irkerd: Add command-line options for the listener --host and --port

We shouldn't have to edit the file to bind to an alternative
interface.  The lack of a configurable port was an explicit decision
in the original design [1]:

> I even, quite deliberately, omitted the usual option to change the
> port that irker listens on. Because if you think you need an option
> like that, you actually have a problem you need to solve at your
> firewall.

which is fine, but it seems excessive to have to edit irkerd to bind
to 0.0.0.0 instead of localhost.  From the security audit's
assumptions [2]:

> 3. The machine which hosts irkerd has the same owner as the machine
>    which hosts the the repo; these machines are possibly but not
>    necessarily one and the same.

and it's going to be hard for the hooks to communicate with a remote
irkerd if that irkerd is only bound to localhost.  I don't really care
about configuring the port, but it's similar enough to the host
interface that I thought it should have the same config mechanism
(from a "least surprise" perspective).

[1]: http://esr.ibiblio.org/?p=4540
[2]: security.txt in this repo

diff --git a/NEWS b/NEWS
index 15ca4613a06289f3536960794ad129695068972c..352947cb0070e74571dada103f36743b880c6185 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,8 @@
                        irker history 
 
+2.8 @ unreleased
+  Add support for --host and --port.
+
 2.7 @ 2014-03-15
   Add support for ircs:// and SSL/TLS connections to IRC servers.
   Add support for per-URL usernames and passwords.

diff --git a/irkerd b/irkerd
index 790a2560add04ea0cc0e9b1717b6e86b34962b06..055e8f55adf79389f5825649d2961259eb03f51e 100755 (executable)
--- a/irkerd
+++ b/irkerd
@@ -24,9 +24,6 @@ from __future__ import with_statement
 
 # These things might need tuning
 
-HOST = "localhost"
-PORT = 6659
-
 XMIT_TTL = (3 * 60 * 60)       # Time to live, seconds from last transmit
 PING_TTL = (15 * 60)           # Time to live, seconds from last PING
 HANDSHAKE_TTL = 60             # Time to live, seconds from nick transmit
@@ -946,6 +943,12 @@ if __name__ == '__main__':
     parser.add_argument(
         '-l', '--log-file', metavar='PATH',
         help='file for saving captured message traffic')
+    parser.add_argument(
+        '-H', '--host', metavar='ADDRESS', default='localhost',
+        help='IP address to listen on')
+    parser.add_argument(
+        '-P', '--port', metavar='PORT', default=6659, type=int,
+        help='port to listen on')
     parser.add_argument(
         '-n', '--nick', metavar='NAME', default='irker%03d',
         help="nickname (optionally with a '%%.*d' server connection marker)")
@@ -997,8 +1000,10 @@ if __name__ == '__main__':
             raise SystemExit(1)
         irker.thread_launch()
         try:
-            tcpserver = socketserver.TCPServer((HOST, PORT), IrkerTCPHandler)
-            udpserver = socketserver.UDPServer((HOST, PORT), IrkerUDPHandler)
+            tcpserver = socketserver.TCPServer(
+                (args.host, args.port), IrkerTCPHandler)
+            udpserver = socketserver.UDPServer(
+                (args.host, args.port), IrkerUDPHandler)
             for server in [tcpserver, udpserver]:
                 server = threading.Thread(target=server.serve_forever)
                 server.setDaemon(True)

diff --git a/irkerd.xml b/irkerd.xml
index caf36af532aa6cdb648b3936b9add8a04cf60773..b05202b07815d6a871ebbc21f540767196133961 100644 (file)
--- a/irkerd.xml
+++ b/irkerd.xml
@@ -21,6 +21,8 @@
      <arg>-c <replaceable>ca-file</replaceable></arg>
      <arg>-d <replaceable>debuglevel</replaceable></arg>
      <arg>-l <replaceable>logfile</replaceable></arg>
+     <arg>-H <replaceable>host</replaceable></arg>
+     <arg>-P <replaceable>port</replaceable></arg>
      <arg>-n <replaceable>nick</replaceable></arg>
      <arg>-p <replaceable>password</replaceable></arg>
      <arg>-i <replaceable>IRC-URL</replaceable></arg>
@@ -120,6 +122,21 @@ timestamp in Unix time, the FQDN of the sending server, and the
 message data.</para></listitem>
 </varlistentry>
 <varlistentry>
+<term>-H</term>
+<listitem><para>Takes a following hostname, and binds to that address
+when listening for messages.  <application>irkerd</application> binds
+to localhost by default, but you may want to use your host's public
+address to listen on a local network.  Listening on a public interface
+is not recommended, as it makes spamming IRC channels very
+easy.</para></listitem>
+</varlistentry>
+<varlistentry>
+<term>-P</term>
+<listitem><para>Takes a following port number, and binds to that port
+when listening for messages.  <application>irkerd</application> binds
+to port 6659 by default.</para></listitem>
+</varlistentry>
+<varlistentry>
 <term>-n</term>
 <listitem><para>Takes a following value, setting the nick
 to be used. If the nick contains a numeric format element
@@ -165,10 +182,6 @@ socket can be visible from commit-hook code but not exposed to the
 outside world. Priming your firewall with blocklists of IP addresses
 known to spew spam is always a good idea.</para>
 
-<para>The absence of any option to set the service port is deliberate.
-If you think you need to do that, you have a problem better solved at
-your firewall.</para>
-
 <para>IRC has a message length limit of 510 bytes; generate your
 privmsg attribute values with appropriate care.</para>