

	   XRouter Version 182b - Changes since v181h
	   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please read this file carefully before running version 182b.  At the
very least you *must* copy or rename your PZTNODES file to XRNODES, and
I advise you to add the 4 new keywords to XROUTER.CFG.  If you don't add
them, the defaults should be OK (they're ok on my 32 port system), but you
may be using more memory than you need to, and at some time in the
future you might wish to adjust them.

- Added MAXCIRCUITS keyword to XROUTER.CFG.  This specifies the maximum
  allowed number of concurrent Netrom L4 circuits.  The default is 20.
  The higher the figure, the more memory you will use and vice versa.

- Added MAXSESSIONS keyword to XROUTER.CFG. This specifies the maximum
  allowed number of concurrent sessions of any type.  The default is 20.

- Added MAXROUTES keyword to XROUTER.CFG.  This specifies the maximum
  allowed Netrom neighbours.  Default is 30 neighbours.

- Added MAXTCP keyword to XROUTER.CFG.  This specifies the maximum
  allowed number of concurrent TCP circuits, and defaults to 20.

- The memory count on status line is now a more accurate measure of the
  true memory.  Previously it only displayed the amount of unfragmented
  memory, and that figure is is still displayed on stats.

- TALK was seriously broken since v180c, causing Xrouter to crash - fixed.

- Previously, only console sysop was able to use the TALK command.  It
  can now be used by all sysops.

- PMS call:alias were not displayed in nodes list if PMS was empty - fixed.

- Lots of changes to reduce peak memory demand and memory fragmentation.
  It will start with less memory than before, but the fluctuations will
  be smaller.

- The YELL command now displays an error message if Numconsoles=0 (i.e.
  when working in Desqview).

- Added IP TraceRoute function.  This adds a new cmd:
  "TR[acert] <host> [maxhops [maxwait(ms)]]". <host> is target hostname
  or IP address, <maxhops> is the maximum number of hops to test, and
  <maxwait> specifies the maximum interval, in milliseconds, to wait for
  each reply.  Default is 30 hops and 4 seconds.

- Internet-connected HTTP servers tend to get hit with malicious HTTP
  requests from hackers and various worms such as "Code Red".  Xrouter
  is not vulverable to these attacks but they make me angry so I have
  added the facility to block them.  This uses a new file HTTPBAN.SYS,
  which is a simple text file located in the Xrouter directory. It can
  contain URL templates which are used in a case-independent sliding
  match with a requested URL.  Each template can be up to 127 bytes long.
  The match must occur within the first 256 bytes of the requested URL.
  If any part of the requested URL matches the template, the sender's
  IP address is entered into a ban list and all further IP from that
  host is ignored until xrouter is restarted. Up to 20 hosts can be
  banned simultaneously.  If there is a need for more, I can adjust
  this later.  You can find out which are the common hacks by examining
  your daily logfiles, looking for the "HR ... " (HttpRequest) lines.
  Common ones are "/default.ida" and "/scripts"

- HTTP requests did not show session number in log - fixed.

- Added another flag to ACCESS.SYS: 4 = allow guest access.  This flag
  works in conjunction with the "password_required" flag (2) in the
  following way:

  If neither flag is set (i.e. access_flags is decimal 0 or 1), no
  password is required and no password challenge is made.  Users have
  unrestricted access.

  If "password required" is set, but "allow guest" is not set (i.e.
  decimal 2 or 3), a password is required and no guest option is allowed.
  No password = no access. Valid password = full user access.

  If "allow guest" is set, but "password required" is not set (i.e.
  decimal 4 or 5), a password is not required, and is not requested.
  All users have guest access, i.e. they cannot downlink.

  if both flags are set (i.e. decimal 6 or 7), a password challenge is
  made, but the option to use "guest" is available.  If the user gives
  a valid password she gets full access, but if she answers with "guest"
  she only gets guest access.

  Guests are prevented from using the SEND, CHAT and CONNECT commands,
  and from sending APRS messages using the APRS messaging shell.  For
  TELNET they are restricted by the rules in new file TELGUEST.ACL, which
  uses the same format as TELPROXY.ACL.  If the former file is not
  present, guests cannot use the TELNET command at all.

- Added "TCP RESET" command, to kill zombie TCP circuits.

- If nodes table was potentially larger than MAXNODES, Xrouter would
  sacrifice the lowest quality nodes to keep the table size to the
  intended maximum.  Unfortunately, Inferred nodes, i.e. those obtained
  from in-transit datagrams, were usually the first to be lost because
  they had lowest quality - fixed.

- Added layer 1 sent/rcvd bytes in stats.

- Nodes were being downgraded and broadcast with quality 0 - fixed.

- When used in IPROUTE.SYS and BOOTCMDS.SYS, the ARP PUBLISH directive
  was acting like ARP ADD and vice versa.  When used at the command
  prompt they acted normally - Fixed.

- The ROUTES section of XROUTER.CFG was a BPQ compatibility legacy which
  had no purpose other than to bootstrap Xrouter when a nodes recovery
  file was not available.  It was cauing confusion because its action is
  overridden by entries in the recovery file, and has therefore been
  disabled.  The ROUTES section will henceforth be ignored, so you can
  remove it.

- The PZTNODES file is now XRNODES.  You *must* copy or rename your
  existing PZTNODES file to XRNODES before starting version 182,
  otherwise your locked-in routes will be lost.


73, Paula G8PZT 21/2/03
