IRCd
Encyclopedia
An IRCd, short for Internet Relay Chat
daemon
, is server software
that implements the IRC protocol, enabling people to talk to each other via the Internet
(exchanging textual messages in real time). It is distinct from an IRC bot that connects outbound to an IRC channel.
The server listens to connections from IRC clients on a set of TCP ports
. When the server is part of an IRC network, it also keeps one or more established connections to other servers/daemons.
The term ircd originally referred to only one single piece of software, but it eventually became a generic reference to any implementation of an IRC daemon. However, the original version is still distributed under the same name, and this article discusses both uses.
(WiZ on IRC) in 1988. He received help from a number of others, such as Markku Savela (msa on IRC), who helped with the 2.2+msa release, etc.
In its first incarnations, IRC did not have many features that are taken for granted today, such as named channels and channel operators. Channels were numbered – channel 4 and channel 57, for example – and the channel topic described the kind of conversation that took place in the channel. One holdover of this is that joining channel 0 causes a client to leave all the channels it is presently on: "CHANNEL 0" being the original command to leave the current channel.
The first major change to IRC, in version 2.5, was to add named channels – "+channels". "+channels" were later replaced with "#channels" in version 2.7, numeric channels were removed entirely and channel bans (mode +b) were implemented.
Around version 2.7, there was a small but notable dispute, which led to ircu
– the Undernet
fork of ircd.
irc2.8 added "&channels" (those that exist only on the current server, rather than the entire network) and "!channels" (those that are theoretically safe from suffering from the many ways that a user could exploit a channel by "riding a netsplit
"), and is the baseline release from which nearly all current implementations are derived.
Around 2.8 came the concept of nick and channel delay, a system designed to help curb abusive practices such as takeovers
and split riding. This was not agreed on by the majority of modern IRC (EFnet, DALnet, Undernet, etc.) - and thus, 2.8 was forked into a number of different daemons using an opposing theory known as TS – or time stamping, which stored a unique time stamp with each channel or nickname on the network to decide which was the 'correct' one to keep. More information on this may be found at http://www.ircd-hybrid.com/history.html.
Time stamping itself has been revised several times to fix various issues in its design. The latest versions of such protocols are:
While the client-to-server protocols are at least functionally similar, server-to-server protocols differ widely (TS5, P10, and ND/CD server protocols are incompatible), making it very difficult to "link" two separate implementations of the IRC server. Some "bridge" servers do exist, to allow linking of, for example, 2.10 servers to TS5 servers, but these are often accompanied with restrictions of which parts of each protocol may be used, and are not widely deployed.
Significant releases based on 2.8 included:
The original code base continued to be developed mainly for use on the IRCnet
network. New server-to-server protocols were introduced in version 2.10, released in 1998, and in 2.11, first released in 2004, and current . This daemon is used by IRCnet
and it can be found at http://www.irc.org/ftp/irc/server/ The original ircd is free software
, licensed under the GNU General Public License
.
This development line produced the 4 IRC RFCs released after RFC 1459, which document this server protocol exclusively.
2.8.21+CS and Hybrid IRCd continue to be used on EFnet
, with ircd-ratbox (an offshoot of ircd-hybrid) being the most popular.
These attempts have met with mixed success, and large doses of skepticism from the existing IRC development community. With each new IRCd, a slightly different version of the IRC protocol is used, and many IRC clients and bots
are forced to compromise on features or vary their implementation based on the server to which they are connected. These are often implemented for the purpose of improving usability, security, separation of powers, or ease of integration with services
. Possibly one of the most common and visible differences is the inclusion or exclusion of the half-op channel operator status (which is not a requirement of the RFCs).
system means that the daemon would have to have superuser
privileges in order to open them. For various security
reasons this is undesirable.
The common ports for an IRCd process are 6665 to 6669, with 6667 being the historical default. These ports can be opened by a non-superuser process, and they became widely used.
open for long periods. Very few ircds are multithreaded
as nearly every action needs to access (at least read and possibly modify) the global state.
The result is that the best platforms for ircds are those that offer efficient mechanisms for handling huge numbers of connections in a single thread. Linux
offers this ability in the form of epoll
, in kernel series newer than 2.4.x. FreeBSD
(since 4.1) and OpenBSD (since 2.9) offers kqueue
. Solaris has had /dev/poll since version 7, and from version 10 onwards has IOCP (I/O Completion Ports). Windows has supported IOCP since Windows NT 3.5. The difference made by these new interfaces can be dramatic. IRCU coders have mentioned increases in the practical capacity per server from 10,000 users to 20,000 users.
, for those who don't, it is still possible to use SSL via Stunnel
. The unofficial, but most often used port for SSL IRCd connections is 6697. More recently, as a security enhancement and usability enhancement, various client and server authors have begun drafting a standard known as the STARTTLS standard which allows for SSL and plain text connections to co-exist on the same TCP port.
, and some also support IPv6
. In general, the difference between IPv6 and IPv4 connections to IRC is purely academic and the service operates in much the same manner through either protocol.
protocol for server to server communications developed by the Undernet Coder Committee to use in their ircu
server software. It is similar in purpose to IRCX
and EFnet TS5/TS6 protocols and implements nick and channel timestamping for handling nick collisions and netsplit channel riding, respectively. Other IRCd's that utilize this protocol extension include beware ircd.
or network
or said server on the network. One possible explanation of how this term came about is that it is named after the oper
named Jupiter, who gained control of the nickname NickServ on EFnet
. EFnet does not offer services such as NickServ; Jupiter gained control of the nickname as he (among other operators) did not believe nicknames should be owned. Today, EFnet opers jupe nicknames that are used as services on other networks.
A nickname or server jupe takes advantage of the fact that certain identifiers are unique; by using an identifier, one acquires an exclusive lock that prevents other users from making use of it.
Officially sanctioned jupes may also utilize services or server configuration options to enforce the jupe, such as when a compromised server is juped to prevent it from harming the network.
In practice IRC operators now use jupe configurations to administratively make channel or nicknames unavailable. A channel jupe refers to a server specific ban of a channel, which means that a specific channel cannot be joined when connected to a certain server, but other servers may allow a user to join the channel. This is a way of banning access to problematic channels.
and which permissions they get upon doing so. The name comes from the prefix used for the line in the original ircd, a capital O. The O-line specifies the username, password, operator flags, and hostmask restrictions for a particular operator. A server may have many O-lines depending on the administrative needs of the server and network.
Operator flags are used to describe the permissions an operator is granted. While some IRC operators may be in charge of network routing, others may be in charge of network abuse, making their need for certain permissions different. Operator flags available vary widely depending on which IRC daemon is in use. Generally, more feature rich IRC daemons tend to have more operator flags, and more traditional IRC daemons have fewer.
An O-line may also be set so that only users of a certain hostmask or IP address
can gain IRC operator status using that O-line. Using hostmasks and IP addresses in the O-line require the IP address to remain the same but provide additional security.
While the precise reason for the disconnection varies from case to case, usual reasons involve some aspect of the client or the user it is issued against.
User behavior
Client software
Geographic location
There are a number of other network "lines" relating to the K-line. Modern IRC daemons will also allow IRC operators to set these lines during normal operation, where access to the server configuration file is not routinely needed.
but on DALnet
a similar concept known as an AKill was used.
G-lines are sometimes stored in the configuration file
of the IRCd, although some networks, who handle K-lines through the IRC services
, prefer to have them stored in their service's configuration files. Whenever a G-lined person attempts to connect to the IRC network, either the services or the IRC daemon will automatically disconnect the client, often displaying a message explaining the "reasoning" behind the ban.
G-lines are a variant of K-lines, which work in much the same way, except K-lines only disconnect clients on one server of the network. G-lines are normally applied to a user who has received a K-line on one server but continues to abuse the network by connecting via a different server. G-lines are often regarded as an extreme measure, only to be used in cases of repeated abuse when extensive attempts have been made to reason with the offending user. Therefore, especially on larger networks, often only very high ranking global IRC operator
s are permitted to set them, while K-lines, which are mostly regarded as a local affair, are left to the operators of the individual server
in the network.
G-lines also work slightly differently from K-lines. G-lines are typically set as *@IPaddress or *@host, with the first being the better option. G-lines do still wait for an ident
response from the connecting user (if specified in the banmask), but immediately close the socket once the user's IP address is compared to the G-line list and a match is found. If the *@host option is used, the server must conduct a reverse DNS lookup on the user and then compare the returned host to the hosts in the G-line list. This results in delay, and, if the DNS doesn't return correct results, the banned user may still get on the network.
Z-lines are sometimes stored in the configuration file of the IRCd, although some networks, who handle lines through the IRC services, prefer to have them stored in their service's configuration files. Whenever a Z-lined person attempts to connect to the IRC network, either the services or the IRC daemon will automatically disconnect the client, often displaying a message explaining the reasoning behind the ban.
Z-lines are a variant of K-lines, which work in much the same way. Most Z-lines are "awarded" to people who abuse the network as a whole (on smaller networks, these are more frequently issued for isolated incidents).
Z-lines also work slightly differently than K-lines. Z-lines are typically set as *@IP or *@host, with the first being the better option. Z-lines do not wait for an ident response from the connecting user, but immediately close the socket once the user's IP is compared to the Z-line list and a match is found. If the *@host option is used, the server must conduct a reverse DNS lookup on the user and then compare the returned host to the hosts in the Z-line list. This can result in delays, or if the DNS doesn't return correctly, banned users could still get on the network. In actuality, the *@host option is completely against the intentions of using a Z-line, and therefore some IRCd programs will not allow anything other than *@IP, with wildcards
(?,*) allowed in the IP section to block entire subnets. Another difference from K-lines (which affect only IRC clients) is if an IP is banned, nothing, not even other servers, can connect from this IP (or IP range, depending on the banmask).
One advantage to using Z-lines over K-lines and G-lines, from a server or network administrator's perspective, a Z-line uses less bandwidth than a K-line, mainly because it doesn't wait for an ident
response or DNS
lookup.
A disadvantage to using Z-line over K-line or G-line is that it becomes more difficult to ban entire ISPs and very dynamic IP addresses, common with some dialup and DSL
connections. For example, if a network administrator wants to ban all of ISP example.com (with hypothetical IP address
ranges of 68.0.0.0 - 68.255.255.255 and 37.0.0.0 - 38.255.255.255), a G-line regex
could be *@*example.com, whereas Z-line would require *@37.*.*.*, *@38.*.*.*, and *@68.*.*.* to accomplish the same thing.
Z-lines can also be global, in which case they are called GZ-lines. GZ-lines work in the same manner as Z-lines, except that they propagate to every server on the network.
nicknames by non-operators. Some IRC daemons may disconnect users when initially applying the Q-line, whilst others will force a nickname change, or do nothing until the user covered by the Q-line reconnects. Other IRCds, like Charybdis, use the 'RESV' command instead, with the stats letter remaining as Q.
Internet Relay Chat
Internet Relay Chat is a protocol for real-time Internet text messaging or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file...
daemon
Daemon (computer software)
In Unix and other multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user...
, is server software
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
that implements the IRC protocol, enabling people to talk to each other via the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
(exchanging textual messages in real time). It is distinct from an IRC bot that connects outbound to an IRC channel.
The server listens to connections from IRC clients on a set of TCP ports
TCP and UDP port
In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. A port is associated with an IP address of the host, as well as the type of protocol used for communication...
. When the server is part of an IRC network, it also keeps one or more established connections to other servers/daemons.
The term ircd originally referred to only one single piece of software, but it eventually became a generic reference to any implementation of an IRC daemon. However, the original version is still distributed under the same name, and this article discusses both uses.
History
The original IRCd was known as 'ircd', and was authored by Jarkko OikarinenJarkko Oikarinen
Jarkko Oikarinen is the inventor of the first Internet chat network, called Internet Relay Chat , where he is known as WiZ. While working at the University of Oulu in August 1988, he wrote the first IRC server and client programs, which he produced to replace the MUT program on the Finnish BBS...
(WiZ on IRC) in 1988. He received help from a number of others, such as Markku Savela (msa on IRC), who helped with the 2.2+msa release, etc.
In its first incarnations, IRC did not have many features that are taken for granted today, such as named channels and channel operators. Channels were numbered – channel 4 and channel 57, for example – and the channel topic described the kind of conversation that took place in the channel. One holdover of this is that joining channel 0 causes a client to leave all the channels it is presently on: "CHANNEL 0" being the original command to leave the current channel.
The first major change to IRC, in version 2.5, was to add named channels – "+channels". "+channels" were later replaced with "#channels" in version 2.7, numeric channels were removed entirely and channel bans (mode +b) were implemented.
Around version 2.7, there was a small but notable dispute, which led to ircu
Ircu
ircu is the name of the IRC daemon software written for and used on the Undernet IRC network.ircu is one of the few servers that is based on the irc2.7 codebase of the original IRCd....
– the Undernet
Undernet
The Undernet is the fourth-largest publicly-monitored Internet Relay Chat network circa 2011, with about 12 client servers serving 60,000 users in 11,000 channels at any given time....
fork of ircd.
irc2.8 added "&channels" (those that exist only on the current server, rather than the entire network) and "!channels" (those that are theoretically safe from suffering from the many ways that a user could exploit a channel by "riding a netsplit
IRC takeover
An IRC channel takeover is an acquisition of IRC channel operator status by someone other than the channel's owner. It has largely been eliminated due to the increased use of services on IRC networks.-Riding the split:...
"), and is the baseline release from which nearly all current implementations are derived.
Around 2.8 came the concept of nick and channel delay, a system designed to help curb abusive practices such as takeovers
IRC takeover
An IRC channel takeover is an acquisition of IRC channel operator status by someone other than the channel's owner. It has largely been eliminated due to the increased use of services on IRC networks.-Riding the split:...
and split riding. This was not agreed on by the majority of modern IRC (EFnet, DALnet, Undernet, etc.) - and thus, 2.8 was forked into a number of different daemons using an opposing theory known as TS – or time stamping, which stored a unique time stamp with each channel or nickname on the network to decide which was the 'correct' one to keep. More information on this may be found at http://www.ircd-hybrid.com/history.html.
Time stamping itself has been revised several times to fix various issues in its design. The latest versions of such protocols are:
- the TS6 protocol, which is used by EFnetEFnetEFnet or Eris Free network is a major IRC network, with more than 35,000 users. It is the modern-day descendant of the original IRC network.- History :...
, and Hybrid and Ratbox based servers amongst others - the P10 protocol, which is used by UndernetUndernetThe Undernet is the fourth-largest publicly-monitored Internet Relay Chat network circa 2011, with about 12 client servers serving 60,000 users in 11,000 channels at any given time....
and ircuIrcuircu is the name of the IRC daemon software written for and used on the Undernet IRC network.ircu is one of the few servers that is based on the irc2.7 codebase of the original IRCd....
based servers.
While the client-to-server protocols are at least functionally similar, server-to-server protocols differ widely (TS5, P10, and ND/CD server protocols are incompatible), making it very difficult to "link" two separate implementations of the IRC server. Some "bridge" servers do exist, to allow linking of, for example, 2.10 servers to TS5 servers, but these are often accompanied with restrictions of which parts of each protocol may be used, and are not widely deployed.
Significant releases based on 2.8 included:
- 2.8.21+CS, developed by Chris Behrens (Comstud)
- 2.8+th, Taner's patchset, which later became
- Hybrid IRCd, originally developed by Jon Lusky (Rodder) and Diane Bruce (Dianora) as 2.8/hybrid, later joined by a large development team.
- 2.9, 2.10, 2.11, ... continue the development of the original codebase,
The original code base continued to be developed mainly for use on the IRCnet
IRCnet
IRCnet is one of the largest IRC networks with more than 60,000 users using it daily. An early 2005 record had approximately 123,110 users simultaneously connected to the network.-History:...
network. New server-to-server protocols were introduced in version 2.10, released in 1998, and in 2.11, first released in 2004, and current . This daemon is used by IRCnet
IRCnet
IRCnet is one of the largest IRC networks with more than 60,000 users using it daily. An early 2005 record had approximately 123,110 users simultaneously connected to the network.-History:...
and it can be found at http://www.irc.org/ftp/irc/server/ The original ircd is free software
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
, licensed under the GNU General Public License
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
.
This development line produced the 4 IRC RFCs released after RFC 1459, which document this server protocol exclusively.
2.8.21+CS and Hybrid IRCd continue to be used on EFnet
EFnet
EFnet or Eris Free network is a major IRC network, with more than 35,000 users. It is the modern-day descendant of the original IRC network.- History :...
, with ircd-ratbox (an offshoot of ircd-hybrid) being the most popular.
Sidestream versions
More recently, several irc daemons were written from scratch, such as ithildin, InspIRCd, csircd (also written by Chris Behrens), ConferenceRoom, Microsoft Exchange Chat Service, WeIRCd, or IRCPlus/IRCXPro.These attempts have met with mixed success, and large doses of skepticism from the existing IRC development community. With each new IRCd, a slightly different version of the IRC protocol is used, and many IRC clients and bots
IRC bot
thumb|409px|right|An IRC bot performing a simple task.An IRC bot is a set of scripts or an independent program that connects to Internet Relay Chat as a client, and so appears to other IRC users as another user...
are forced to compromise on features or vary their implementation based on the server to which they are connected. These are often implemented for the purpose of improving usability, security, separation of powers, or ease of integration with services
IRC services
Internet Relay Chat services is a name for a set of features implemented on many modern Internet Relay Chat networks. Services are automated bots with special status which are generally used to provide users with access with certain privileges and protection...
. Possibly one of the most common and visible differences is the inclusion or exclusion of the half-op channel operator status (which is not a requirement of the RFCs).
Ports
The officially assigned port numbers are 194 ("irc"), 529 ("irc-serv"), and 994 ("ircs"). However, these ports are in the privileged range (0-1024), which on a Unix-likeUnix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
system means that the daemon would have to have superuser
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
privileges in order to open them. For various security
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
reasons this is undesirable.
The common ports for an IRCd process are 6665 to 6669, with 6667 being the historical default. These ports can be opened by a non-superuser process, and they became widely used.
Connections
Running a large IRC server, one that has more than a few thousand simultaneous users, requires keeping a very large number of TCP connectionsTransmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
open for long periods. Very few ircds are multithreaded
Thread (computer science)
In computer science, a thread of execution is the smallest unit of processing that can be scheduled by an operating system. The implementation of threads and processes differs from one operating system to another, but in most cases, a thread is contained inside a process...
as nearly every action needs to access (at least read and possibly modify) the global state.
The result is that the best platforms for ircds are those that offer efficient mechanisms for handling huge numbers of connections in a single thread. Linux
Linux kernel
The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
offers this ability in the form of epoll
Epoll
epoll is a scalable I/O event notification mechanism for Linux, first introduced in Linux 2.5.44 . It is meant to replace the older POSIX select and poll system calls, to achieve better performance in more demanding applications, where the number of watched file descriptors is large...
, in kernel series newer than 2.4.x. FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
(since 4.1) and OpenBSD (since 2.9) offers kqueue
Kqueue
Kqueue is a scalable event notification interface introduced in FreeBSD 4.1, also supported in NetBSD, OpenBSD, DragonflyBSD, and Mac OS X. It's the foundation of Apple's Grand Central Dispatch....
. Solaris has had /dev/poll since version 7, and from version 10 onwards has IOCP (I/O Completion Ports). Windows has supported IOCP since Windows NT 3.5. The difference made by these new interfaces can be dramatic. IRCU coders have mentioned increases in the practical capacity per server from 10,000 users to 20,000 users.
SSL
Some IRCd support SSLTransport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
, for those who don't, it is still possible to use SSL via Stunnel
Stunnel
Stunnel is an open-source multi-platform computer program, used to provide universal TLS/SSL tunneling service.Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. It runs on a variety of operating systems , including most...
. The unofficial, but most often used port for SSL IRCd connections is 6697. More recently, as a security enhancement and usability enhancement, various client and server authors have begun drafting a standard known as the STARTTLS standard which allows for SSL and plain text connections to co-exist on the same TCP port.
IPv4 and IPv6
IRC daemons support IPv4IPv4
Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
, and some also support IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
. In general, the difference between IPv6 and IPv4 connections to IRC is purely academic and the service operates in much the same manner through either protocol.
Clustering
Large IRC networks consist of multiple servers for horizontal scaling purposes. There are several IRC protocol extensions for these purposes.IRCX
IRCX (Internet Relay Chat eXtensions) is an extension to the IRC protocol developed by MicrosoftP10
The P10 protocol is an extension to the Internet Relay ChatInternet Relay Chat
Internet Relay Chat is a protocol for real-time Internet text messaging or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file...
protocol for server to server communications developed by the Undernet Coder Committee to use in their ircu
Ircu
ircu is the name of the IRC daemon software written for and used on the Undernet IRC network.ircu is one of the few servers that is based on the irc2.7 codebase of the original IRCd....
server software. It is similar in purpose to IRCX
IRCX
IRCX is an extension to the IRC protocol, developed by Microsoft.IRCX defines ways to use SASL authentication to authenticate securely to the server, channel properties/metadata, multilingual support that can be queried using the enhanced "LISTX" command , an additional user level IRCX (Internet...
and EFnet TS5/TS6 protocols and implements nick and channel timestamping for handling nick collisions and netsplit channel riding, respectively. Other IRCd's that utilize this protocol extension include beware ircd.
Jupe
In Internet Relay Chat (IRC), juping a server, a channel, or a nickname refers to the practice of blocking said channel or nickname on the serverServer (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
or network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
or said server on the network. One possible explanation of how this term came about is that it is named after the oper
IRC operator
An IRC operator is a user on an Internet Relay Chat network who has privileged access. IRC operators are charged with the task of enforcing the network's rules, and in many cases, improving the network in various areas...
named Jupiter, who gained control of the nickname NickServ on EFnet
EFnet
EFnet or Eris Free network is a major IRC network, with more than 35,000 users. It is the modern-day descendant of the original IRC network.- History :...
. EFnet does not offer services such as NickServ; Jupiter gained control of the nickname as he (among other operators) did not believe nicknames should be owned. Today, EFnet opers jupe nicknames that are used as services on other networks.
A nickname or server jupe takes advantage of the fact that certain identifiers are unique; by using an identifier, one acquires an exclusive lock that prevents other users from making use of it.
Officially sanctioned jupes may also utilize services or server configuration options to enforce the jupe, such as when a compromised server is juped to prevent it from harming the network.
In practice IRC operators now use jupe configurations to administratively make channel or nicknames unavailable. A channel jupe refers to a server specific ban of a channel, which means that a specific channel cannot be joined when connected to a certain server, but other servers may allow a user to join the channel. This is a way of banning access to problematic channels.
O-line
An O-line, shortened from Operator Line, is a line of code in an IRC daemon configuration file that determines which users can become an IRC operatorIRC operator
An IRC operator is a user on an Internet Relay Chat network who has privileged access. IRC operators are charged with the task of enforcing the network's rules, and in many cases, improving the network in various areas...
and which permissions they get upon doing so. The name comes from the prefix used for the line in the original ircd, a capital O. The O-line specifies the username, password, operator flags, and hostmask restrictions for a particular operator. A server may have many O-lines depending on the administrative needs of the server and network.
Operator flags are used to describe the permissions an operator is granted. While some IRC operators may be in charge of network routing, others may be in charge of network abuse, making their need for certain permissions different. Operator flags available vary widely depending on which IRC daemon is in use. Generally, more feature rich IRC daemons tend to have more operator flags, and more traditional IRC daemons have fewer.
An O-line may also be set so that only users of a certain hostmask or IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
can gain IRC operator status using that O-line. Using hostmasks and IP addresses in the O-line require the IP address to remain the same but provide additional security.
K-line
A k-line or kill line (also written K:line) is an Internet Relay Chat term, applied to a specific user. When a user is k-lined, it bans the user from a certain server, either for a certain amount of time or permanently. Once the user is banned, they are not allowed back onto that server; they have to join a different server to get onto IRC. This is recorded as a line in the server's IRC daemon configuration file prefixed with the letter "K", hence "K-line".While the precise reason for the disconnection varies from case to case, usual reasons involve some aspect of the client or the user it is issued against.
User behavior
- K-lines can be given due to inappropriate behavior on the part of the user, such as nickname colliding, mode "hacking", multiple channel flooding, harassing other users via private messaging features, spamming etc., or in the case of older networks without timestamping, split riding, which cannot be corrected through use of channel operator privileges alone.
Client software
- Some IRC daemons can be configured to scan for viruses or other vulnerabilities in clients connecting to them, and will react in various ways according to the result. Outdated and insecure client software might be blocked to protect other network users from vulnerabilities, for instance. Some networks, e.g. freenodeFreenodefreenode, formerly known as Open Projects Network, is an IRC network used to discuss peer-directed projects. Their servers are all accessible from the domain name [irc://chat.freenode.net chat.freenode.net], which load balances connections by using the actual servers in rotation...
, will disconnect clients operating on/via open proxiesProxy serverIn computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...
, or running an insecure web server.
Geographic location
- An IRC network operating multiple servers in different locales will attempt to reduce the distance between a client and a server. This is often achieved by disconnecting (and/or banning) clients from distant locales in favour of local ones.
There are a number of other network "lines" relating to the K-line. Modern IRC daemons will also allow IRC operators to set these lines during normal operation, where access to the server configuration file is not routinely needed.
G-line
A G-line or global kill line (also written G:line) is a global network ban applied to a user; the term comes from UndernetUndernet
The Undernet is the fourth-largest publicly-monitored Internet Relay Chat network circa 2011, with about 12 client servers serving 60,000 users in 11,000 channels at any given time....
but on DALnet
DALnet
DALnet is an Internet Relay Chat network that is currently populated by a stable population of around 30,000 users in about 18,000 channels, with 40 servers making up the network....
a similar concept known as an AKill was used.
G-lines are sometimes stored in the configuration file
Configuration file
In computing, configuration files, or config files configure the initial settings for some computer programs. They are used for user applications, server processes and operating system settings. The files are often written in ASCII and line-oriented, with lines terminated by a newline or carriage...
of the IRCd, although some networks, who handle K-lines through the IRC services
IRC services
Internet Relay Chat services is a name for a set of features implemented on many modern Internet Relay Chat networks. Services are automated bots with special status which are generally used to provide users with access with certain privileges and protection...
, prefer to have them stored in their service's configuration files. Whenever a G-lined person attempts to connect to the IRC network, either the services or the IRC daemon will automatically disconnect the client, often displaying a message explaining the "reasoning" behind the ban.
G-lines are a variant of K-lines, which work in much the same way, except K-lines only disconnect clients on one server of the network. G-lines are normally applied to a user who has received a K-line on one server but continues to abuse the network by connecting via a different server. G-lines are often regarded as an extreme measure, only to be used in cases of repeated abuse when extensive attempts have been made to reason with the offending user. Therefore, especially on larger networks, often only very high ranking global IRC operator
IRC operator
An IRC operator is a user on an Internet Relay Chat network who has privileged access. IRC operators are charged with the task of enforcing the network's rules, and in many cases, improving the network in various areas...
s are permitted to set them, while K-lines, which are mostly regarded as a local affair, are left to the operators of the individual server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
in the network.
G-lines also work slightly differently from K-lines. G-lines are typically set as *@IPaddress or *@host, with the first being the better option. G-lines do still wait for an ident
Ident
The Ident Protocol, specified in RFC 1413, is an Internet protocol that helps identify the user of a particular TCP connection. One popular daemon program for providing the ident service is identd.-How ident works:...
response from the connecting user (if specified in the banmask), but immediately close the socket once the user's IP address is compared to the G-line list and a match is found. If the *@host option is used, the server must conduct a reverse DNS lookup on the user and then compare the returned host to the hosts in the G-line list. This results in delay, and, if the DNS doesn't return correct results, the banned user may still get on the network.
Z-line
A Z-line or zap line (also written Z:line) is similar to a K-line, but applied to a client's IP address range, and is considered to be used in extreme cases. Because a Z-line does not have to check usernames (identd) or resolved hostnames, it can be applied to a user before they send any data at all upon connection. Therefore a Z-line is more efficient and uses fewer resources than a K-line or G-line when banning large numbers of users. Because not all IRCds are the same, others such as Charybdis use a D-line or X-line instead.Z-lines are sometimes stored in the configuration file of the IRCd, although some networks, who handle lines through the IRC services, prefer to have them stored in their service's configuration files. Whenever a Z-lined person attempts to connect to the IRC network, either the services or the IRC daemon will automatically disconnect the client, often displaying a message explaining the reasoning behind the ban.
Z-lines are a variant of K-lines, which work in much the same way. Most Z-lines are "awarded" to people who abuse the network as a whole (on smaller networks, these are more frequently issued for isolated incidents).
Z-lines also work slightly differently than K-lines. Z-lines are typically set as *@IP or *@host, with the first being the better option. Z-lines do not wait for an ident response from the connecting user, but immediately close the socket once the user's IP is compared to the Z-line list and a match is found. If the *@host option is used, the server must conduct a reverse DNS lookup on the user and then compare the returned host to the hosts in the Z-line list. This can result in delays, or if the DNS doesn't return correctly, banned users could still get on the network. In actuality, the *@host option is completely against the intentions of using a Z-line, and therefore some IRCd programs will not allow anything other than *@IP, with wildcards
Wildcard character
-Telecommunication:In telecommunications, a wildcard character is a character that may be substituted for any of a defined subset of all possible characters....
(?,*) allowed in the IP section to block entire subnets. Another difference from K-lines (which affect only IRC clients) is if an IP is banned, nothing, not even other servers, can connect from this IP (or IP range, depending on the banmask).
One advantage to using Z-lines over K-lines and G-lines, from a server or network administrator's perspective, a Z-line uses less bandwidth than a K-line, mainly because it doesn't wait for an ident
Ident
The Ident Protocol, specified in RFC 1413, is an Internet protocol that helps identify the user of a particular TCP connection. One popular daemon program for providing the ident service is identd.-How ident works:...
response or DNS
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
lookup.
A disadvantage to using Z-line over K-line or G-line is that it becomes more difficult to ban entire ISPs and very dynamic IP addresses, common with some dialup and DSL
Digital Subscriber Line
Digital subscriber line is a family of technologies that provides digital data transmission over the wires of a local telephone network. DSL originally stood for digital subscriber loop. In telecommunications marketing, the term DSL is widely understood to mean Asymmetric Digital Subscriber Line ,...
connections. For example, if a network administrator wants to ban all of ISP example.com (with hypothetical IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
ranges of 68.0.0.0 - 68.255.255.255 and 37.0.0.0 - 38.255.255.255), a G-line regex
Regular expression
In computing, a regular expression provides a concise and flexible means for "matching" strings of text, such as particular characters, words, or patterns of characters. Abbreviations for "regular expression" include "regex" and "regexp"...
could be *@*example.com, whereas Z-line would require *@37.*.*.*, *@38.*.*.*, and *@68.*.*.* to accomplish the same thing.
Z-lines can also be global, in which case they are called GZ-lines. GZ-lines work in the same manner as Z-lines, except that they propagate to every server on the network.
Q-line
On some IRCds, such as UnrealIRCd, a Q-line forbids a nickname, or any nickname matching a given pattern. This is most often used to forbid use of services nicknames (such as 'X', or NickServ) or forbid use of IRC operatorIRC operator
An IRC operator is a user on an Internet Relay Chat network who has privileged access. IRC operators are charged with the task of enforcing the network's rules, and in many cases, improving the network in various areas...
nicknames by non-operators. Some IRC daemons may disconnect users when initially applying the Q-line, whilst others will force a nickname change, or do nothing until the user covered by the Q-line reconnects. Other IRCds, like Charybdis, use the 'RESV' command instead, with the stats letter remaining as Q.
See also
- Comparison of IRC daemons
- Internet Relay ChatInternet Relay ChatInternet Relay Chat is a protocol for real-time Internet text messaging or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file...
- Internet Relay Chat servicesInternet Relay Chat servicesInternet Relay Chat services is a name for a set of features implemented on many modern Internet Relay Chat networks. Services are automated bots with special status which are generally used to provide users with access with certain privileges and protection...
External links
- irc.org - IRC resources
- Technical comparison of TS and nickname delay mechanisms
- DarkFire IRC Manual (network specific)
- Undernet K-Line and G-Line FAQ with reasons for them, amongst other things
- EFnet FAQ with several -line terms explained
- Quakenet General FAQ G/K-Line
- GLine, KLine, QLine and ELine syntax