/* doc/kline.txt - Overview of the remote kline system
 * 
 * Copyright (C) 2005 Hybrid Development Team
 *
 * $Id: kline.txt 410 2006-02-08 14:31:37Z michael $
 */


Introduction
------------

ircd-hybrid-7 will allow opers to add and remove K-Lines on multiple servers,
an extension and replacement of the old ircd-hybrid-6 method of sharing
all K-Lines between servers.

In this implementation, it is extended to be routable among servers which
understand the "KLN" capability. This allows us to continue to "talk"
to non remote kline capable servers without breaking anything.

K-Lines have also received a new feature of supporting regular expressions
to allow for more flexible bans.

Usage
-----

The old K-Line method has not been changed.  To place a K-Line it is still:

/quote kline <nick|user@host> :reason
/quote kline [tkline_duration] <nick|user@host> :reason

Scenario 1
----------

Oper wishes to K-Line user@host on server irc.xyz.net

/quote kline <nick|user@host> on irc.xyz.net :reason
/quote kline [duration] <nick|user@host> on irc.xyz.net :reason

Scenario 2
----------

Oper wishes to K-Line user@host on all servers named *.uk

/quote kline <nick|user@host> on *.uk :reason
/quote kline [duration] <nick|user@host> on *.uk :reason

Scenario 3
----------

Oper wishes to place a network wide K-Line on user@host

/quote kline <nick|user@host> on * :reason
/quote kline [duration] <nick|user@host> on * :reason

Scenario 4
----------

Oper wishes to K-Line a flexible ban on various user@host types

/quote rkline ^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.org$ :reason

Authorization
-------------

For the K-Line to be accepted by the remote server, the server must have
explicitly allowed K-Lines from that user.  This is done via a shared {};
block in ircd.conf.

The shared block contains two settings, a user@host mask of the oper
who is allowed to K-Line, and a servername.

- If both of these options are present, K-Lines will only be allowed 
  from that specific user@host on that specific server. 
- If only the servername is present, all K-Lines from opers on that
  server will be accepted.
- If only the user@host is present, all K-Lines from that user@host on
  any server will be accepted.
- If neither are present, the shared block is invalid.

shared {
	/* The name of the server we allow K-Lines from */
	name = "this.server.net";

	/* the user@host allowed to K-Line */
	user = "user@host.com";
};

Server to Server Protocol
-------------------------

As mentioned above, each server capable of remote K-Lines passes
the capability KLN along. No server will send a KLINE to a server
without a KLN capability.

Server to server messages are formatted like this:

  ":oper KLINE target.server duration user host :reason"
    
Note the difference between hybrid-6 GLINE which explicitly passed
the oper user@host and server along. This was originally done to handle
possible desync conditions, but is now shelved in favor of saving 
some bandwidth.

oper:		the nick of the oper performing the K-Line
target.server:	the server(s) this K-Line is destined for
duration:	the duration if a TK-Line, 0 if permanent.
user:		the 'user' portion of the K-Line
host:		the 'host' portion of the K-Line
reason:		the reason for the K-Line.