225 lines
8.4 KiB
Plaintext
225 lines
8.4 KiB
Plaintext
This is the BIP IRC Proxy README.
|
|
|
|
Bip can be used in two different ways:
|
|
- Old school bnc user style: easy and straightforward.
|
|
- Unix service style with and init.d scripts and the logs in /var/log
|
|
|
|
This small README file explains the usage "Old school" with which :
|
|
- you do not need the root privileges.
|
|
- gives easy access to the logs to the owner of the shell.
|
|
|
|
Table of contents :
|
|
|
|
I. Installation
|
|
II. Configuration
|
|
A. Manual configuration
|
|
B. Automated configuration
|
|
III. Running bip
|
|
IV. Using bip
|
|
A. Connecting your client(s)
|
|
B. Backlog and flood control
|
|
C. Multiple users and ident issues
|
|
|
|
|
|
|
|
I. INSTALLATION
|
|
|
|
Install bip on the machine that will be running bip (which is likely to be
|
|
your personnal or shared server) either compiling the package or using your
|
|
distro's package. Then create a configuration file.
|
|
|
|
Choose your distribution package if available. If not, build bip the
|
|
old-fashioned way. You will need make, gcc, lex, yacc, automake,
|
|
autoconf-archive and optionally libssl-dev to build bip.
|
|
|
|
Just issue:
|
|
|
|
From bip-X.Y.Z.tar.gz package:
|
|
# ./configure && make
|
|
|
|
From repository:
|
|
# autoreconf -i
|
|
# ./configure --enable-maintainer-mode && make
|
|
|
|
If openssl and its developement files are installed, bip should build with
|
|
SSL support. After a successful build the bip binary can be found in
|
|
./src/bip.
|
|
|
|
By default, "-Werror" is used. If you encounter warnings, you could try:
|
|
# CFLAGS="-Wno-error" ./configure && make
|
|
|
|
|
|
II. CONFIGURATION
|
|
|
|
First of all, create your bip configuration an log directory:
|
|
|
|
# mkdir -p ~/.bip/logs
|
|
|
|
There are two ways to create your bip configuration :
|
|
- edit the sample bip.conf file to match your needs
|
|
- use the bipgenconfig script to easily generate a configuration
|
|
|
|
If you want to connect to bip using an SSL client, you'll need to create
|
|
a certificate / key pair (in a bip.pem file) to allow bip to serve SSL
|
|
sockets.
|
|
|
|
A. MANUAL CONFIGURATION
|
|
|
|
If you are using a distribution package, the bip.conf sample configuration
|
|
file is likely to be shipped in /usr/share/doc/bip/examples/bip.conf.gz or
|
|
something similar.
|
|
|
|
If not, you'll find sample configuration file in the source package's
|
|
`samples' subdirectory.
|
|
|
|
Put the uncompressed configuration file in your ~/.bip directory (its
|
|
path should be ~/.bip/bip.conf), and edit it, most importantly the "user"
|
|
section that contains information about you and the servers you will want
|
|
to connect to. The "name" field in the "user" section is your login to
|
|
connect to bip.
|
|
The "name" field of the "connection" subsections are the server identifier
|
|
for when you connect to bip.
|
|
|
|
The "password" field is a hash of the password you will use to connect to
|
|
bip. To generate a hash value from a password, use bipmkpw, program which
|
|
comes in the bip package and source.
|
|
|
|
If you've set client_side_ssl to true, you'll need to generate a bip.pem
|
|
file containing a certificate / key pair. In order to do so, you can use
|
|
the third party `openssl' binary :
|
|
|
|
# openssl req -new -x509 -days 365 -nodes -out bip.pem -keyout bip.pem
|
|
|
|
You can then remove the passphrase with :
|
|
|
|
# openssl x509 -subject -dates -fingerprint -noout -in bip.pem
|
|
|
|
B. AUTOMATED CONFIGURATION
|
|
|
|
You can also use the bipgenconfig script to generate a new configuration.
|
|
This script will also help you generate the SSL certificate / key pair
|
|
needed for clients to connect to BIP through SSL.
|
|
|
|
This script can be found either in the source package's `scripts'
|
|
directory or shipped with your distribution's package.
|
|
|
|
Using the script is very simple, and it will generate a configuration
|
|
file but won't overwrite any existing configuration.
|
|
|
|
It will ask you the path to the bipmkpw binary, to automatically hash the
|
|
passwords you'll provide. Please make sure to enter the correct path to
|
|
the binary or you might observe unexpected behaviour.
|
|
|
|
You'll need to move the generated configuration from bip.conf.autogen to
|
|
bip.conf and the generated PEM file from bip.pem.autogen to bip.pem (or
|
|
whatever path you've configured in bip.conf).
|
|
|
|
|
|
III. RUNNING BIP
|
|
|
|
Once all this is configured, start bip as your regular user:
|
|
|
|
# ./src/bip
|
|
|
|
If you have installed bip in your path (or if you are using you
|
|
distribution's package), simply use:
|
|
|
|
# bip
|
|
|
|
Once bip starts, it connects to the different servers your defined in
|
|
all "user"'s "connection" blocks.
|
|
|
|
|
|
IV. USING BIP
|
|
|
|
A. CONNECTING YOUR CLIENT(S)
|
|
|
|
Then you want to use your regular irc client and connect to bip. Point
|
|
your client to the machine bip is running and set the proper port number
|
|
(defined in your bip.conf). You should then configure the client to use a
|
|
specific irc server password constructed this way:
|
|
|
|
user:password:connection
|
|
|
|
The user is the name field of the "user" section, the password is the
|
|
password (*not* the hash) corresponding to the "password" field of the
|
|
same user section (which is the hash generated with bipmkpw) and the
|
|
connection is the "name" field of the "connection" subsection. This is
|
|
how bip authenticates you and puts your client to the correct network.
|
|
|
|
Using the default (or sample file) configuration, logs are in ~/.bip/logs/
|
|
|
|
B. BACKLOG AND FLOOD CONTROL
|
|
|
|
Bip has a backlogging system which will send back parts of the last logs
|
|
upon client connection. Depending on your configuration, that may mean a
|
|
*lot* of data sent back to your client.
|
|
|
|
Users' messages will be replayed as if they were being sent at the moment
|
|
your client connects to bip, and if not disabled, system messages will
|
|
appear as coming from the "-bip" user.
|
|
|
|
Considering that, you may want to disable your client's anti-flood system,
|
|
totally or not, depending on it's flexibility.
|
|
Since bip doesn't replay CTCP messages, you can safely let your client's
|
|
anti-flood system manage them.
|
|
|
|
[Xchat]
|
|
If you're using Xchat, you can "disable" it by issuing these commands :
|
|
/set flood_msg_num = 1000
|
|
/set flood_msg_time = 10
|
|
In fact you'll tell xchat to activate its anti-flood system when you're
|
|
receiving more than 1000 messages in less than 10 seconds.
|
|
|
|
If you forgot to set these, private messages may not appear in separate
|
|
tabs as usual. If so, simply issue a :
|
|
/set gui_auto_open_dialog on
|
|
|
|
C. MULTIPLE USERS AND IDENT ISSUES
|
|
|
|
When you host many connections to the same IRC network, you might have
|
|
more connections than allowed by the network from one host.
|
|
|
|
Depending on the network and the services it runs, session limits may be
|
|
enforced either matching only your ip address/hostname, or matching the
|
|
username/ident part too.
|
|
|
|
To avoid being killed for session limit exceeded, you should define a
|
|
default_username in each user {}; block. A user without default_username
|
|
would appear as ~bip@yourhost if bip is the system user running bip. With
|
|
a default_username set to "myuser", he would appear as ~myuser@yourhost,
|
|
which may be sufficient for most networks.
|
|
|
|
If the network you're on is a bit more demanding, you can set up an
|
|
oidentd server on your host, and enable oidentd spoofing support
|
|
('write_oidentd = true;' option in bip configuration file). Let's
|
|
say bip is the system user running bip, you should add to
|
|
your /etc/oidentd.conf :
|
|
|
|
user "bip" {
|
|
default {
|
|
allow spoof_all
|
|
allow spoof_privport
|
|
allow spoof
|
|
}
|
|
}
|
|
|
|
Then reload oidentd and make sure that ~bip is accessible (+rx) by the
|
|
user running oidentd (which means most of the time ~bip should be world
|
|
readable and browsable +rx).
|
|
|
|
If you already have a ~bip/.oidentd.conf file, don't worry, bip'll only
|
|
add its entries without deleting any of the contents of the file.
|
|
This step should remove the "~" character from the username/ident part of
|
|
your ircmask, and thus satisfy some networks.
|
|
|
|
If the network is still killing you for session limit exceeded, you'll
|
|
have to contact it's admins and ask them for an exception on your host or
|
|
ip address.
|
|
|
|
|
|
Happy ircing!
|
|
|
|
-- Arnaud Cornet <nohar@t1r.net> and Loïc Gomez <bip@kyoshiro.org>
|
|
|