1 |
ircd-hybrid IP/hostname cloaking README: |
2 |
----------------------------------------------- |
3 |
$Id$ |
4 |
|
5 |
Copyright (c) 2005 by Alan 'knight-' LeVee of ChatJunkies IRC Network |
6 |
----------------------------------------------- |
7 |
|
8 |
This README file is designed to cover the aspects of the IP cloaking features |
9 |
new to hybrid in the contrib module named ip_cloaking.c. The basis for the IP |
10 |
cloaking is to add some level of privacy for local users to have by cloaking, or |
11 |
rather masking a part of their hostname with a CRC32 polymorphism hash. |
12 |
|
13 |
This will make the necessary additions to the source code to allow IP cloaking |
14 |
to work as well as adding in a new user mode known as +h. Normally on most IRC |
15 |
daemons such as UnrealIRCd or ircu2, IP masking is assigned the user mode +x but |
16 |
since we use +x for external operator messages we used +h as the next logical |
17 |
step. |
18 |
|
19 |
Basically the IP cloaking is a proof of concept utilising a CRC32 based salt |
20 |
encryption method that UnrealIRCd uses but with some changes and bit stuffing |
21 |
and bit shifting. However, before you compile the contrib module, it is |
22 |
*strongly* recommended that you modify the |
23 |
ip_cloaking.c module and edit the following: |
24 |
|
25 |
#define KEY |
26 |
#define KEY2 |
27 |
#define KEY3 |
28 |
|
29 |
With different numbers than are present in the provided module. This insures |
30 |
that no one can really decipher the secret keys because they'll go on the basis |
31 |
that they are stock and not modified. To get proper or good entropy on random |
32 |
numbers rather than trying to guess them it is a good idea to use an entropy |
33 |
variable or device to grab them. If you have BASH available you can use the |
34 |
randomization variable called ${RANDOM} to get your bits. You need at least 3 |
35 |
secret keys in order for this to work, there is no preset requirement as to how |
36 |
many numbers per key is required but it should have at least 4 to 6 numbers on |
37 |
each block. If you want to do it easily and you have bash you can do the |
38 |
following command in a BASH shell: |
39 |
|
40 |
$ echo -e "#define KEY ${RANDOM}\n#define KEY2 ${RANDOM}\n#define KEY3 |
41 |
${RANDOM}" |
42 |
|
43 |
You'll get an output similar to this: |
44 |
|
45 |
#define KEY 935 |
46 |
#define KEY2 23539 |
47 |
#define KEY3 22522 |
48 |
|
49 |
Once you run that command you can copy and paste the output into ip_cloaking.c |
50 |
and compile the module. However all servers *must* use the same secret keys in |
51 |
order for this to work properly or you'll run into problems especially for |
52 |
channel bans. |
53 |
|
54 |
Since you will also need the module m_change.so to go with IP cloaking it is |
55 |
best just to cd into the contrib. directory and build all the modules like so: |
56 |
|
57 |
cd contrib; make install |
58 |
|
59 |
Then you'll need to edit etc/ircd.conf and add the following lines to the |
60 |
modules {} block so you can load the module: |
61 |
|
62 |
module = "m_change.so"; |
63 |
module = "ip_cloaking.so"; |
64 |
|
65 |
Please note that *all* servers *must* have these modules loaded or IP cloaking |
66 |
will *not* work. Once this is done you can activate the IP cloaking by passing |
67 |
the following user mode: |
68 |
|
69 |
/MODE nickname +h |
70 |
|
71 |
You should then recieve a message: |
72 |
|
73 |
--- ec6f50f-8f92678.ypwest01.mi.comcast.net :is your visible host |
74 |
|
75 |
This means that anyone who runs WHOIS on you will receive that as the host |
76 |
response. However, if hide_spoof_ips is set to no yourself and IRC operators can |
77 |
get your true IP from WHOIS but no one else. Once user mode +h is set however, |
78 |
it cannot be unset (ala ircu2). Also as of right now, IP cloaking does not |
79 |
support IPv6 users due to the rare use of IPv6 and the difficulty in coding |
80 |
support for it. So if an IPv6 user tries to set +h they will get the following |
81 |
message: |
82 |
|
83 |
--- *** Sorry, IP cloaking does not support IPv6 users! |
84 |
|
85 |
If you have any questions please direct them to knight- on irc.chatjunkies.org |
86 |
in #cservice as this is not officially supported by the ircd-hybrid team. Thank |
87 |
you, and enjoy! |