may type that instead of a full /msg command. Some might argue this is a bit more secure as well :)

Command
{
  cmd = "<alias name>";
  service = "<target>";
  prefix = "<anything to prepend to the message>";
};

If prefix = ""; is given, then ircd-darenet will prefix the specified string to whatever the user inputs before sending it to the service.

Example blocks:

Command
{
  cmd = "AUTH";
  service = "NickServ@services.darenet.org";
  prefix = "AUTH";
};
Command
{
  cmd = "NICKSERV";
  service = "NickServ@services.darenet.org";
};

Forward Block

Requirement: OPTIONAL
Old conf format equivalents: b:line

Forward {} blocks enable the server to forward any messages which are prefixed and specific with a Forward {} block. This allows users to use Services' fantasy commands without a service client being in the channel (provided the channel is registered). This also removes the need for ChanServ to monitor channel traffic (e.g. allowing the use of umode +d).

Forward
{
  "<prefix>" = "<server>";
};

Example block:

Forward
{
  "." = "services.darenet.org";
  "?" = "services.darenet.org";
};

Redirect Block

Requirement: OPTIONAL
Old conf format equivalents: R:line

When a client connects and his/her host matches a Redirect {} block, then a 010 reply is sent back to the client with the redirection server and port.

Currently only EPIC supports auto redirection when it gets a 010 reply (e.g. it will automatically connect to the server specified in the 010 reply). Other clients will get a message specifying what server and port to connect to. as well as an unauthorized disconnect.

Redirect
{
  mask = "<mask>";
  server = "<redirection server>";
  port = "<redirection port>";
};
Redirect
{
  mask = "*.aol.com";
  server = "irc.aol.com";
  port = "6667";
};

Spoofhost Block

Requirement: OPTIONAL
Old conf format equivalents: S:line

Spoofhost {} blocks allows clients/opers to spoof their host.

Spoofhost "<spoof host>"
{
  pass = "<password>";
  host = "<*.host.cc|a.b.c.*|CIDR>";
  username = "<ident>";
};
  • <spoof host> - The spoofed hostname.
  • <pass> - A password for this spoof host. Used if SETHOST_USER is set to TRUE.
  • <host> - A hostmask to match against users that are to be auto-spoofed. Used if SETHOST_AUTO is set to TRUE. Can be in the form of: host.domain.cc, 127.0.0.1 or 127.0.0.0/24, supports wildcards for non-CIDR.
  • <username> - A mask for matching against the user's ident reply.

Example block:

Spoofhost "sline.darenet.org"
{
  pass = "anygoodpass";
  host = "127.0.0.1";
  username = "*";
};

DNSBL Block

Requirement: OPTIONAL
Old conf format equivalents: X:line

DNSBL {} blocks allow you to prevent clients connecting who are listed on DNS blacklists. Their connection will be rejected during the connection process along with the name and reason you give for the DNSBL they have been matched on.

DNSBL
{
  server = "<dnsbl.site.org>";
  name = "<name>";
  flags = "<flags>";
  replies = "<replies/mask>";
  reply = "<rejection message>";
  rank = "<rank>";
};

Available flags:

  • b (Bitmask DNSBL) - See your DNSBL provider as to whether you should use this or not.
  • r (Reply DNSBL) - See your DNSBL provider as to whether you should use this or not.
  • a (Allow Connect) - Allow the client to connect anyway. This could used with a DNSBL whitelist. This could also be used to allow users to still connect, but mark their hosts so that channel ops can easily ban them from their channels.
  • d (Deny Connect) - If the user is found on this DNSBL, then they can't connect, even if they are allowed on through another DNSBL {} block.
  • m (Mark Hostname) - Mark the hostname of a skipped client

The name option is used for the Mark Hostname flag, and may only contain hostname valid characters only (e.g. NO spaces). With Reply DNSBL's you need to list the replies in a comma separated list. See below for an example. With Bitmask DNSBL's, again, specify the replies you need to match for. The server will sum them up and match them against the DNSBL reply. The rejected user's nick, username, ip, and host can be placed into the rejection message by using these codes:

  •  %n - Nickname
  •  %u - Username
  •  %h - Hostname
  •  %i - IP Address

The rank number must be unique over all DNSBL {} blocks. The higher the number, the greater precedence it has. The highest ranking DNSBL {} block which is a matched against a user will get its name marked in the hostname.

Notes: MAKE SURE you read the DNSBL website before you go ahead and use it as they may have rules for large sites/servers who use them. If you do not wish to use DNSBL checking then simply do not create any DNSBL {} blocks.

Example blocks:

Reply DNSBL:

DNSBL
{
  server = "dnsbl.sorbs.net";
  name = "sorbs.net";
  flags = "r";
  replies = "1,2,3,4";
  reply = "%n!%u@%h Found On Sorbs DNSBL http://www.dnsbl.us.sorbs.net/cgi-bin/lookup?IP=%i";
  rank = "1";
};

Bitmask DNSBL:

DNSBL
{
  server = "dnsbl.dnsbl.net";
  name = "dnsbl.net";
  flags = "b";
  replies = "1,3,5";
  reply = "%n!%u@%h Found On DNSBL";
  rank = "2";
};

WebIRC Block

Requirement: OPTIONAL
Old conf format equivalents: W:line

WebIRC {} blocks allow you display the real hostname of users connecting via CGI:IRC clients and sites such as Mibbit.com. These clients will send a WEBIRC command along with the user's hostname, ip and WebIRC {} block password to the server. The password needs to be encrypted like Operator {} block passwords. When the ircd receives the command, instead of using the hostname of the site the users is connecting from, the hostname sent in WEBIRC will be set. All this is done before the client enters the network completely. Please remember to enclose the description using quotes otherwise things will break.

WebIRC
{
  mask = "<mask>";
  pass = "<password>";
  flags = "<flags>";
  ident = "<ident>";
  desc = "<description>";
};

Available flags:

  • m - Marks each client connected via the WebIRC {} block using the provided description.
  • s - Sets the ident specified in the ident field for each WEBIRC client.
  • u - Uses the ident from USER that the WEBIRC client sends.

Note: Do not use both s and u, only choose one of them.

Example:

WebIRC
{
  mask = "*@webchat.darenet.org";
  pass = "VRKLKuGKn0jLs";
  flags = "ms";
  ident = "webirc";
  desc = "DareNET WebChat";
};

SpamFilter Block

Requirement: OPTIONAL
Old conf format equivalents: -

This is probably the most controversial addition to ircd-darenet 1.3.x; however, sadly, it may become useful.

SpamFiler {} blocks allow you to filter PRIVMSG's, NOTICE's, TOPIC's and AWAY's for spam. The filtering is done using regular expressions, so please be careful.

SpamFilter {
   regex = "<regex>";                   
   rtype = "<watch flags>";                
   action = "<action flags>";              
   reason = "<reason>";
   channel = "<optional alert channel>";   
   length = <length in seconds>;                        
};
  • <regex> - PCRE format regular expression to match against.
  • <watch flags> - See below for a list.
  • <action flags> - See below for a list.
  • <reason> - Used in error messages displayed to the user and/or kills/shuns/glines/zlines.
  • <optional alert channel> - Requires the C action flag.
  • <length in seconds> - Only applies to glines, zlines and shuns.

Available watch flags:

  • n - Notices.
  • N - Channel notices.
  • p - Privmsgs.
  • C - Channel privmsgs.
  • q - Quits.
  • P - Parts.
  • d - DCCs.
  • a - Away messages.
  • t - Topics.
  • u - Connects (nick!user@host:gecos).
  • i - Nickname changes.

Available action flags:

  • a - Auth. If used, logged in clients will be exempt from the filter.
  • C - Channel alert. If used, filter matches will be sent to what is set in the SpamFilter {} block channel setting.
  • S - Server (snotice) alert.
  • k - Kill anyone who matches the filter.
  • g - Gline anyone who matches the filter. The length can be given in seconds.
  • z - Zline anyone who matches the filter. The length can be given in seconds. This zlines *@ip, so you do not need the i action flag.
  • s - Shun anyone who matches the filter. The length can be given in seconds.
  • i - Uses the client's IP vice host in a Gline/Shun.
  • b - Block; will prevent the PRIVMSG/NOTICE/TOPIC/AWAY from going through.
  • n - Notify; will notify the person matching the filter, stating they've matched a filter, and deny their message.
  • m - Mark; will mark the client as being a spam source.
  • K - Kick; will kick the user triggering the Spam Filter. The kick reason given will be the reason set in the Spam Filter. This Flag will only work with the N and C watch flags.
  • o - Ops/HalfOps; exempts ops and halfops from any checks which have a channel target.
  • v - Voice; exempts voiced users from any checks which have a channel target.

Notes:

  • Shuns and Glines will be set using *@hostname. If you would them to be set using *@ip use the 'i' action flag.
  • If you do not specify a length, then FILTER_DEFAULT_LENGTH will be used.
  • The 'b' action flag cannot be used with the 'u' watch flag. You will need to use a kill flag to block them.

Features Block

Requirement: SUGGESTED
Old conf format equivalents: F:line

ircd-darenet has a large number of options and features, most of which can be configured using a Features {} block. If linking to DareNET, your Features {} block will be rather bare, since most DareNET-specific settings have been already defined in the source.

Features
{
  "featurename" = "value";
  "featurename2" = "value2";
};

You only need one Features {} block, in which you use "featurename" = "value1";, "featurename2" = "value2";, and so on. Please note all values, whether integers or strings, must be enclosed in double quotes.

See the servers features page for a list of available features.

Example block:

Features
{
  "LOG" = "SYSTEM" "FILE" "ircd.log";
  "LOG" = "SYSTEM" "LEVEL" "CRIT";
  "HUB" = "FALSE";
};