Fixes for IrcVPN README

This commit is contained in:
Sebastian Lohff 2012-01-15 02:13:38 +01:00
parent 3ac84ef85f
commit 95ee6ee029
1 changed files with 35 additions and 33 deletions

View File

@ -1,14 +1,14 @@
IrcVPN - Irc Virtual Public Network IrcVPN - Irc Virtual Public Network
=================================== ===================================
This is an ethernet tunnel providing basic hubbed or switchet networks via irc. This is an ethernet tunnel providing basic hubbed or switchet networks via Irc.
Warning: If you use this software on a "real" (read: not your own) network: Warning: If you use this software on a "real" (read: not your own) network:
1. You might run into various flood protections 1. You may run into various flood protections
2. Your IRC-OP might kill you for that 2. Your IRC-OP may (should?) kill you for that
Furthermore: All of your data will go kind-of plaintext over an Irc-channel. Furthermore: All of your data will go kind-of plaintext over an Irc-channel.
While this is a rather uncommon way of ip transit, everybody who While this is a rather uncommon way of IP transit, everybody who
is able to join the channel might be able to eavesdrop. is able to join the channel may be able to eavesdrop.
Installation and requirements Installation and requirements
@ -17,45 +17,47 @@ Installation and requirements
* ether2any * ether2any
For configuration take a look at conf.py, it has some comments to give you a For configuration take a look at conf.py, it has some comments to give you a
hint of what this switch will do. Some of the security settings are rather hint of what the settings will do. Some of the security settings are rather
untested, keep that in mind. After configuration, start the tunnel with untested, keep that in mind. After configuration, start the tunnel with
python ircvpn.py. A tap-device will open and the tunnel should be ready to run. python ircvpn.py. A tap device will open and the tunnel should be ready to run.
What it does and how it works What it does and how it works
============================= =============================
IrcVPN uses an ircchannel as its transport medium. When starting this tunnel, IrcVPN uses an Irc channel as its transport medium. When starting this tunnel,
it makes a connection to the configured irc-server, joins a channel and starts it makes a connection to the configured Irc server, joins a channel and starts
pushing all outgoing network traffic (base64 encoded with a small header) to pushing all outgoing network traffic (base64 encoded with a small header) into
that channel. The nick will be a combination of the configured prefix and that channel. The nick will be a combination of the configured prefix and
the TAP interfaces mac-address. the TAP interfaces MAC address.
There are two network-modes available: There are two network modes available:
.Hubbed Network .Hubbed Network
In a hubbed network topology all the clients share one broadcast medium, the In a hubbed network topology all the clients share one broadcast medium, the
irc channel. Irc channel.
.Switchet Network .Switchet Network
In a switched network topology still all the clients join the irc channel and In a switched network topology still all the clients join the irc channel and
use it for broadcast messages but unicast traffic goes directly to the user use it for broadcast messages but unicast traffic goes directly to the user
it is intended for, as it is sent to the nickprefix-macaddress combination. to whom it is addressed, as it is sent to the nick-prefix-MAC-address
Wether the user with the specific mac actually IS in the network is not combination. Wether the user with the specific mac actually IS in the network
checked. is not checked.
Flood protection is kind of the biggest issue for irc as ether: After a Flood protection is kind of the biggest issue for the IrcVPN: After a
configured amount of messages most irc-servers queue the incoming messages configured amount of messages most irc servers queue the incoming messages
and send them out as one per second. If the send-queue is overflowed the user and send them out throttled to one message per second. If the send queue is
gets kicked from the server. So this tunnel is not going to perform very well flooded over its capacity the responsible user gets kicked from the server. So
on normal servers out there. Setting up an own server, the flood protection CAN this tunnel is not going to perform very well on normal servers out there.
be turned off but irc-server with configurable flood protections tend to allow When setting up your own server, the flood protection CAN be turned off but
flooding only in channels and only if the user is either voiced, half-op or op. irc servers with configurable flood protections tend to allow flooding only in
This is where voicebot.py comes in: The voicebot voices everyone who joins the channels (rendering switched networks unusable) and only if the user has either
channel and utters a certain phrase. Therefore it is kind of ensured that every voice, half-op or op permissions in that channel. This is where voicebot.py
bot has the right to flood the ether as much as it wants with network packets. comes in: The voicebot voices everyone who utters a certain phrase. Therefore
it is kind of ensured that every bot has permission to flood "the ether" with
network packets as much as it wants.
Ircs right management can always be used to mute, rate-limit or remove spamming Irc's right management can always be used to mute, rate-limit or remove
or otherwise unwanted clients. spamming or otherwise unwanted clients.
Header Format Header Format
@ -65,16 +67,16 @@ Header Format
The *fragmentation flag* can be either of o, b, c, e. *o* stands for oneliner, The *fragmentation flag* can be either of o, b, c, e. *o* stands for oneliner,
which means that afterwards there is a complete ethernet frame (no which means that afterwards there is a complete ethernet frame (no
fragmentation). *b*, *c*, *e* stand for begin, continue, end and mark packets fragmentation). *b*, *c*, *e* stand for begin, continue, end and mark packets
which are broken into several pieces (as of irc does not support infinit line which are broken into several pieces (as irc does not support infinite line
length). length).
The packet id is just a randon generated number between 0, 99999 (incl.). The packet id is just a random generated number between 0, 99999 (inclusive).
What could be done What could be done
================== ==================
* replace base64 with something more fitting for Irc * replace base64 with something more suitable for Irc
* test security settings * test security settings
* find static linkable irc server, patch flood protection out of it * find static linkable irc server, patch out flood protection
* VVLAN - a Virtual VLAN between irc-channels/servers * VVLAN - a Virtual VLAN between irc channels/servers