Is it possible to optionally support IP address cloaking via a user mode (+x)?

There was once a patch to add IP address cloaking support to Hybrid, however it seems that patch is now many years old so does not work on the later releases.

It would be good to get this in Hybrid, even if it is optional during build time or something.

can i add nickserv

also the documentation seems to be misleading, for:

/*

• default_floodcount: the default value of floodcount that is configurable
• via /quote set floodcount. This is the number of lines a user may send
• to any other user/channel per floodtime. Set to 0 to disable.
  */
  default_floodcount = 0;

/*

• default_floodtime: the default value of floodtime that is configurable
• via /quote set floodtime.
  */
  default_floodtime = 1 second;

because it is not the only limitation that applies to client message limits. It's my understanding from the ratbox people that this is indeed "the way" and I took a quick glance over this and there's evidently no options relevant to spam except for JOIN/QUIT spam limiting which I don't really care about that can stay a hard limit because nobody would do that except to be annoying but if I have to set SPAMNUM every time (every link) every rebuild / startup etc that is going to be much more annoying than just having somebody try that hard to be annoying (at least that's entertaining.)

I don't want to set it more than once that's too many times for something I don't particularly want but have to have but can't compromise too much for.

I dont see: https://github.com/ircd-hybrid/ircd-hybrid/blob/master/src/conf_parser.c#L226

relates Homebrew/homebrew-core#48648 Homebrew/homebrew-core#50182

I did tested locally against latest 8.2.30 on my catalina machine, receiving the same error:

==> /usr/local/Cellar/ircd-hybrid/8.2.30/bin/ircd -version
setrlimit: couldn't set maximum number of file descriptors: Invalid argument

Why doint you get this all working and ready togo a user should just have to change paasword and username server name and url port etc and it all should work but i get error saying

OperServ OPER ADMIN ADD R00T_UK

OperServ No such nick/channel

-> OperServ OPER ADMIN ADD *

OperServ No such nick/channel

How to support Chinese，thanks!

When changing nicks (/msg nickserv ) it would be nice if the server would send back a packet to the irc client allowing it to reauthenticate against set password and mark the new nick +R. It helps it so that I don't have to enter (/msg nickserv identify each time when switching nicks.

Hi,

During some debugging i found that in m_nick.c#L370 there could be a situation where getaddrinfo() fails and the code will still call freeaddrinfo() on the res ptr which might then be uninitialized and will cause general protection faults / segmentation faults.

Minor issue. That situation shouldn't really present itself i guess.
One fix might be to set the res ptr to NULL instead of leaving it uninitialized.

Thanks for ircd-hybrid!

Hello. Im wondering if ircd-hybrid team is still working on new release or development has been stopped forever?
thanks.

TCP_DEFER_ACCEPT and SO_ACCEPTFILTER are both useful tools to ensure IRCd survives synflood DDoS.

Enabling support for them is straightforward, see https://github.com/atheme/charybdis/blob/master/libratbox/src/commio.c#L772-L788 for an example implementation.

Other implementations I am aware of include InspIRCd, UnrealIRCd 4, and upcoming ratbox 3.1.

Since 79c4eb8

For example:

1710612455.883 1: connects to server.
1710612455.884 1 -> S: CAP LS
1710612455.884 S -> 1: :My.Little.Server NOTICE * :*** Looking up your hostname
1710612455.884 S -> 1: :My.Little.Server NOTICE * :*** Checking Ident
1710612455.884 S -> 1: :My.Little.Server NOTICE * :*** No Ident response
1710612455.885 S -> 1: :My.Little.Server NOTICE * :*** Found your hostname
1710612455.885 S -> 1: :My.Little.Server CAP * LS :account-notify away-notify cap-notify chghost extended-join invite-notify multi-prefix userhost-in-names
1710612455.885 1 -> S: USER foo foo foo :foo
1710612455.885 1 -> S: NICK foo
1710612455.885 1 -> S: CAP REQ :multi-prefix
1710612455.886 S -> 1: :My.Little.Server CAP foo ACK :multi-prefix
1710612455.886 1 -> S: CAP LIST
1710612455.886 S -> 1: :My.Little.Server CAP foo LIST :multi-prefix
1710612455.887 1 -> S: CAP END
1710612455.887 S -> 1: :My.Little.Server NOTICE foo :*** You are exempt from user limits
1710612455.887 S -> 1: :My.Little.Server 396 foo il6sh5cbc5mn3xlk.irc :is now your visible host
1710612455.887 S -> 1: :My.Little.Server 001 foo :Welcome to the 2600net Internet Relay Chat Network foo!~foo@localhost
1710612455.887 S -> 1: :My.Little.Server 002 foo :Your host is My.Little.Server[0.0.0.0/48281], running version ircd-hybrid-8.2.44
1710612455.887 S -> 1: :My.Little.Server 003 foo :This server was created February 13 2024 at 18:13:44+0000
1710612455.887 S -> 1: :My.Little.Server 004 foo My.Little.Server ircd-hybrid-8.2.44 BDFGHXRSWZacefgijklnopqrswxyz CIKLMNOQRSTVZbcehiklmnoprstvz Ibehklov
1710612455.887 S -> 1: :My.Little.Server 005 foo BOT=B CALLERID CASEMAPPING=ascii DEAF=D KICKLEN=180 MODES=6 EXCEPTS INVEX NICKLEN=20 NETWORK=2600net MAXLIST=beI:100 MAXTARGETS=4 CHANTYPES=# :are supported by this server
1710612455.887 S -> 1: :My.Little.Server 005 foo CHANLIMIT=#:25 CHANNELLEN=50 TOPICLEN=80 CHANMODES=Ibe,k,l,CKLMNOQRSTVZcimnprstz PREFIX=(ohv)@%+ STATUSMSG=@%+ EXTBAN=$,Kacjmnorstuz AWAYLEN=180 KNOCK ELIST=CMNTU SAFELIST MONITOR=50 WHOX :are supported by this server
1710612455.887 S -> 1: :My.Little.Server 251 foo :There are 0 users and 1 invisible on 1 servers
1710612455.887 S -> 1: :My.Little.Server 255 foo :I have 1 clients and 0 servers

my config:

serverinfo {
    name = "My.Little.Server";
    sid = "42X";
    description = "test server";

    # Hybrid defaults to 9
    max_nick_length = 20;

};

general {
    throttle_count = 100;  # We need to connect lots of clients quickly
    sasl_service = "SaslServ";

    # Allow PART/QUIT reasons quickly
    anti_spam_exit_message_time = 0;

    # Allow all commands quickly
    pace_wait_simple = 0;
    pace_wait = 0;
};

listen {
    defer_accept = yes;

    host = "0.0.0.0";
    port = 43471;
    port = 53535;
};

class {
    name = "server";
    ping_time = 5 minutes;
    connectfreq = 5 minutes;
};
connect {
    name = "services.example.org";
    host = "127.0.0.1";  # Used to validate incoming connection
    port = 0;  # We don't need servers to connect to services
    send_password = "password";
    accept_password = "password";
    class = "server";
};
service {
    name = "services.example.org";
};

auth {
    user = "*";
    flags = exceed_limit;
    
};

operator {
    name = "operuser";
    user = "*@*";
    password = "operpassword";
    encrypted = no;
    umodes = locops, servnotice, wallop;
    flags = admin, connect, connect:remote, die, globops, kill, kill:remote,
            kline, module, rehash, restart, set, unkline, unxline, wallops, xline;
};

Since I don't know where to ask for support I'm going to ask here: how would I set up SSL/TLS using either openssl or gnutls on ircd-hybrid (latest stable release) on port 6697?

My server is an Ubuntu 14.04 VPS and IP is 104...** (block owned by DigitalOcean US). I'm also running Anope latest version services on the network and qwebirc.

Thanks for support,

Amy S.
NetAdmin @ ChiruNET

Hello,

We have a user who was able to log on to my ircd-hybrid instance with the following username in version 8.2.38:
tinfoil-hat [~[email protected]]

Now, in version 8.2.39, this is not allowed anymore. Removing the "-" fixes the username.

Connected. Now logging in.
* *** Looking up your hostname
* *** Found your hostname
* Capabilities supported: account-notify away-notify cap-notify chghost extended-join invite-notify multi-prefix userhost-in-names
* Capabilities requested: account-notify away-notify cap-notify chghost extended-join multi-prefix userhost-in-names 
* Capabilities acknowledged: account-notify away-notify cap-notify chghost extended-join multi-prefix userhost-in-names
* Closing Link: p5b151xxx.dip0.t-ipconnect.de (Invalid username [~tinfoil-h])
* Disconnected (Remote host closed socket)

I see the username validation has changed in 8.2.38 - there it worked. But not in 8.2.39.
Is this a bug or a feature? ;)

I have OPERSERV setup to use +GR (soft caller-id and messages from private users only), +G being soft caller id should require that a user be in the same channel as OPERSERV to message it, but it doesn't. I can message it with a regular registered nick even though we're not sharing any channels, however it does at least require you to me registered and identified to message it. I didn't know that one was supposed to negate the other though?

With the 8.2.30 tarball, channel mode +c is incorrectly matching accented characters as control chars. This comes down to a recent refactoring of msg_has_ctrls() that started doing numerical comparisons with signed chars. Attached patch simply reverts to the previous code with unsigned char.

hybrid-8.2.30-mode-c-fix.txt

I'm using ircd-hybrid git (8.3.39) on Linux
If do this:

listen { 
   port = 7776;
}

i get this in the ircd.log:

binding listener socket [::/7776]:Address already in use

and ircd only listens on 0.0.0.0:7776 IPv4 (according to netstat)

This (and vice versa) does work, but on two different ports:

   host = "0.0.0.0";                                                                                                                                           
   port = 7776;                                                                                                                                                
   host = "::";                                                                                                                                                
   port = 7777;         

Just wanted to provide a little feedback on my experience,

I had some syntax errors (which I'm still not really sure what they were so I just replaced the options with the example verbatim:
xxx
But I was having trouble just getting to the point where I could even see the errors in the first place, eventually I settled for strace and I found that if I used the arg ircd - logfile /dev/stdout that it was sort of writing some of the messages and would stop when I eventually determined was because this was set to no:

xxx
But I also had all sorts of other options in there for file logging that I stomped ultimately because this option use_logging is apparently mandatory to get any messages to stdout reliably.

I wouldn't really ask for a testconf like ratbox as much as it would just be nice to have some messaging (that can be suppressed with -quiet if it has to be) but to stderr in which case I can redirect it to /dev/null if nothing else (that'd be fine.) but ideally irreversibly decoupled from any control logic in the config, I've tried doing that kind of stuff before and its just too confusing I think.

doesn't need to be many messages, real basic startup messages to give me some hint that and leave the rest to use_logging. I don't really mind now that I understand sorta how it works, but there are people with little patience for which this would be a deal killer I think, their loss tbh but what a bummer if they couldn't even get past this. I'm pretty satisfied with the language of the configuration overall, still figuring this out though. I built up a network similar to this with RB once already in compose but I'm trying to be a bit neater this time around because I think I actually want to use hybrid so, unrelated note the one I setup with RB is on xxxx

It almost kinda seems like there should be a block there of some kind that groups items that probably shouldn't be different between servers like the nicklen but I don't know, the only place where I think it could possibly get out of hand in a way that isn't obvious is in the general block but nothing I couldn't figure out with diff if I had to.

It appears after a recent commit a buf to buffer change was missed on line 100 in src/send.c

send.c: In function 'send_message':
send.c:100:75: error: 'buf' undeclared (first use in this function)
client_get_name(to, HIDE_IP), (dbuf_length(&to->connection->buf_sendq) + buf->size), get_sendq(&to->connection->confs));

Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037516

winbindd results in almost all users having a \ in their name; and ircd-hybrid rejects such usernames. Identd reports the name including the \ character. ircd-hybrid says no.

on 1688276 (31b2841's parent), WHO * returns a list of users we share a channel with, as expected:

1661594302.433 1 -> S: NICK coolNick
1661594302.433 1 -> S: USER myusernam 0 * :My UniqueReal Name
[...]
1661594302.434 1 -> S: JOIN #chan
1661594302.434 S -> 1: :coolNick!~myusernam@localhost MODE coolNick :+i
1661594302.434 S -> 1: :coolNick!~myusernam@localhost JOIN :#chan
1661594302.434 S -> 1: :My.Little.Server MODE #chan +nt
1661594302.434 S -> 1: :My.Little.Server 353 coolNick = #chan :@coolNick
1661594302.434 S -> 1: :My.Little.Server 366 coolNick #chan :End of /NAMES list.

1661594302.434 2 -> S: NICK otherNick
1661594302.434 2 -> S: USER username * * :Realname
[...]
1661594302.436 S -> 2: :otherNick!~username@localhost MODE otherNick :+i
1661594302.436 2 -> S: JOIN #chan
1661594302.436 S -> 2: :otherNick!~username@localhost JOIN :#chan
1661594302.436 S -> 2: :My.Little.Server 353 otherNick = #chan :otherNick @coolNick
1661594302.436 S -> 2: :My.Little.Server 366 otherNick #chan :End of /NAMES list.

1661594302.436 2 -> S: WHO *
1661594302.436 S -> 2: :My.Little.Server 352 otherNick #chan ~username localhost My.Little.Server otherNick H :0 Realname
1661594302.436 S -> 2: :My.Little.Server 352 otherNick #chan ~myusernam localhost My.Little.Server coolNick H@ :0 My UniqueReal Name
1661594302.437 S -> 2: :My.Little.Server 315 otherNick * :End of /WHO list.

on 31b2841, WHO * no longer returns anything:

1661594319.517 1 -> S: NICK coolNick
1661594319.517 1 -> S: USER myusernam 0 * :My UniqueReal Name
[...]
1661594319.518 1 -> S: JOIN #chan
1661594319.518 S -> 1: :coolNick!~myusernam@localhost MODE coolNick :+i
1661594319.518 S -> 1: :coolNick!~myusernam@localhost JOIN :#chan
1661594319.518 S -> 1: :My.Little.Server MODE #chan +nt
1661594319.518 S -> 1: :My.Little.Server 353 coolNick = #chan :@coolNick
1661594319.518 S -> 1: :My.Little.Server 366 coolNick #chan :End of /NAMES list.

1661594319.519 2 -> S: NICK otherNick
1661594319.519 2 -> S: USER username * * :Realname
[...]
1661594319.519 S -> 2: :otherNick!~username@localhost MODE otherNick :+i
1661594319.519 2 -> S: JOIN #chan
1661594319.520 2 -> S: PING synchronize626921.520337814
1661594319.520 S -> 2: :otherNick!~username@localhost JOIN :#chan
1661594319.520 S -> 2: :My.Little.Server 353 otherNick = #chan :otherNick @coolNick
1661594319.520 S -> 2: :My.Little.Server 366 otherNick #chan :End of /NAMES list.

1661594319.520 2 -> S: WHO *
1661594319.520 S -> 2: :My.Little.Server 315 otherNick * :End of /WHO list.

I have set both ircd.conf and services.conf file, but found issue that i cannot use /identify pass , always i have to identify my nick with /msg nickserv identify pass. Maybe pseudo not working with anope services.

Good morning,

I'm working on building an IRC server (admittedly in a Docker container, commands to build are shown in: https://github.com/kkirsche/hybridirc-docker/blob/master/Dockerfile

After building it though, it appears to start, but then when I look at the process tree, it seems it's stopped / died, though without any error message. Is there any troubleshooting I can do to determine what's going wrong?

ircd@ba06240f3618:/$ /home/ircd/hybrid/bin/ircd -foreground -configfile /home/ircd/hybrid/etc/ircd.conf
ircd: version hybrid-8.2.19(20160821_7688)
ircd: pid 26
ircd: running in foreground mode from /home/ircd/hybrid
ircd@ba06240f3618:/$ ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 12:28 ?        00:00:00 /bin/bash
root        18     1  0 12:29 ?        00:00:00 su ircd
ircd        19    18  0 12:29 ?        00:00:00 bash
ircd        27    19  0 12:29 ?        00:00:00 ps -ef

Hi,

I've been doing some tests with mkpasswd on Linux and OpenBSD and it segfaults with various options.

I dont know if this is known. I will try to look more into it too.

not sure how to reach you but I started digging into fixing up my network again recently and I made a ton of progress, I was wondering if you'd be interested in coming and having a chat: https://irc.am.nl.eu.clandestine.network/ #hybrid. added some entrymsg notes on things that I am trying to setup still and the bot will send NOTICEs when you join. I'm running hybrid-8.2.39 on here and it's great, I really love hybrid. I'd prefer to chat about some stuff on there since I'm not really good at giving things a like this a good explanation the first time around without something to show but I can even walk you through some of my config.

Hello,

I have a network of two servers running 8.0.6. What is the recommended way to upgrade to latest 8.2.43 version?

I am getting error "Non-TS server" when servers are trying to link. I don't completely understand how include/server.h TS_CURRENT and TS_MINIMUM work.

I tried sending email to https://www.ircd-hybrid.org/support.html list, which does not seem to work and connecting to irc-server just says "Connection refused" (port is not open).

Hi there!

The way mkpasswd now works (using crypt() ) makes it impossible to connect servers between Linux and BSD using crypted passwords.

Linux doesnt support blowfish, and BSD only suports blowfish.

Maybe it would be better to create the hashes using OpenSSL functions, as it would be more portable.

What do you think of this ? I can try to look first into mkpasswd. And then it also has to be changed in the ircd source.

I think I found a serious bug in ban parsing on server synchronization. The ban mask is incorrectly parsed when received from a remote server. It becomes just the nick part of the mask, ie, a ban on "nick!user@host" becomes simply "nick". The original server is unaffected. I'm using the 8.2.30 tarball.

The issue seems to be in add_id() when you're reusing the input of split_nuh() in a strlcpy below. The attached patch makes sure to use a dedicated buffer for it. It works for me and has been in production for 24h.

hybrid-8.2.30-ban-fix.txt

<RANT> I have to rant a bit. This is a very serious bug that immediately impacted my network, since most bans are in the form "*!*foo@host" and this gets replicated simply as "*", banning everyone on the other servers and causing confusion in unaware ops. I wish some form of testing of basic functionality was implemented. <RANT>

mavis:~/hybrid/bin$ ./mkpasswd -6 -p morte
Segmentation fault
mavis:~/hybrid/bin$ ./mkpasswd -5 -s abcd -p morte
Segmentation fault
mavis:~/hybrid/bin$ ./mkpasswd -6 -s abcd -p morte
Segmentation fault

Everytime

While starting irc-hybrid 8.2.21 I get this error:
[2018-11-19T18:48:29+0100] Could not set TLS keys -- Error in the certificate.
[2018-11-19T18:48:29+0100] Error while initializing TLS
Certificate chain file is made by:
cat server_certificate.crt > mycert.crt
cat ca_intermediate_certificate.crt >> mycert.crt
Details on how I've created the certificates and some crt generated:
https://paste.debian.net/hidden/74892ec1/
https://paste.debian.net/hidden/12e75da8/
Can I know what I'm doing wrong/what's the problem?

Over a year ago the minimum TLS version was hardcoded to 1.2. That's fine for maximum security but it would be nice to make it configurable. In my network I had to patch src/tls_openssl.c to get some old clients connecting again.
Thanks!