ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid-7.2/doc/serverhide.txt
Revision: 34
Committed: Sun Oct 2 21:05:51 2005 UTC (18 years, 5 months ago) by lusky
Content type: text/plain
File size: 5486 byte(s)
Log Message:
create 7.2 branch, we can move/rename it as needed.


File Contents

# Content
1 Server Hide Reference
2
3 $Id$
4
5 Copyright (c) 2001 by ircd-hybrid team
6
7 ----------------------------------------------------------------------
8
9 Due to pressures from abusers, the Hybrid developers have created a set of
10 options to limit what users can and cannot do on the server. Each option
11 can be enabled or disabled at runtime.
12
13 This document describes the Hybrid 7 implementation of the server hiding
14 ideas originated by (and credited to) numerous people.
15
16 * LINKS as a file: This option is always enabled. It will generate a
17 file at a certain interval, defined by the links_delay in ircd.conf,
18 that contains the current LINKS data. This data is sent to users
19 whenever a LINKS is requested. Opers will always see the current
20 server structure.
21
22 The file that the LINKS data is stored in is by default etc/links.txt.
23
24 The benefits of this are that transient splits will not be seen by
25 users issuing LINKS commands, and if a server is split, users can
26 still see what other servers are normally available.
27
28 * Flattened LINKS: This option forces every server to look as if it is
29 connected to the local server. Users will see a flat LINKS tree.
30
31 The benefit to using LINKS flattening is that users cannot get
32 information on how servers are routed.
33
34 The flatten_links in the serverhide {} block in the ircd.conf controls
35 this feature.
36
37 As a side effect, all netsplit quit messages will appear to originate
38 from the local server.
39
40 +--------------------------------------------------------------------+
41 | Flattened LINKS is needed for any network that uses the hidden hub |
42 | option. See below for more details. |
43 +--------------------------------------------------------------------+
44
45
46
47 * Hidden server option: This option will hide the server from a
48 flattened LINKS list on other servers. Opers will of course see the
49 true routing of the network.
50
51 This is controlled by the hidden option in ircd.conf.
52
53 +--------------------------------------------------------------------+
54 | Technically, this code is a hack. With this option enabled, the |
55 | server will prepend '(H) ' to the server info field when |
56 | connecting to other servers. Other servers must understand that |
57 | the (H) means hidden. |
58 +--------------------------------------------------------------------+
59
60 * The allow_hidden option is needed to allow servers to use the hidden
61 server option described above.
62
63 * The hide_servers option forces the server to not be shown when a user
64 issues WHOIS and other commands which may show what server a user is
65 on.
66
67 Local user counts, as normally displayed in LUSERS, USERS, and the 255
68 numeric, will be shown with the same values as the global counts.
69 Displaying it this way will help protect servers and avoid breaking
70 scripts that depend on the 265 and 266 numerics on connect.
71
72 To be effective, this option must be used network wide.
73
74 * The disable_remote_commands option takes care of most of the remaining
75 issues. These include, for example, ADMIN some.hub.server, VERSION
76 someuser, and similar commands. A server with this option enabled will
77 only prevent local users from issuing remote commands. Remote users
78 will not be affected.
79
80 Remote WHOIS is not blocked. It is, however, restricted to only
81 querying WHOIS nick nick. The ircd will disregard the server parameter
82 and always use queried nick.
83
84 * All server modes appear to originate from the server you are using.
85 This feature is not tunable; and opers also do not see the real server
86 setting the mode.
87
88 Each item is briefly described in the serverhide {} block in ircd.conf.
89
90 ----------------------------------------------------------------------
91
92 Using Non-QS Compliant Hubs
93
94 The flattened LINKS option will, as a side effect, display all user QUIT's
95 due to network splits in the following format:
96
97 :user QUIT :*.net *.split
98
99 This works extremely well as long as all servers on your network are
100 compliant with the QS capability, which sends a single SQUIT to the
101 network when a server (or tree of servers) splits. All quit messages are
102 generated on the local server. Certain older servers do not have this
103 ability, and as such will generate their own quit messages for users who
104 left because of the split. This can cause leaks in the hub server names
105 and the structure of the network.
106
107 A quick example is the following network structure:
108
109 servA(Hyb7) --- hubA(nonQS) --- servB(not-important)
110
111 When servB splits from hubA, hubA will generate a QUIT command for every
112 user on servB (and anything behind servB). Since the QUIT message was not
113 created on your server, with server hiding enabled, the QUIT message will
114 contain the real server names.
115
116 The only way to prevent this leak on a network is to only use hubs
117 supporting the QS capability. Hybrid 6, Hybrid 7, and csircd all are
118 currently running daemons that support QS. Hybrid 5 and 2.8.21+CSr servers
119 do not support QS, and will leak server names (and therefore routing
120 information) on splits.

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision