File: readme.crules

package info (click to toggle)
ircd-ircu 2.10.12.10.dfsg1-3
  • links: PTS
  • area: main
  • in suites: bookworm, bullseye, buster, sid, trixie
  • size: 4,788 kB
  • ctags: 4,787
  • sloc: ansic: 37,491; sh: 3,331; makefile: 1,616; perl: 1,180; yacc: 987; cpp: 429; lex: 199; python: 50
file content (126 lines) | stat: -rw-r--r-- 5,253 bytes parent folder | download | duplicates (11)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
SmartRoute
Rule based connects
Draft 4 - Aug 19, 1994
by Tony Vencill

Rule based connects allow an admin to specify under what conditions
a connect should not be allowed.  If no rules are specified for a
given C and/or N line it will be allowed under any condition.

A rule may consist of any legal combination of the following functions
and operators.

Functions
---------
connected(targetmask)     - true if a server other than that processing
                            the rule is connected that matches the
                            target mask
directcon(targetmask)     - true if a server other than that processing
                            the rule is directly connected that matches
                            the target mask
via(viamask, targetmask)  - true if a server other than that processing
                            the rule matches the target mask and is
                            connected via a directly connected server
                            that matches the via mask
directop()                - true if an oper is directly connected

Unary operators
---------------
!    eg: !argument        - true if the argument is false

Binary operartors
-----------------
&&   eg: arg1&&arg2       - true if arg1 and arg2 are both true
||   eg: arg1||arg2       - true if arg1, arg2, or both are true

Parenthesis () are allowed for grouping arguments, but if no parenthesis
are included, && will take precedence over ||, ! will take precedence
over both && and ||, and the function will be evaluated from left to
right.  White space in a rule is ignored.  Invalid characters in a rule
will lead to the rule being ignored.

Examples
--------

A simple example of a connect rule might be:

connected(*eu.under*)

This might be used in a US undernet server for a Europe CN pair to
insure that a second Europe link is not allowed if one US-EU link
already exists.  Note that on the undernet, US server names are
city.state.us.undernet.org and Europe server names are
city.country.eu.undernet.org.

A more interesting example might be:

connected(*eu.under*) && 
  ( !direct(*eu.under*) || via(manhat*, *eu.under*) )

Imagine the Boston undernet server uses this rule on its Europe CN
pairs.  This says that if a Europe server is already connected, a
Boston-Europe connect will not be allowed.  It also says that if a
Europe server does already exist and Boston is not directly connected
to one or more Europe servers or Manhattan is, the Boston-Europe
connect will not be allowed.  This has the effect of allowing multiple
US-EU links but attempting to limit these links to one server (ie:
Boston will not initiate its first Europe link if another server is
already linking Europe).  This rule will also prefer to let Manhattan
handle the US-EU link by disallowing Boston-Europe links if a Europe
server is already linked to Manhattan.

A example of the remaining function, directop(), is:

connected(*eu.under*) || directop()

If this line is used on Boston for the Paderborn CN pair, it will allow
connects to Paderborn only if another Europe server is not already
connected and there is not an oper on Boston.  If this rule is
overrideable (ie: is applied only to autoconnects as described below),
then it will disallow Boston autoconnects to Paderborn while a Boston
oper is online, but allow oper-initiated connects to Paderborn under any
circumstance.  This directop() function could be used to invoke less
prefered routes only when an oper is not present to handle routing, or
conversly to allow use of less preferable routes only when an oper is
present to monitor their performance.

ircd.conf entries
-----------------

A rule is listed in the ircd.conf file using a D or d line (which can
be thought of as a "disallow" line).  D lines will apply to all oper
and server originated connects, while d lines will apply only to
autoconnects (ie: they are overrideable by opers).  The formats are:

D:targetmask::rule
d:targetmask::rule

Remember that newlines are not allowed in conf lines.  Two examples
(from above) are:

D:*eu.under*::connected(*eu.under*)
d:*eu.under*::connected(*eu.under*) || directop()

Connects originating from other servers will be checked against and
matching D lines, while matching d lines will be ignored as it will not
be clear whether or not the connection attempt is oper initiated.

Checking and viewing rules
--------------------------

The chkconf program that comes with the servers has been modified to
also check your connect rules.  If running in debug mode, parsing errors
will show up at debug level 8.  To view rules online, "/stats d" can be
used to see all rules and "/stats D" can be used to view those rules
which affect oper initiated connects and accepts.

Processing and storage
----------------------

The rules are parsed when the conf file is read and transformed into a
more efficiently computed form, then all applicable rules are
evaluated each time a connect command is given or an autoconnect is
due.  If more than one applicable rule is given, only one need
evaluate to true for the connect to be allowed (ie: the rules are ored
together).  Note that conditions that exist when the connect is
initiated might differ from conditions when the link is established.