Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#186 Client block for clients without ident

open
nobody
Server (143)
5
2013-08-01
2010-04-12
wiebe
No

I was trying to configure my test server to allow 1 connection per IP for clients without ident reply, and 3 connections per IP for clients with an ident reply, because I was thinking that might be useful for IRC servers. But nothing I tried seemed to work.

I always ended up in the class ident, even though my client did not provide an ident reply. Also tried with username =, but that did not seem to help. I tested a kill block on ~*@* which seemed to work just fine.

If this is not a bug, please consider adding such feature. I think it would be very useful if you can setup client blocks that can match whether the user has an ident reply or not.

Client {
class = "noident";
host = "~~*@*";
ip = "~~*@*";
maxlinks = 1;
};

Client {
class = "noident";
host = "~*@*";
ip = "~*@*";
maxlinks = 1;
};

Client {
class = "noident";
host = "@*";
ip = "@*";
maxlinks = 1;
};

Client {
class = "ident";
host = "*@*";
ip = "*@*";
maxlinks = 3;
};

Kill {
host = "~*@*";
reason = "IDENT required";
};

Discussion

  • David Herrmann
    David Herrmann
    2010-04-12

    As far as I remember, client classes are inserted in a single linked list and thus matched in reverse order compared to your config file order.
    Furthermore, the ircu rejects clients if the first matching client block exceeds the maxlinks-limit instead of searching for other matching client blocks that did not exceed the maxlinks-limit, yet. Hence your example would be totally useless because all clients match your last client block and thus will never be matched against another block.

    However, your can use this fact to achieve your result by changing the order of your config items to:

    Client {
    class = "ident";
    host = "*@*";
    ip = "*@*";
    maxlinks = 3;
    };

    Client {
    class = "noident";
    host = "~*@*";
    ip = "~*@*";
    maxlinks = 1;
    };

    Connecting clients without ident will be put into the "noident" class which allows just one single connections. All clients with ident will be put into the "ident" class which allows three connections.
    This is not tested but I think it should work.

     
  • wiebe
    wiebe
    2010-04-13

    Sorry, I was a bit lazy when positing report. I tried it in that order as well, and I just tried again to make sure, but no, that does not seem to work either.

     
  • Entrope
    Entrope
    2013-08-01

    When you tried the second time, was the "@" block before the "@*" block? Due to a peculiarity in the code, I think that a no-ident client is treated as having an empty username for Client block matching.

    That is, I think it should work if you have just these two rules, in this order, in ircd.conf:

    Client {
    class = "ident";
    host = "@";
    ip = "@";
    maxlinks = 3;
    };

    Client {
    class = "noident";
    host = "@";
    ip = "@
    ";
    maxlinks = 1;
    };

     
  • Entrope
    Entrope
    2013-08-01

    Argh, SourceForge munged my previous post. (What kind of lame injection-avoidance script strips * rather than just escaping it?) For the ident block, it should look like:

    host = "*@*";

    and for the noident block, it should look like:

    host = "@*";