INN commit: trunk (3 files)
INN Commit
Russ_Allbery at isc.org
Sat Sep 15 07:24:07 UTC 2007
Date: Saturday, September 15, 2007 @ 00:24:06
Author: iulius
Revision: 7672
* Sync the order of the parameters in innconf.h and inn.conf.pod.
* Remove nnrp*auth from the list of parameters. They are now
only mentioned as obsolete in the beginning of the section.
* Add a history section in inn.conf.pod.
* Add a subsection for SSL and TLS support since it affects
both reading and posting.
Modified:
trunk/doc/pod/inn.conf.pod
trunk/include/inn/innconf.h
trunk/samples/inn.conf.in
-----------------------+
doc/pod/inn.conf.pod | 240 +++++++++++++++++++++++++-----------------------
include/inn/innconf.h | 38 ++++---
samples/inn.conf.in | 11 +-
3 files changed, 152 insertions(+), 137 deletions(-)
Modified: doc/pod/inn.conf.pod
===================================================================
--- doc/pod/inn.conf.pod 2007-09-14 22:08:45 UTC (rev 7671)
+++ doc/pod/inn.conf.pod 2007-09-15 07:24:06 UTC (rev 7672)
@@ -153,6 +153,15 @@
Note that you will generally need to put double quotes ("") around this
value if you set it, since IPv6 addresses contain colons.
+=item I<dontrejectfiltered>
+
+Normally innd(8) rejects incoming articles when directed to do so by any
+enabled article filters (Perl or Python). However, this parameter causes
+such articles I<not> to be rejected; instead filtering can be applied on
+outbound articles. If this parameter is set, all articles will be
+accepted on the local machine, but articles rejected by the filter will
+I<not> be fed to any peers specified in F<newsfeeds> with the C<Af> flag.
+
=item I<hiscachesize>
If set to a value other than C<0>, a hash of recently received message IDs
@@ -306,17 +315,34 @@
before expiring articles that still haven't been sent. The default value
is C<10> and probably doesn't need to be changed.
-=item I<dontrejectfiltered>
+=back
-Normally innd(8) rejects incoming articles when directed to do so by any
-enabled article filters (Perl or Python). However, this parameter causes
-such articles I<not> to be rejected; instead filtering can be applied on
-outbound articles. If this parameter is set, all articles will be
-accepted on the local machine, but articles rejected by the filter will
-I<not> be fed to any peers specified in F<newsfeeds> with the C<Af> flag.
+=head2 History Settings
+The following parameter affect the history database.
+
+=over 4
+
+=item I<hismethod>
+
+Which history storage method to use. The only currently supported
+value is C<hisv6>. There is no default value; this parameter must
+be set.
+
+=over 4
+
+=item C<hisv6>
+
+Stores history data in the INN history v6 format: history(5) text
+file and a number of dbz(3) database files; this may be in true history
+v6 format, or tagged hash format, depending on the build
+options. Separation of these two is a project which has not yet been
+undertaken.
+
=back
+=back
+
=head2 Article Storage
These parameters affect how articles are stored on disk.
@@ -355,6 +381,16 @@
groups in innd(8) under CONTROL MESSAGES.) This is a boolean value and
the default is false.
+=item I<nfswriter>
+
+For servers writing articles, determine whether the article spool is
+on NFS storage. If set, INN attempts to flush articles to the spool
+in a more timely manner, rather than relying on the operating system
+to flush things such as the CNFS article bitmaps. You should only set
+this parameter if you are attempting to use a shared NFS spool on a
+machine acting as a single writer within a cluster. This is a boolean
+value and the default is false.
+
=item I<overcachesize>
How many cache slots to reserve for open overview files. If INN is
@@ -406,24 +442,6 @@
=back
-=item I<hismethod>
-
-Which history storage method to use. The only currently supported
-value is C<hisv6>. There is no default value; this parameter must
-be set.
-
-=over 4
-
-=item C<hisv6>
-
-Stores history data in the INN history v6 format: history(5) text
-file and a number of dbz(3) database files; this may be in true history
-v6 format, or tagged hash format, depending on the build
-options. Separation of these two is a project which has not yet been
-undertaken.
-
-=back
-
=item I<storeonxref>
If set to true, articles will be stored based on the newsgroup names in
@@ -473,50 +491,6 @@
in order (innfeed(8) can have problems with this in the event of a
backlog). This is a boolean value and the default is false.
-=item I<nfswriter>
-
-For servers writing articles, determine whether the article spool is
-on NFS storage. If set, INN attempts to flush articles to the spool
-in a more timely manner, rather than relying on the operating system
-to flush things such as the CNFS article bitmaps. You should only set
-this parameter if you are attempting to use a shared NFS spool on a
-machine acting as a single writer within a cluster. This is a boolean
-value and the default is false.
-
-=item I<nfsreader>
-
-For servers reading articles, determine whether the article spool is
-on NFS storage. If set, INN will attempt to force articles and
-overviews to be read directly from the NFS spool rather than from
-cached copies. You should only set this parameter if you are
-attempting to use a shared NFS spool on a machine acting a reader a
-cluster. This is a boolean value and the default is false.
-
-=item I<nfsreaderdelay>
-
-For servers reading articles, determine whether the article spool is
-on NFS storage. If I<nfsreader> is set, INN will use the value of
-I<nfsreaderdelay> to delay the apparent arrival time of articles to
-clients by this amount; this value should be tuned based on the NFS
-cache timeouts locally. This default is 60 (1 minute).
-
-=item I<msgidcachesize>
-
-How many cache slots to reserve for Message ID to storage token
-translations. When serving overview data to clients (NEWNEWS, XOVER
-etc.), nnrpd(8) can cache the storage token associated with a Message
-ID and save the cost of looking it up in the history file; for some
-configurations setting this parameter can save more than 90% of the
-wall clock time for a session. The default value is 10000.
-
-=item I<tradindexedmmap>
-
-Whether to attempt to mmap() tradindexed overviews articles. Setting
-this to true will give better performance on most systems, but some
-systems have problems with mmap(). If this is set to false, overviews
-will be read into memory before being sent to readers. This is a
-boolean value and the default is true.
-
=back
=head2 Reading
@@ -525,6 +499,11 @@
used by nnrpd(8). There are some special sets of settings that are broken
out separately after the initial alphabetized list.
+Note that the two parameters I<nnrpperlauth> and I<nnrppythonauth> are now
+obsolete; see "Changes to Perl Authentication Support for nnrpd" in
+F<doc/hook-perl> and "Changes to Python Authentication and Access Control
+Support for nnrpd" in F<doc/hook-python> for more information.
+
=over 4
=item I<allownewnews>
@@ -562,6 +541,32 @@
closing them. The default value is C<10> (ten seconds), which may need to
be increased if many clients connect via slow network links.
+=item I<msgidcachesize>
+
+How many cache slots to reserve for Message ID to storage token
+translations. When serving overview data to clients (NEWNEWS, XOVER
+etc.), nnrpd(8) can cache the storage token associated with a Message
+ID and save the cost of looking it up in the history file; for some
+configurations setting this parameter can save more than 90% of the
+wall clock time for a session. The default value is 10000.
+
+=item I<nfsreader>
+
+For servers reading articles, determine whether the article spool is
+on NFS storage. If set, INN will attempt to force articles and
+overviews to be read directly from the NFS spool rather than from
+cached copies. You should only set this parameter if you are
+attempting to use a shared NFS spool on a machine acting a reader a
+cluster. This is a boolean value and the default is false.
+
+=item I<nfsreaderdelay>
+
+For servers reading articles, determine whether the article spool is
+on NFS storage. If I<nfsreader> is set, INN will use the value of
+I<nfsreaderdelay> to delay the apparent arrival time of articles to
+clients by this amount; this value should be tuned based on the NFS
+cache timeouts locally. This default is 60 (1 minute).
+
=item I<nnrpdcheckart>
Whether B<nnrpd> should check the existence of an article before listing
@@ -573,16 +578,12 @@
number of "article is missing" errors seen by the client. This is a
boolean value and the default is true.
-=item I<nnrpperlauth>
+=item I<nnrpdloadlimit>
-This parameter is now obsolete; see "Changes to Perl Authentication
-Support for nnrpd" in F<doc/hook-perl>.
+If set to a value other than C<0>, connections to nnrpd will be refused
+if the system load average is higher than this value. The default value
+is C<16>.
-=item I<nnrppythonauth>
-
-This parameter is now obsolete; see "Changes to Python Authentication and
-Access Control Support for nnrpd" in F<doc/hook-python>.
-
=item I<noreader>
Normally, innd(8) will fork a copy of nnrpd(8) for all incoming
@@ -608,46 +609,14 @@
clients listed in F<nnrpd.track> is recorded. This is a boolean value and
the default is false.
-=item I<nnrpdloadlimit>
+=item I<tradindexedmmap>
-If set to a value other than C<0>, connections to nnrpd will be refused
-if the system load average is higher than this value. The default value
-is C<16>.
+Whether to attempt to mmap() tradindexed overviews articles. Setting
+this to true will give better performance on most systems, but some
+systems have problems with mmap(). If this is set to false, overviews
+will be read into memory before being sent to readers. This is a
+boolean value and the default is true.
-=item I<tlscafile>
-
-The path to a file containing certificate authority root certificates,
-used to present a trust chain to an SSL or TLS client. This parameter is
-only used if nnrpd is built with TLS support. There is no default value.
-
-=item I<tlscapath>
-
-The path to a directory containing certificate authority root
-certificates. Each file in the directory should contain one CA
-certificate, and the name of the file should be the CA subject name hash
-value. See the OpenSSL documentation for more information. This
-parameter is only used if nnrpd is built with TLS support. There is no
-default value.
-
-=item I<tlscertfile>
-
-The path to a file containing the server certificate to present to SSL or
-TLS clients. This parameter is only used if nnrpd is built with TLS
-support. The default value is I<pathnews>/lib/cert.pem.
-
-=item I<tlskeyfile>
-
-The path to a file containing the encryption key for the server
-certificate named in I<tlscertfile>. This may be the same as
-I<tlscertfile> if, when you created the certificate, you put the key in
-the same file (if, for example, you gave the same file name to both the
-B<-out> and B<-keyout> options to C<openssl req>). This parameter is only
-used if nnrpd is built with TLS support. The default value is
-I<pathnews>/lib/key.pem.
-
-This file must only be readable by the news user or nnrpd will refuse to
-use it.
-
=back
INN has optional support for generating keyword information automatically
@@ -883,6 +852,47 @@
=back
+Finally, here are the parameters used by nnrpd(8) to provide SSL and TLS
+support:
+
+=over 4
+
+=item I<tlscafile>
+
+The path to a file containing certificate authority root certificates,
+used to present a trust chain to an SSL or TLS client. This parameter is
+only used if nnrpd is built with TLS support. There is no default value.
+
+=item I<tlscapath>
+
+The path to a directory containing certificate authority root
+certificates. Each file in the directory should contain one CA
+certificate, and the name of the file should be the CA subject name hash
+value. See the OpenSSL documentation for more information. This
+parameter is only used if nnrpd is built with TLS support. There is no
+default value.
+
+=item I<tlscertfile>
+
+The path to a file containing the server certificate to present to SSL or
+TLS clients. This parameter is only used if nnrpd is built with TLS
+support. The default value is I<pathnews>/lib/cert.pem.
+
+=item I<tlskeyfile>
+
+The path to a file containing the encryption key for the server
+certificate named in I<tlscertfile>. This may be the same as
+I<tlscertfile> if, when you created the certificate, you put the key in
+the same file (if, for example, you gave the same file name to both the
+B<-out> and B<-keyout> options to C<openssl req>). This parameter is only
+used if nnrpd is built with TLS support. The default value is
+I<pathnews>/lib/key.pem.
+
+This file must only be readable by the news user or nnrpd will refuse to
+use it.
+
+=back
+
=head2 Monitoring
These parameters control the behavior of innwatch(8), the program that
Modified: include/inn/innconf.h
===================================================================
--- include/inn/innconf.h 2007-09-14 22:08:45 UTC (rev 7671)
+++ include/inn/innconf.h 2007-09-15 07:24:06 UTC (rev 7672)
@@ -24,7 +24,7 @@
char *innflags; /* Flags to pass to innd on startup */
char *mailcmd; /* Command to send report/control type mail */
char *mta; /* MTA for mailing to moderators, innmail */
- char *pathhost; /* Entry for the Path line */
+ char *pathhost; /* Entry for the Path: line */
char *server; /* Default server to connect to */
/* Feed Configuration */
@@ -38,7 +38,7 @@
long linecountfuzz; /* Check linecount and reject if off by more */
long maxartsize; /* Reject articles bigger than this */
long maxconnections; /* Max number of incoming NNTP connections */
- char *pathalias; /* Prepended Host for the Path line */
+ char *pathalias; /* Prepended Host for the Path: line */
bool pgpverify; /* Verify control messages with pgpverify? */
long port; /* Which port innd should listen on */
bool refusecybercancels; /* Reject message IDs with "<cancel."? */
@@ -58,13 +58,13 @@
bool enableoverview; /* Store overview info for articles? */
bool groupbaseexpiry; /* Do expiry by newsgroup? */
bool mergetogroups; /* Refile articles from to.* into to */
- bool nfswriter; /* Use NFS writer functionality */
+ bool nfswriter; /* Use NFS writer functionality */
long overcachesize; /* fd size cache for tradindexed */
char *ovgrouppat; /* Newsgroups to store overview for */
char *ovmethod; /* Which overview method to use */
bool storeonxref; /* SMstore use Xref to detemine class? */
bool useoverchan; /* overchan write the overview, not innd? */
- bool wireformat; /* Store tradspool artilces in wire format? */
+ bool wireformat; /* Store tradspool articles in wire format? */
bool xrefslave; /* Act as a slave of another server? */
/* Reading */
@@ -76,7 +76,7 @@
bool nfsreader; /* Use NFS reader functionality */
long nfsreaderdelay; /* Delay applied to article arrival */
bool nnrpdcheckart; /* Check article existence before returning? */
- long nnrpdloadlimit; /* Maximum getloadvg() we allow */
+ long nnrpdloadlimit; /* Maximum getloadvg() we allow */
bool noreader; /* Refuse to fork nnrpd for readers? */
bool readerswhenstopped; /* Allow nnrpd when server is paused */
bool readertrack; /* Use the reader tracking system? */
@@ -86,7 +86,7 @@
bool keywords; /* Generate keywords in overview? */
long keyartlimit; /* Max article size for keyword generation */
long keylimit; /* Max allocated space for keywords */
- long keymaxwords; /* Max count of interesting works */
+ long keymaxwords; /* Max count of interesting words */
/* Posting */
bool addnntppostingdate; /* Add NNTP-Posting-Date: to posts */
@@ -102,12 +102,6 @@
char *organization; /* Data for the Organization: header */
bool spoolfirst; /* Spool all posted articles? */
bool strippostcc; /* Strip To:, Cc: and Bcc: from posts */
-#ifdef HAVE_SSL
- char *tlscafile; /* Path to a certificate authority file */
- char *tlscapath; /* Path to a directory of CA certificates */
- char *tlscertfile; /* Path to the SSL certificate to use */
- char *tlskeyfile; /* Path to the key for the certificate */
-#endif /* HAVE_SSL */
/* Posting -- Exponential Backoff */
bool backoffauth; /* Backoff by user, not IP address */
@@ -117,6 +111,14 @@
long backoffpostslow; /* Lower time limit for slow posting */
long backofftrigger; /* Number of postings before triggered */
+ /* Reading and posting -- SSL and TLS support */
+#ifdef HAVE_SSL
+ char *tlscafile; /* Path to a certificate authority file */
+ char *tlscapath; /* Path to a directory of CA certificates */
+ char *tlscertfile; /* Path to the SSL certificate to use */
+ char *tlskeyfile; /* Path to the key for the certificate */
+#endif /* HAVE_SSL */
+
/* Monitoring */
bool doinnwatch; /* Start innwatch from rc.news? */
long innwatchbatchspace; /* Minimum free space in pathoutgoing */
@@ -140,16 +142,18 @@
long nntpactsync; /* Checkpoint log after this many articles */
bool nntplinklog; /* Put storage token into the log? */
long status; /* Status file update interval */
+ char *stathist; /* Filename for history profiler outputs */
long timer; /* Performance monitoring interval */
- char *stathist; /* Filename for history profiler outputs */
/* System Tuning */
long badiocount; /* Failure count before dropping channel */
long blockbackoff; /* Multiplier for sleep in EAGAIN writes */
long chaninacttime; /* Wait before noticing inactive channels */
long chanretrytime; /* How long before channel restarts */
+ long datamovethreshold; /* Threshold to extend buffer or move data */
long icdsynccount; /* Articles between active & history updates */
long keepmmappedthreshold; /* Threshold for keeping mmap in buffindexed */
+ long maxcmdreadsize; /* Max NNTP command read size used by innd */
long maxforks; /* Give up after this many fork failure */
long nicekids; /* Child processes get niced to this */
long nicenewnews; /* If NEWNEWS command is used, nice to this */
@@ -157,13 +161,11 @@
long pauseretrytime; /* Seconds before seeing if pause is ended */
long peertimeout; /* How long peers can be inactive */
long rlimitnofile; /* File descriptor limit to set */
- long maxcmdreadsize; /* max NNTP command read size used by innd */
- long datamovethreshold; /* threshold no to extend buffer for ever */
/* Paths */
- char *patharchive; /* Archived news. */
- char *patharticles; /* Articles. */
- char *pathbin; /* News binaries. */
+ char *patharchive; /* Archived news */
+ char *patharticles; /* Articles */
+ char *pathbin; /* News binaries */
char *pathcontrol; /* Path to control message handlers */
char *pathdb; /* News database files */
char *pathetc; /* News configuration files */
Modified: samples/inn.conf.in
===================================================================
--- samples/inn.conf.in 2007-09-14 22:08:45 UTC (rev 7671)
+++ samples/inn.conf.in 2007-09-15 07:24:06 UTC (rev 7672)
@@ -83,10 +83,6 @@
noreader: false
readerswhenstopped: false
readertrack: false
-#tlscafile:
-#tlscapath:
-#tlscertfile: @libdir@/cert.pem
-#tlskeyfile: @libdir@/key.pem
tradindexedmmap: true
# Reading -- Keyword Support
@@ -124,6 +120,13 @@
backoffpostslow: 1
backofftrigger: 10000
+# Reading and posting -- SSL and TLS support
+
+#tlscafile:
+#tlscapath:
+#tlscertfile: @libdir@/cert.pem
+#tlskeyfile: @libdir@/key.pem
+
# Monitoring
doinnwatch: true
More information about the inn-committers
mailing list