DareNET IRCd Configuration/1.5

Revision as of 04:48, 15 September 2010 (view source)

Admin (Talk | contribs)

← Older edit

Current revision as of 18:00, 17 June 2013 (view source)

Nitemare (Talk | contribs)

(→Connect block)

(68 intermediate revisions not shown)

Line 1:

__NOTOC__

-

This is a reference guide for ircd-darenet 1.4.1+'s configuration file.

+

This is a reference guide for ircd-darenet 1.5.x's configuration file.

-

The configuration format consists of various blocks, each containing name-value pairs, tags ~~and/~~or string data. It is designed to be easily readable by both human ~~and~~ ircd.

+

The configuration format consists of various blocks, each containing name-value pairs, tags or string data. It is designed to be easily readable by both human ircd.

-

A block consists of a ~~block~~ name, an opening '{' brace, statements, a closing '}' brace, and a ';' semicolon. A statement consists of a name possibly followed by an '=' equals sign and a value, ending with a semicolon. All strings ~~are~~ surrounded by '"' double quotes.

+

A block consists of a name, an opening '{' brace, statements, a closing '}' brace, and a ';' semicolon. A statement consists of a name possibly followed by an '=' equals sign and a value, ending with a semicolon. All strings must be surrounded by '"' double quotes.

A sample block:

-

<html><pre>blockname {

+

<html><pre>blockname {

name = value;

-

name = "string";

+

name = "string";

-

name = 123;

+

name = 123;

tag;

};</pre></html>

-

All elements of the configuration are separated by whitespace, and can be packed on one line, or broken up over several lines. Whitespace is defined as space, tab or carriage return/linefeed. Three ~~form~~ of comments are allowed:

+

All elements of the configuration are separated by whitespace, and can be packed on one line, or broken up over several lines. Whitespace is defined as space, tab or carriage return/linefeed. Three forms of comments are allowed:

-

* C style single/multi-line

+

<pre>/* C style single/multi-line */

-

* ~~C++ style single-line~~

+

-

* Shell style single-line

+

-

'''Important notes:''' When the configuration file is parsed, blocks are used in reverse order than how they are listed. This means you should start multiple block definitions with the "fall through", and end with the most detailed. Class {} blocks MUST be specified before anything that uses them. That means they must be defined before client {}, connect {} and operator {}.

+

// C++ style single-line

-

~~Times~~ / ~~durations are written as:~~

+

# Shell style single-line

+

</pre>

-

* A number in ~~seconds (e.g~~., ~~60)~~

+

{{info|text=Blocks are used in the reverse order than how they're listed, when the configuration file is parsed. This means you should start multiple block definitions with the "fall through", and end with the most detailed.}}

-

* 1 hours 30 minutes 10 seconds

+

-

* An arithmetic expression (e.~~g., 1*60+20)~~

+

-

~~Valid units of time:~~

+

== General block ==

-

* Decade, year, month, week, day, hour, minute, second

+

{| class="simpletable" width="100%"

+

|width="250px"|Requirement:

+

|REQUIRED

+

|-

+

|Old conf format equivalents:

+

|<code>M:name:vhost:description::numeric</code>

+

|}

-

~~Valid units of size:~~

+

The General block defines information about the server itself. It is required for the server to start.

-

* terabyte / ~~tbyte~~

+

<html><pre>General {

-

* gigabyte / ~~gbyte~~

+

/* name: the name of our server. */

-

* ~~megabyte~~ / ~~mbyte~~

+

name = "test.area.zone.darenet.org";

-

* kilobyte / ~~kbyte~~

+

-

* byte

+

-

~~Sizes and times may be specified as singular or plural~~.

+

/* description: the description of our server. */

+

description = "ircd-darenet test server";

-

== ~~General Block =~~=

+

/* numeric: the unique server numeric for our server. It must be a

+

* digit between 0 and 4095, and is not updated on a rehash.

+

*/

+

numeric = 999;

+

/* vhost: the IP to bind to when we connect outward to other servers.

+

* It must contain either a * or a valid ipv4 address in dotted quad notation.

+

*/

+

vhost = "192.169.0.1";

-

{| class="~~wikitable~~" ~~width~~="~~40%~~" ~~style=~~"~~font-size: 97%~~; ~~text-align: left;"~~

+

/* ssl_private_key: our ssl private key. */

-

~~| Requirement:~~

+

ssl_private_key = "etc/ircd.key";

-

~~| REQUIRED~~

+

-

|-

+

-

~~| Old conf format equivalents:~~

+

-

~~| M:line~~

+

-

|}

+

-

~~The General {} block defines information about the server itself~~.

+

/* ssl_pem: file containing our ssl certificate and private key */

+

ssl_pem = "etc/ircd.pem";

-

<~~pre>General~~

+

/* dpass: (optional) password for DIE command. */

-

{

+

dpass = "encrypted pass";

-

~~name~~ = "~~servername~~";

+

-

~~description~~ = ~~"description";~~

+

-

~~numeric = numericnumber;~~

+

-

~~vhost~~ = "~~ipv4vhost~~";

+

-

~~ssl_pem =~~ "~~path/to/ircd.pem~~";

+

-

~~ssl_private_key = "path/to/ircd.key";~~

+

-

};</~~pre~~>

+

-

~~'''Required tokens~~:~~'''~~ <~~code~~>~~name, description, numeric~~</~~code~~>

+

/* rpass: (optional) password for RESTART command. */

+

rpass = "$PLAIN$password";

+

};

+

</pre></html>

-

~~'''Optional tokens:''' <code>vhost~~, ~~ssl_pem, ssl_private_key</code>~~

+

The server name may only be changed by a server restart. The description can be changed on rehash, but will not propagate to other linked servers.

-

~~Note that the server <numeric>~~ must be unique on the network the server is linked to, and may be between 0 and 4095. It is not updated on a rehash. If linking to DareNET, you should use the numeric assigned to you by the Infrastructure team.

+

There must be exactly one General block.

-

If <vhost> is specified, it must contain either a <code>*</code> or a valid IPv4 address in dotted quad notation (e.g., 127.0.0.1). The address MUST be the address of a physical interface on the host. It is used only for outgoing connections; see Port {} blocks for listener virtual hosting. If in doubt what to put here, use the IP of your primary interface.

+

== Admin block ==

-

~~If SSL is enabled, you MUST specify the path to your pem (containing your cert and private key) and private key files using the ssl_pem and ssl_private_key tokens.~~

+

{| class="simpletable" width="100%"

+

|width="250px"|Requirement:

+

|SUGGESTED

+

|-

+

|Old conf format equivalents:

+

|<code>A:line1:line2:line3</code>

+

|}

-

~~There may only be one General {}~~ block.

+

The Admin block defines information that can be retrieved with the <code>/ADMIN</code> command.

-

~~'''Example block~~:~~'''~~

+

<html><pre>Admin {

+

location = "DareNET - http://www.darenet.org";

+

location = "Infrastructure Team";

+

contact = "<infrastructure@darenet.org>";

+

};

+

</pre></html>

-

~~<c>General~~

+

Not all lines are required. There may only be one Admin block.

-

{

+

-

~~name = "servername~~.~~area~~.~~zone.darenet.org";~~

+

-

~~description = "DareNET Client Server";~~

+

-

~~numeric = 10;~~

+

-

~~vhost = "127.0.0.1";~~

+

-

~~ssl_pem = "etc/ircd.pem";~~

+

-

~~ssl_private_key = "etc/ircd.key";~~

+

-

~~};</c>~~

+

-

== ~~Admin Block~~ ==

+

== Class block ==

-

{| class="~~wikitable~~" width="40%" ~~style~~="~~font-size~~: ~~97%; text~~-~~align: left;"~~

+

{| class="simpletable" width="100%"

-

| ~~Requirement~~:

+

|width="250px"|Requirement:

-

| ~~SUGGESTED~~

+

|RECOMMENDED

+

|-

+

|Old conf format equivalents:

+

|<code>Y:class:pingfreq::maxlinks:sendq (clients)</code> <code>Y:class:pingfreq:connectfreq:maxlinks:sendq (servers)</code>

|-

-

~~| Old conf format equivalents:~~

-

~~| A:line~~

|}

-

The ~~Admin {} block defines information that can be retrieved~~ with the ~~/ADMIN command~~.

+

The Class blocks define connection classes. All connections to the server are associated with a "connection class", whether they be incoming or outgoing (initiated by the server), be they clients or servers.

-

~~There may only be one Admin~~ {~~} block~~.

+

<html><pre>Class {

+

/* name: a name for the connection class. */

+

name = "Users";

-

<~~pre>Admin~~

+

/* pingfreq: how often to PING idle connections. */

-

{

+

pingfreq = 1 minute 30 seconds;

-

~~Location~~ = "~~string 1 here~~";

+

-

~~Location~~ = ~~"string 2 here"~~;

+

-

~~Contact = "string 3 here";~~

+

-

~~};</pre>~~

+

-

~~'''Example block~~:'''

+

/* sendq: send buffer limit (i.e., the amount of data allowed in

+

* a client's queue before they are dropped.

+

*/

+

sendq = 100 kilobytes;

-

<~~c>Admin~~

+

/* maxlinks: the maximum number of connections that may use this

-

{

+

* class. May be between 0 and 4,000,000,000.

-

~~Location~~ = "~~DareNET~~";

+

*/

-

~~Location = "Infrastructure Team";~~

+

maxlinks = 100;

-

~~Contact = "~~<~~infrastructure@darenet.org~~>";

+

-

};</c>

+

-

== ~~Class Block =~~=

+

/* usermode: an optional list of user modes that should set

+

* upon the user while connecting.

+

*/

+

usermode = "+iw";

-

{| class="~~wikitable~~" ~~width~~="~~40%~~" ~~style="font-size: 97%~~; ~~text-align: left;"~~

+

/* maxchans: the maximum number of channels that clients may join.

-

~~| Requirement:~~

+

*/

-

~~| SUGGESTED~~

+

maxchans = 50;

-

|-

+

};

-

~~| Old conf format equivalents:~~

+

-

~~| Y:line~~

+

-

|}

+

-

~~The~~ Class {~~} blocks define connection classes. All connections to the server are associated with a~~ "~~connection~~ class"~~, whether they be incoming or outgoing (initiated by the server), be they clients or servers.~~

+

Class {

+

name = "Opers";

+

pingfreq = 2 minutes;

+

sendq = 100 kilobytes;

+

maxlinks = 10;

+

usermode = "+iw";

+

whox;

+

};

-

<~~pre~~>Class

+

Class {

-

{

+

name = "Server";

-

name = "<class>";

+

pingfreq = 3 minutes;

-

pingfreq = ~~time~~;

+

-

~~connectfreq = time;~~

+

-

~~maxlinks = number;~~

+

-

~~sendq = size;~~

+

-

~~usermode = "+modes";~~

+

-

~~};</pre>~~

+

-

~~'''Required tokens:'''~~ <~~code~~>~~name~~, ~~pingfreq~~, ~~sendq~~</~~code~~>

+

/* connectfreq: this token applies only to servers, and specifies

+

* the frequency that the server tries to auto connect. Setting this to 0 will cause a

+

* server to attempt to connect repeatedly, with no delay until the maxlinks condition

+

* is satisfied (which is not a good thing).

+

*/

+

connectfreq = 5 minutes;

-

~~'''Optional tokens (client classes only):'''~~ <~~code~~>maxlinks, ~~usermode~~</~~code~~>

+

/* maxlinks: for server classes, specifies the maximum number of

+

* servers to autoconnect to. This should be 0 for hubs, and 1 for leafs.

+

*/

+

maxlinks = 0;

-

~~'''Optional tokens (server classes only):''' <code>connectfreq</code>~~

+

sendq = 10 megabytes;

+

};

-

~~For connection classes used on server links,~~ maxlinks ~~should be set to either 0 (for hubs) or~~ 1 ~~(for leafs). Client connection classes may use maxlinks between 0 and approximately 4,000,000,000. A maxlinks of 0 means there is no limit on the number of connections using the class.~~

+

Class {

+

name = "Leaf_Server";

+

pingfreq = 3 minutes;

+

connectfreq = 5 minutes;

+

maxlinks = 1;

+

sendq = 10 megabytes;

+

};

+

</pre></html>

-

~~<connect freq> applies only to servers~~, ~~and specifies~~ the ~~frequency that~~ the ~~server tries to auto connect~~. ~~Setting this to 0 will cause~~ the ~~server to attempt to connect repeatedly with no delay until the <maximum links> condition is satisfied~~. ~~This~~ is ~~a Bad Thing(tm). Time can~~ be specified ~~as a number, or by giving something like: 1 minutes 2 seconds, or 1*60+20~~.

+

For connection classes intended for operator use, you can specify privileges the operator should be granted when the Operator block names the class. The local privilege MUST be defined by either the Class or Operator block. It is highly recommended that most privileges be explicitly specified in the operator's Operator block on DareNET.

-

~~For connection classes intended for operator use, you can specify privileges~~ used when ~~the Operator {} block (see below) names this~~ class~~. The local (aka globally_opered) privilege MUST be defined by either the Class or Operator block. It~~ is ~~highly recommended privileges be~~ specified ~~in the operator's Operator {} block~~, ~~instead of in Class {} blocks~~.

+

A "default" class is created internally. This class is used when no other class is specified, but its settings are not useful for most situations. Custom classes are strongly recommended.

-

~~A "default" class~~ is ~~created internally. This class is used when no other class is specified, but its settings are not useful for most situations. Custom classes are strongly suggested~~.

+

There may be multiple Class blocks; at least one is recommended.

-

~~There may be multiple Class {} blocks.~~

+

== Client block ==

-

~~'''Example blocks~~:~~'''~~

+

{| class="simpletable" width="100%"

+

|width="250px"|Requirement:

+

|RECOMMENDED

+

|-

+

|Old conf format equivalents:

+

|<code>I:ipmask:passwd:hostmask:port:class</code>

+

|}

-

~~Uplinks you~~ are ~~not~~ a ~~hub for:~~

+

The Client blocks define the hosts client connections are allowed from, and places them into classes. While the server will start without a Client block, it will not be usable.

-

~~<c>Class~~

+

-

{

+

-

~~name = "Server";~~

+

-

~~pingfreq = 1 minutes 30 seconds;~~

+

-

~~connectfreq = 5 minutes;~~

+

-

~~maxlinks = 1;~~

+

-

~~sendq = 9000000;~~

+

-

~~};</c>~~

+

-

~~Leaf servers you hub for:~~

+

-

~~<c>Class~~

+

-

{

+

-

~~name = "Leaf Server";~~

+

-

~~pingfreq = 1 minutes 30 seconds;~~

+

-

~~connectfreq = 5 minutes;~~

+

-

~~maxlinks = 0;~~

+

-

~~sendq = 9000000;~~

+

-

~~};</c>~~

+

-

~~All clients:~~

+

-

~~<c>Class~~

+

-

{

+

-

~~name = "Users";~~

+

-

~~pingfreq = 1 minutes 30 seconds;~~

+

-

~~sendq = 60000;~~

+

-

~~usermode = "+iw";~~

+

-

~~};</c>~~

+

-

~~Opers:~~

+

-

~~<c>Class~~

+

-

{

+

-

~~name = "Opers";~~

+

-

~~pingfreq = 1 minutes 30 seconds;~~

+

-

~~sendq = 60000;~~

+

-

~~whox = yes;~~

+

-

~~};</c>~~

+

-

== ~~Client Block =~~=

+

<html><pre>Client {

+

/* host: resolved user@host mask allowed to connect. This is optional

+

* if you are using the ip mask to match against. Additionally, if you specify *@loc for

+

* this field it will match all LOC users.

+

*/

+

host = "*@*.wirehub.net";

-

{| class="~~wikitable~~" ~~width~~="~~40%~~" ~~style=~~"~~font-size: 97%~~; ~~text-align: left;"~~

+

/* ip: unresolved user@ip mask allowed to connect. */

-

~~| Requirement:~~

+

ip = "*@195.86.128.*";

-

~~| SUGGESTED~~

+

-

|-

+

-

~~| Old conf format equivalents:~~

+

-

~~| I:line~~

+

-

|}

+

-

~~To allow clients~~ to ~~connect, they need authorization~~. This ~~can be done based on hostmask, address mask and/or with a~~ password. ~~With intelligent use of classes and the maxlinks field in the Client {} blocks, you can let in a specific domain, but get rid of all other domains in the same top level, thus setting up some sort of~~ "~~reverse Kill {} block.~~"

+

/* password: (optional) password that is required to use this block.

+

* This password string is not encrypted.

+

*/

+

password = "letMEHin";

-

<~~pre>Client~~

+

/* class: the class the user should be placed in. */

-

{

+

class = "Users";

-

~~host~~ = "~~host~~";

+

-

~~ip = "127~~.~~0.0.0~~/~~8";~~

+

-

~~password~~ = ~~"password";~~

+

-

class = "~~classname~~";

+

-

~~maxlinks = number;~~

+

-

};</~~pre~~>

+

-

~~Everything in a Client {} block is optional. If a username mask is~~ specified, ~~it must match~~ the clients ~~username from~~ the ~~IDENT protocol. If a hostmask is given,~~ the ~~client's hostname must resolve and match~~ the ~~hostmask. If a CIDR-style~~ IP ~~mask is given, the client must have an IP matching that range~~. If maxlinks ~~is given, it limits the number of matching clients allowed from a particular IP address.~~

+

/* maxlinks: if specified, the server will only accept clients when

+

* the total number of connections to the network from the same IP number doesn't exceed

+

* this number.

+

*/

+

maxlinks = 6;

-

~~'''Technical Description~~:~~'''~~

+

/* port: (optional) a port to limit this block to. */

+

port = 6660;

+

};

+

</pre></html>

-

~~For every connectiong client, the IP address is known~~. ~~A reverse lookup is performed on this IP-number~~ to ~~get the (/all) hostname(s). Each hostname that belongs to this IP-number is matched to <hostmask>, and the~~ Client {} block ~~is used when any matches; the client will then show with this particular hostname. If none of the hostnames match, then the IP-number is matched against the <IP mask ...> field, and~~ if this matches, the Client {} block is used nevertheless and the client will show with the first (main) hostname, if any. If the IP-number does not resolve, then the client will show with the dot notation of the IP-number.

+

The server uses a default deny policy for incoming connections. You need to define at least one Client block if you wish to use your server.

-

~~There is~~ a ~~special case for UNIX domain sockets~~ and ~~localhost~~ connections. ~~In these cases~~, the <IP ~~mask.~~.~~.> field~~ is ~~compared with the name of the server (thus not with any IP-number representation)~~. The ~~name of~~ the ~~server is~~ the ~~one returned in~~ the ~~numeric 002 reply~~. ~~For example:~~

+

The <code>host</code> and <code>ip</code> fields specify which connections the block matches. The server always performs a DNS and ident lookup for connections. If DNS cannot find a hostname, the IP address is used instead. If ident cannot get a valid reply, "unknown" is used during this state. The client's resolved hostname, IP address, ident reply, and username (from the USER line) are used according to the results of the matches described below.

-

<code>002 Your host is 2.darenet.org[jolan.ppro], running version ...</code>

+

'''Note:''' There is a specify case for UNIX domain sockets and localhost connections. In these cases, the <code>ip / host</code> field is compared with the name of the server, and thus not with any IP number representation. The name of the server is that returned in the numeric 002 reply, example: <code>002 Your host is 2.darenet.org[jolan.ppro]. running version ...</code> In this example, "jolan.ppro" is the name used for matching; therefore, UNIX domain sockets and connections to localhost would match a block containing: <code>host = "*@jolan.ppro";</code>.

-

~~In this example, "jolan.ppro" is~~ the ~~name used for matching. Therefore~~, ~~UNIX domain sockets~~, and ~~connections to localhost, would~~ match ~~this block:~~

+

The <code>host</code> field attempts to match first against the resolved hostname, if available, and then against the IP address. To include the connection's ident reply in the match, use a mask in the form "ident@host". If a client matches, it appears on IRC using its resolved hostname.

-

<code>~~host = "*@jolan.ppro";~~</code>

+

The <code>ip</code> field attempts to match against the IP address only. An ident may be specified to match against, as well.

-

~~Example blocks~~:

+

'''Note:''' If the ident portion is specified in a mask (i.e., "ident@host" instead of "host"), and no ident reply is received from the client, it will appear on IRC with its username prefixed with a '~' tilde. If the matching mask used only the "host" form, the client's username is not prefixed. If a valid ident reply is received, it is always used and not prefixed.

-

~~Prevent unresolved clients from connecting:~~

+

You need only specify a <code>host</code> or <code>ip</code> field, not both. If both are used, <code>host</code> is matched against first.

-

<c>~~Client~~

+

-

{

+

-

host ~~= "*@*";~~

+

-

~~class = "Users";~~

+

-

~~maxlinks = 5;~~

+

-

};</c>

+

-

~~Only accept two connections from dial up accounts that have "dial??.*" as host mask:~~

</

@@ Line 1: / Line 1: @@
 __NOTOC__
-This is a reference guide for ircd-darenet 1.4.1+'s configuration file.
+This is a reference guide for ircd-darenet 1.5.x's configuration file.
-The configuration format consists of various blocks, each containing name-value pairs, tags and/or string data. It is designed to be easily readable by both human and ircd.
+The configuration format consists of various blocks, each containing name-value pairs, tags or string data. It is designed to be easily readable by both human ircd.
-A block consists of a block name, an opening '{' brace, statements, a closing '}' brace, and a ';' semicolon. A statement consists of a name possibly followed by an '=' equals sign and a value, ending with a semicolon. All strings are surrounded by '"' double quotes.
+A block consists of a name, an opening '{' brace, statements, a closing '}' brace, and a ';' semicolon. A statement consists of a name possibly followed by an '=' equals sign and a value, ending with a semicolon. All strings must be surrounded by '"' double quotes.
 A sample block:
-<html><pre>blockname {
+<html><pre><strong>blockname</strong> {
      name = value;
-     name = "string";
+     name = <span class="qstring">"string"</span>;
-     name = 123;
+     name = <span class="integer">123</span>;
      tag;
 };</pre></html>
-All elements of the configuration are separated by whitespace, and can be packed on one line, or broken up over several lines. Whitespace is defined as space, tab or carriage return/linefeed. Three form of comments are allowed:
+All elements of the configuration are separated by whitespace, and can be packed on one line, or broken up over several lines. Whitespace is defined as space, tab or carriage return/linefeed. Three forms of comments are allowed:
-* C style single/multi-line
+<pre>/* C style single/multi-line */
-* C++ style single-line
-* Shell style single-line
-'''Important notes:''' When the configuration file is parsed, blocks are used in reverse order than how they are listed. This means you should start multiple block definitions with the "fall through", and end with the most detailed. Class {} blocks MUST be specified before anything that uses them. That means they must be defined before client {}, connect {} and operator {}.
+// C++ style single-line
-Times / durations are written as:
+# Shell style single-line
+</pre>
-* A number in seconds (e.g., 60)
+{{info|text=Blocks are used in the reverse order than how they're listed, when the configuration file is parsed. This means you should start multiple block definitions with the "fall through", and end with the most detailed.}}
-* 1 hours 30 minutes 10 seconds
-* An arithmetic expression (e.g., 1*60+20)
-Valid units of time:
+== General block ==
-* Decade, year, month, week, day, hour, minute, second
+{| class="simpletable" width="100%"
+|width="250px"|Requirement:
+|REQUIRED
+|-
+|Old conf format equivalents:
+|<code>M:name:vhost:description::numeric</code>
+|}
-Valid units of size:
+The General block defines information about the server itself. It is required for the server to start.
-* terabyte / tbyte
+<html><pre><strong>General</strong> {
-* gigabyte / gbyte
+    <span class="comment">/* name: the name of our server. */</span>
-* megabyte / mbyte
+    name = <span class="qstring">"test.area.zone.darenet.org"</span>;
-* kilobyte / kbyte
-* byte
-Sizes and times may be specified as singular or plural.
+    <span class="comment">/* description: the description of our server. */</span>
+    description = <span class="qstring">"ircd-darenet test server"</span>;
-== General Block ==
+    <span class="comment">/* numeric: the unique server numeric for our server. It must be a
+     * digit between 0 and 4095, and is not updated on a rehash.
+     */</span>
+    numeric = <span class="integer">999</span>;
+    <span class="comment">/* vhost: the IP to bind to when we connect outward to other servers.
+     * It must contain either a * or a valid ipv4 address in dotted quad notation.
+     */</span>
+    vhost = <span class="qstring">"192.169.0.1"</span>;
-{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+    <span class="comment">/* ssl_private_key: our ssl private key. */</span>
-| Requirement:
+    ssl_private_key = <span class="qstring">"etc/ircd.key"</span>;
-| REQUIRED
-|-
-| Old conf format equivalents:
-| M:line
-|}
-The General {} block defines information about the server itself.
+    <span class="comment">/* ssl_pem: file containing our ssl certificate and private key */</span>
+    ssl_pem = <span class="qstring">"etc/ircd.pem"</span>;
-<pre>General
+    <span class="comment">/* dpass: (optional) password for DIE command. */</span>
-{
+    dpass = <span class="qstring">"encrypted pass"</span>;
-  name = "servername";
-  description = "description";
-  numeric = numericnumber;
-  vhost = "ipv4vhost";
-  ssl_pem = "path/to/ircd.pem";
-  ssl_private_key = "path/to/ircd.key";
-};</pre>
-'''Required tokens:''' <code>name, description, numeric</code>
+    <span class="comment">/* rpass: (optional) password for RESTART command. */</span>
+    rpass = <span class="qstring">"$PLAIN$password"</span>;
+};
+</pre></html>
-'''Optional tokens:''' <code>vhost, ssl_pem, ssl_private_key</code>
+The server name may only be changed by a server restart. The description can be changed on rehash, but will not propagate to other linked servers.
-Note that the server <numeric> must be unique on the network the server is linked to, and may be between 0 and 4095. It is not updated on a rehash. If linking to DareNET, you should use the numeric assigned to you by the Infrastructure team.
+There must be exactly one General block.
-If <vhost> is specified, it must contain either a <code>*</code> or a valid IPv4 address in dotted quad notation (e.g., 127.0.0.1). The address MUST be the address of a physical interface on the host. It is used only for outgoing connections; see Port {} blocks for listener virtual hosting. If in doubt what to put here, use the IP of your primary interface.
+== Admin block ==
-If SSL is enabled, you MUST specify the path to your pem (containing your cert and private key) and private key files using the ssl_pem and ssl_private_key tokens.
+{| class="simpletable" width="100%"
+|width="250px"|Requirement:
+|SUGGESTED
+|-
+|Old conf format equivalents:
+|<code>A:line1:line2:line3</code>
+|}
-There may only be one General {} block.
+The Admin block defines information that can be retrieved with the <code>/ADMIN</code> command.
-'''Example block:'''
+<html><pre><strong>Admin</strong> {
+    location = <span class="qstring">"DareNET - http://www.darenet.org"</span>;
+    location = <span class="qstring">"Infrastructure Team"</span>;
+    contact = <span class="qstring">"&lt;infrastructure@darenet.org&gt;"</span>;
+};
+</pre></html>
-<c>General
+Not all lines are required. There may only be one Admin block.
-{
-  name = "servername.area.zone.darenet.org";
-  description = "DareNET Client Server";
-  numeric = 10;
-  vhost = "127.0.0.1";
-  ssl_pem = "etc/ircd.pem";
-  ssl_private_key = "etc/ircd.key";
-};</c>
-== Admin Block ==
+== Class block ==
-{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+{| class="simpletable" width="100%"
-| Requirement:
+|width="250px"|Requirement:
-| SUGGESTED
+|RECOMMENDED
+|-
+|Old conf format equivalents:
+|<code>Y:class:pingfreq::maxlinks:sendq (clients)</code><br /><code>Y:class:pingfreq:connectfreq:maxlinks:sendq (servers)</code>
 |-
-| Old conf format equivalents:
-| A:line
 |}
-The Admin {} block defines information that can be retrieved with the /ADMIN command.
+The Class blocks define connection classes. All connections to the server are associated with a "connection class", whether they be incoming or outgoing (initiated by the server), be they clients or servers.
-There may only be one Admin {} block.
+<html><pre><strong>Class</strong> {
+    <span class="comment">/* name: a name for the connection class. */</span>
+    name = <span class="qstring">"Users"</span>;
-<pre>Admin
+    <span class="comment">/* pingfreq: how often to PING idle connections. */</span>
-{
+    pingfreq = 1 minute 30 seconds;
-  Location = "string 1 here";
-  Location = "string 2 here";
-  Contact = "string 3 here";
-};</pre>
-'''Example block:'''
+    <span class="comment">/* sendq: send buffer limit (i.e., the amount of data allowed in
+     * a client's queue before they are dropped.
+     */</span>
+    sendq = 100 kilobytes;
-<c>Admin
+    <span class="comment">/* maxlinks: the maximum number of connections that may use this
-{
+     * class. May be between 0 and 4,000,000,000.
-  Location = "DareNET";
+     */</span>
-  Location = "Infrastructure Team";
+    maxlinks = <span class="integer">100</span>;
-  Contact = "<infrastructure@darenet.org>";
-};</c>
-== Class Block ==
+    <span class="comment">/* usermode: an optional list of user modes that should set
+     * upon the user while connecting.
+     */</span>
+    usermode = <span class="qstring">"+iw"</span>;
-{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+    <span class="comment">/* maxchans: the maximum number of channels that clients may join.
-| Requirement:
+    */</span>
-| SUGGESTED
+    maxchans = <span class="integer">50</span>;
-|-
+};
-| Old conf format equivalents:
-| Y:line
-|}
-The Class {} blocks define connection classes. All connections to the server are associated with a "connection class", whether they be incoming or outgoing (initiated by the server), be they clients or servers.
+<strong>Class</strong> {
+    name = <span class="qstring">"Opers"</span>;
+    pingfreq = 2 minutes;
+    sendq = 100 kilobytes;
+    maxlinks = <span class="integer">10</span>;
+    usermode = <span class="qstring">"+iw"</span>;
+    whox;
+};
-<pre>Class
+<strong>Class</strong> {
-{
+    name = <span class="qstring">"Server"</span>;
-  name = "<class>";
+    pingfreq = 3 minutes;
-  pingfreq = time;
-  connectfreq = time;
-  maxlinks = number;
-  sendq = size;
-  usermode = "+modes";
-};</pre>
-'''Required tokens:''' <code>name, pingfreq, sendq</code>
+    <span class="comment">/* connectfreq: this token applies only to servers, and specifies
+     * the frequency that the server tries to auto connect. Setting this to 0 will cause a
+     * server to attempt to connect repeatedly, with no delay until the maxlinks condition
+     * is satisfied (which is not a good thing).
+     */</span>
+    connectfreq = 5 minutes;
-'''Optional tokens (client classes only):''' <code>maxlinks, usermode</code>
+    <span class="comment">/* maxlinks: for server classes, specifies the maximum number of
+     * servers to autoconnect to. This should be 0 for hubs, and 1 for leafs.
+     */</span>
+    maxlinks = <span class="integer">0</span>;
-'''Optional tokens (server classes only):''' <code>connectfreq</code>
+    sendq = 10 megabytes;
+};
-For connection classes used on server links, maxlinks should be set to either 0 (for hubs) or 1 (for leafs). Client connection classes may use maxlinks between 0 and approximately 4,000,000,000. A maxlinks of 0 means there is no limit on the number of connections using the class.
+<strong>Class</strong> {
+    name = <span class="qstring">"Leaf_Server"</span>;
+    pingfreq = 3 minutes;
+    connectfreq = 5 minutes;
+    maxlinks = 1;
+    sendq = 10 megabytes;
+};
+</pre></html>
-<connect freq> applies only to servers, and specifies the frequency that the server tries to auto connect. Setting this to 0 will cause the server to attempt to connect repeatedly with no delay until the <maximum links> condition is satisfied. This is a Bad Thing(tm). Time can be specified as a number, or by giving something like: 1 minutes 2 seconds, or 1*60+20.
+For connection classes intended for operator use, you can specify privileges the operator should be granted when the Operator block names the class. The local privilege MUST be defined by either the Class or Operator block. It is highly recommended that most privileges be explicitly specified in the operator's Operator block on DareNET.
-For connection classes intended for operator use, you can specify privileges used when the Operator {} block (see below) names this class. The local (aka globally_opered) privilege MUST be defined by either the Class or Operator block. It is highly recommended privileges be specified in the operator's Operator {} block, instead of in Class {} blocks.
+A "default" class is created internally. This class is used when no other class is specified, but its settings are not useful for most situations. Custom classes are strongly recommended.
-A "default" class is created internally. This class is used when no other class is specified, but its settings are not useful for most situations. Custom classes are strongly suggested.
+There may be multiple Class blocks; at least one is recommended.
-There may be multiple Class {} blocks.
+== Client block ==
-'''Example blocks:'''
+{| class="simpletable" width="100%"
+|width="250px"|Requirement:
+|RECOMMENDED
+|-
+|Old conf format equivalents:
+|<code>I:ipmask:passwd:hostmask:port:class</code>
+|}
-Uplinks you are not a hub for:
+The Client blocks define the hosts client connections are allowed from, and places them into classes. While the server will start without a Client block, it will not be usable.
-<c>Class
-{
-  name = "Server";
-  pingfreq = 1 minutes 30 seconds;
-  connectfreq = 5 minutes;
-  maxlinks = 1;
-  sendq = 9000000;
-};</c>
-Leaf servers you hub for:
-<c>Class
-{
-  name = "Leaf Server";
-  pingfreq = 1 minutes 30 seconds;
-  connectfreq = 5 minutes;
-  maxlinks = 0;
-  sendq = 9000000;
-};</c>
-All clients:
-<c>Class
-{
-  name = "Users";
-  pingfreq = 1 minutes 30 seconds;
-  sendq = 60000;
-  usermode = "+iw";
-};</c>
-Opers:
-<c>Class
-{
-  name = "Opers";
-  pingfreq = 1 minutes 30 seconds;
-  sendq = 60000;
-  whox = yes;
-};</c>
-== Client Block ==
+<html><pre><strong>Client</strong> {
+    <span class="comment">/* host: resolved user@host mask allowed to connect. This is optional
+     * if you are using the ip mask to match against.  Additionally, if you specify *@loc for
+     * this field it will match all LOC users.
+     */</span>
+    host = <span class="qstring">"*@*.wirehub.net"</span>;
-{| class="wikitable" width="40%" style="font-size: 97%; text-align: left;"
+    <span class="comment">/* ip: unresolved user@ip mask allowed to connect. */</span>
-| Requirement:
+    ip = <span class="qstring">"*@195.86.128.*"</span>;
-| SUGGESTED
-|-
-| Old conf format equivalents:
-| I:line
-|}
-To allow clients to connect, they need authorization. This can be done based on hostmask, address mask and/or with a password. With intelligent use of classes and the maxlinks field in the Client {} blocks, you can let in a specific domain, but get rid of all other domains in the same top level, thus setting up some sort of "reverse Kill {} block."
+    <span class="comment">/* password: (optional) password that is required to use this block.
+     * This password string is not encrypted.
+     */</span>
+    password = <span class="qstring">"letMEHin"</span>;
-<pre>Client
+    <span class="comment">/* class: the class the user should be placed in. */</span>
-{
+    class = <span class="qstring">"Users"</span>;
-  host = "host";
-  ip = "127.0.0.0/8";
-  password = "password";
-  class = "classname";
-  maxlinks = number;
-};</pre>
-Everything in a Client {} block is optional. If a username mask is specified, it must match the clients username from the IDENT protocol. If a hostmask is given, the client's hostname must resolve and match the hostmask. If a CIDR-style IP mask is given, the client must have an IP matching that range. If maxlinks is given, it limits the number of matching clients allowed from a particular IP address.
+    <span class="comment">/* maxlinks: if specified, the server will only accept clients when
+     * the total number of connections to the network from the same IP number doesn't exceed
+     * this number.
+     */</span>
+    maxlinks = <span class="integer">6</span>;
-'''Technical Description:'''
+    <span class="comment">/* port: (optional) a port to limit this block to. */</span>
+    port = <span class="integer">6660</span>;
+};
+</pre></html>
-For every connectiong client, the IP address is known. A reverse lookup is performed on this IP-number to get the (/all) hostname(s). Each hostname that belongs to this IP-number is matched to <hostmask>, and the Client {} block is used when any matches; the client will then show with this particular hostname. If none of the hostnames match, then the IP-number is matched against the <IP mask ...> field, and if this matches, the Client {} block is used nevertheless and the client will show with the first (main) hostname, if any. If the IP-number does not resolve, then the client will show with the dot notation of the IP-number.
+The server uses a default deny policy for incoming connections. You need to define at least one Client block if you wish to use your server.
-There is a special case for UNIX domain sockets and localhost connections. In these cases, the <IP mask...> field is compared with the name of the server (thus not with any IP-number representation). The name of the server is the one returned in the numeric 002 reply. For example:
+The <code>host</code> and <code>ip</code> fields specify which connections the block matches. The server always performs a DNS and ident lookup for connections. If DNS cannot find a hostname, the IP address is used instead. If ident cannot get a valid reply, "unknown" is used during this state. The client's resolved hostname, IP address, ident reply, and username (from the USER line) are used according to the results of the matches described below.
-<code>002 Your host is 2.darenet.org[jolan.ppro], running version ...</code>
+'''Note:''' There is a specify case for UNIX domain sockets and localhost connections. In these cases, the <code>ip / host</code> field is compared with the name of the server, and thus not with any IP number representation. The name of the server is that returned in the numeric 002 reply, example: <code>002 Your host is 2.darenet.org[jolan.ppro]. running version ...</code> In this example, "jolan.ppro" is the name used for matching; therefore, UNIX domain sockets and connections to localhost would match a block containing: <code>host = "*@jolan.ppro";</code>.
-In this example, "jolan.ppro" is the name used for matching. Therefore, UNIX domain sockets, and connections to localhost, would match this block:
+The <code>host</code> field attempts to match first against the resolved hostname, if available, and then against the IP address. To include the connection's ident reply in the match, use a mask in the form "ident@host". If a client matches, it appears on IRC using its resolved hostname.
-<code>host = "*@jolan.ppro";</code>
+The <code>ip</code> field attempts to match against the IP address only. An ident may be specified to match against, as well.
-Example blocks:
+'''Note:''' If the ident portion is specified in a mask (i.e., "ident@host" instead of "host"), and no ident reply is received from the client, it will appear on IRC with its username prefixed with a '~' tilde. If the matching mask used only the "host" form, the client's username is not prefixed. If a valid ident reply is received, it is always used and not prefixed.
-Prevent unresolved clients from connecting:
+You need only specify a <code>host</code> or <code>ip</code> field, not both. If both are used, <code>host</code> is matched against first.
-<c>Client
-{
-  host = "*@*";
-  class = "Users";
-  maxlinks = 5;
-};</c>
-Only accept two connections from dial up accounts that have "dial??.*" as host mask:
</