|
@@ -0,0 +1,77 @@
|
|
1
|
+IrcVPN - Irc Virtual Public Network
|
|
2
|
+===================================
|
|
3
|
+This is an ethernet tunnel providing basic hubbed or switchet networks via irc.
|
|
4
|
+
|
|
5
|
+Warning: If you use this software on a "real" (read: not your own) network:
|
|
6
|
+ 1. You might run into various flood protections
|
|
7
|
+ 2. Your IRC-OP might kill you for that
|
|
8
|
+
|
|
9
|
+Furthermore: All of your data will go kind-of plaintext over an Irc-channel.
|
|
10
|
+ While this is a rather uncommon way of ip transit, everybody who
|
|
11
|
+ is able to join the channel might be able to eavesdrop.
|
|
12
|
+
|
|
13
|
+Installation and requirements
|
|
14
|
+=============================
|
|
15
|
+ * python-irclib
|
|
16
|
+ * ether2any
|
|
17
|
+
|
|
18
|
+For configuration take a look at conf.py, it has some comments to give you a
|
|
19
|
+hint of what this switch will do. Some of the security settings are rather
|
|
20
|
+untested, keep that in mind. After configuration, start the tunnel with
|
|
21
|
+python ircvpn.py. A tap-device will open and the tunnel should be ready to run.
|
|
22
|
+
|
|
23
|
+What it does and how it works
|
|
24
|
+=============================
|
|
25
|
+IrcVPN uses an ircchannel as its transport medium. When starting this tunnel,
|
|
26
|
+it makes a connection to the configured irc-server, joins a channel and starts
|
|
27
|
+pushing all outgoing network traffic (base64 encoded with a small header) to
|
|
28
|
+that channel. The nick will be a combination of the configured prefix and
|
|
29
|
+the TAP interfaces mac-address.
|
|
30
|
+
|
|
31
|
+There are two network-modes available:
|
|
32
|
+
|
|
33
|
+.Hubbed Network
|
|
34
|
+In a hubbed network topology all the clients share one broadcast medium, the
|
|
35
|
+irc channel.
|
|
36
|
+
|
|
37
|
+.Switchet Network
|
|
38
|
+In a switched network topology still all the clients join the irc channel and
|
|
39
|
+use it for broadcast messages but unicast traffic goes directly to the user
|
|
40
|
+it is intended for, as it is sent to the nickprefix-macaddress combination.
|
|
41
|
+Wether the user with the specific mac actually IS in the network is not
|
|
42
|
+checked.
|
|
43
|
+
|
|
44
|
+Flood protection is kind of the biggest issue for irc as ether: After a
|
|
45
|
+configured amount of messages most irc-servers queue the incoming messages
|
|
46
|
+and send them out as one per second. If the send-queue is overflowed the user
|
|
47
|
+gets kicked from the server. So this tunnel is not going to perform very well
|
|
48
|
+on normal servers out there. Setting up an own server, the flood protection CAN
|
|
49
|
+be turned off but irc-server with configurable flood protections tend to allow
|
|
50
|
+flooding only in channels and only if the user is either voiced, half-op or op.
|
|
51
|
+This is where voicebot.py comes in: The voicebot voices everyone who joins the
|
|
52
|
+channel and utters a certain phrase. Therefore it is kind of ensured that every
|
|
53
|
+bot has the right to flood the ether as much as it wants with network packets.
|
|
54
|
+
|
|
55
|
+Ircs right management can always be used to mute, rate-limit or remove spamming
|
|
56
|
+or otherwise unwanted clients.
|
|
57
|
+
|
|
58
|
+Header Format
|
|
59
|
+=============
|
|
60
|
+<fragmentation flag><packet id> <base64 encoded message>
|
|
61
|
+
|
|
62
|
+The *fragmentation flag* can be either of o, b, c, e. *o* stands for oneliner,
|
|
63
|
+which means that afterwards there is a complete ethernet frame (no
|
|
64
|
+fragmentation). *b*, *c*, *e* stand for begin, continue, end and mark packets
|
|
65
|
+which are broken into several pieces (as of irc does not support infinit line
|
|
66
|
+length).
|
|
67
|
+
|
|
68
|
+The packet id is just a randon generated number between 0, 99999 (incl.).
|
|
69
|
+
|
|
70
|
+
|
|
71
|
+What could be done
|
|
72
|
+==================
|
|
73
|
+ * replace base64 with something more fitting for Irc
|
|
74
|
+ * test security settings
|
|
75
|
+ * find static linkable irc server, patch flood protection out of it
|
|
76
|
+ * VVLAN - a Virtual VLAN between irc-channels/servers
|
|
77
|
+
|