IRC Proxy (my mirror - the official repo is hosted outside github)
C VimL
Latest commit 7712ae3 Jun 16, 2010 Trou committed with Arnaud Cornet Fix typo

README

This is the BIP IRC Proxy README.

Bip can be used in two different ways:
- Old school bnc user style: easy and straightforward.
- Unix service style with and init.d scripts and the logs in /var/log

This small README file explains the usage "Old school" with which :
 - you do not need the root privileges.
 - gives easy access to the logs to the owner of the shell.

Table of contents :

	I.	Installation
	II.	Configuration
	   A.	  Manual configuration
	   B.	  Automated configuration
	III.	Running bip
	IV.	Using bip
	   A.	  Connecting your client(s)
	   B.	  Backlog and flood control
	   C.	  Multiple users and ident issues



I. INSTALLATION

    Install bip on the machine that will be running bip (which is likely to be
    your personnal or shared server) either compiling the package or using your
    distro's package. Then create a configuration file.

    Choose your distribution package if available. If not, build bip the
    old-fashioned way. You will need make, gcc, lex and yacc to build bip.
    Just issue:

    # ./configure --enable-oidentd && make

    If openssl and its developement files are installed, bip should build with
    SSL support. After a successful build the bip binary can be found in
    ./src/bip.


II. CONFIGURATION

    First of all, create your bip configuration an log directory:

    # mkdir -p ~/.bip/logs

    There are two ways to create your bip configuration :
    - edit the sample bip.conf file to match your needs
    - use the bipgenconfig script to easily generate a configuration

    If you want to connect to bip using an SSL client, you'll need to create
    a certificate / key pair (in a bip.pem file) to allow bip to serve SSL
    sockets.

    A. MANUAL CONFIGURATION

      If you are using a distribution package, the bip.conf sample configuration
      file is likely to be shipped in /usr/share/doc/bip/examples/bip.conf.gz or
      something similar.

      If not, you'll find sample configuration file in the source package's
      `samples' subdirectory.

      Put the uncompressed configuration file in your ~/.bip directory (its
      path should be ~/.bip/bip.conf), and edit it, most importantly the "user"
      section that contains information about you and the servers you will want
      to connect to. The "name" field in the "user" section is your login to
      connect to bip.
      The "name" field of the "connection" subsections are the server identifier
      for when you connect to bip.

      The "password" field is a hash of the password you will use to connect to
      bip. To generate a hash value from a password, use bipmkpw, program which
      comes in the bip package and source.

      If you've set client_side_ssl to true, you'll need to generate a bip.pem
      file containing a certificate / key pair. In order to do so, you can use
      the third party `openssl' binary :

      # openssl req -new -x509 -days 365 -nodes -out bip.pem -keyout bip.pem

      You can then remove the passphrase with :

      # openssl x509 -subject -dates -fingerprint -noout -in bip.pem

    B. AUTOMATED CONFIGURATION

      You can also use the bipgenconfig script to generate a new configuration.
      This script will also help you generate the SSL certificate / key pair
      needed for clients to connect to BIP through SSL.

      This script can be found either in the source package's `scripts'
      directory or shipped with your distribution's package.

      Using the script is very simple, and it will generate a configuration
      file but won't overwrite any existing configuration.

      It will ask you the path to the bipmkpw binary, to automatically hash the
      passwords you'll provide. Please make sure to enter the correct path to
      the binary or you might observe unexpected behaviour.

      You'll need to move the generated configuration from bip.conf.autogen to
      bip.conf and the generated PEM file from bip.pem.autogen to bip.pem (or
      whatever path you've configured in bip.conf).


III. RUNNING BIP

    Once all this is configured, start bip as your regular user:

    # ./src/bip

    If you have installed bip in your path (or if you are using you
    distribution's package), simply use:

    # bip

    Once bip starts, it connects to the different servers your defined in
    all "user"'s "connection" blocks.


IV. USING BIP

    A. CONNECTING YOUR CLIENT(S)

      Then you want to use your regular irc client and connect to bip.  Point
      your client to the machine bip is running and set the proper port number
      (defined in your bip.conf). You should then configure the client to use a
      specific irc server password constructed this way:
  
      user:password:connection
  
      The user is the name field of the "user" section, the password is the
      password (*not* the hash) corresponding to the "password" field of the
      same user section (which is the hash generated with bipmkpw) and the
      connection is the "name" field of the "connection" subsection. This is
      how bip authenticates you and puts your client to the correct network.
  
      Using the default (or sample file) configuration, logs are in ~/.bip/logs/
  
    B. BACKLOG AND FLOOD CONTROL

      Bip has a backlogging system which will send back parts of the last logs
      upon client connection. Depending on your configuration, that may mean a
      *lot* of data sent back to your client.
      
      Users' messages will be replayed as if they were being sent at the moment
      your client connects to bip, and if not disabled, system messages will
      appear as coming from the "-bip" user.
      
      Considering that, you may want to disable your client's anti-flood system,
      totally or not, depending on it's flexibility.
      Since bip doesn't replay CTCP messages, you can safely let your client's
      anti-flood system manage them.
      
      [Xchat]
      If you're using Xchat, you can "disable" it by issuing these commands :
      /set flood_msg_num = 1000
      /set flood_msg_time = 10
      In fact you'll tell xchat to activate its anti-flood system when you're
      receiving more than 1000 messages in less than 10 seconds.
      
      If you forgot to set these, private messages may not appear in separate
      tabs as usual. If so, simply issue a :
      /set gui_auto_open_dialog on

    C. MULTIPLE USERS AND IDENT ISSUES

      When you host many connections to the same IRC network, you might have
      more connections than allowed by the network from one host.

      Depending on the network and the services it runs, session limits may be
      enforced either matching only your ip address/hostname, or matching the
      username/ident part too.

      To avoid being killed for session limit exceeded, you should define a
      default_username in each user {}; block. A user without default_username
      would appear as ~bip@yourhost if bip is the system user running bip. With
      a default_username set to "myuser", he would appear as ~myuser@yourhost,
      which may be sufficient for most networks.

      If the network you're on is a bit more requiring, you can set up an
      oidentd server on your host, and (if not already) compile bip with
      oidentd spoofing support (--enable-oidentd option of the configure
      script). Let's say bip is the system user running bip, you should add to
      your /etc/oidentd.conf :

        user "bip" {
            default {
                allow spoof_all
                allow spoof_privport
                allow spoof
            }
        }

      Then reload oidentd and make sure that ~bip is accessible (+rx) by the
      user running oidentd (which means most of the time ~bip should be world
      readable and browsable +rx).

      If you already have a ~bip/.oidentd.conf file, don't worry, bip'll only
      add its entries without deleting any of the contents of the file.
      This step should remove the "~" character from the username/ident part of
      your ircmask, and thus satisfy some networks.

      If the network is still killing you for session limit exceeded, you'll
      have to contact it's admins and ask them for an exception on your host or
      ip address.


  Happy ircing!

-- Arnaud Cornet <nohar@t1r.net> and Loïc Gomez <opensource@kyoshiro.org>