Fixes for IrcVPN README
This commit is contained in:
parent
3ac84ef85f
commit
95ee6ee029
|
@ -1,14 +1,14 @@
|
|||
IrcVPN - Irc Virtual Public Network
|
||||
===================================
|
||||
This is an ethernet tunnel providing basic hubbed or switchet networks via irc.
|
||||
This is an ethernet tunnel providing basic hubbed or switchet networks via Irc.
|
||||
|
||||
Warning: If you use this software on a "real" (read: not your own) network:
|
||||
1. You might run into various flood protections
|
||||
2. Your IRC-OP might kill you for that
|
||||
1. You may run into various flood protections
|
||||
2. Your IRC-OP may (should?) kill you for that
|
||||
|
||||
Furthermore: All of your data will go kind-of plaintext over an Irc-channel.
|
||||
While this is a rather uncommon way of ip transit, everybody who
|
||||
is able to join the channel might be able to eavesdrop.
|
||||
While this is a rather uncommon way of IP transit, everybody who
|
||||
is able to join the channel may be able to eavesdrop.
|
||||
|
||||
|
||||
Installation and requirements
|
||||
|
@ -17,45 +17,47 @@ Installation and requirements
|
|||
* ether2any
|
||||
|
||||
For configuration take a look at conf.py, it has some comments to give you a
|
||||
hint of what this switch will do. Some of the security settings are rather
|
||||
hint of what the settings will do. Some of the security settings are rather
|
||||
untested, keep that in mind. After configuration, start the tunnel with
|
||||
python ircvpn.py. A tap-device will open and the tunnel should be ready to run.
|
||||
python ircvpn.py. A tap device will open and the tunnel should be ready to run.
|
||||
|
||||
|
||||
What it does and how it works
|
||||
=============================
|
||||
IrcVPN uses an ircchannel as its transport medium. When starting this tunnel,
|
||||
it makes a connection to the configured irc-server, joins a channel and starts
|
||||
pushing all outgoing network traffic (base64 encoded with a small header) to
|
||||
IrcVPN uses an Irc channel as its transport medium. When starting this tunnel,
|
||||
it makes a connection to the configured Irc server, joins a channel and starts
|
||||
pushing all outgoing network traffic (base64 encoded with a small header) into
|
||||
that channel. The nick will be a combination of the configured prefix and
|
||||
the TAP interfaces mac-address.
|
||||
the TAP interfaces MAC address.
|
||||
|
||||
There are two network-modes available:
|
||||
There are two network modes available:
|
||||
|
||||
.Hubbed Network
|
||||
In a hubbed network topology all the clients share one broadcast medium, the
|
||||
irc channel.
|
||||
Irc channel.
|
||||
|
||||
.Switchet Network
|
||||
In a switched network topology still all the clients join the irc channel and
|
||||
use it for broadcast messages but unicast traffic goes directly to the user
|
||||
it is intended for, as it is sent to the nickprefix-macaddress combination.
|
||||
Wether the user with the specific mac actually IS in the network is not
|
||||
checked.
|
||||
to whom it is addressed, as it is sent to the nick-prefix-MAC-address
|
||||
combination. Wether the user with the specific mac actually IS in the network
|
||||
is not checked.
|
||||
|
||||
Flood protection is kind of the biggest issue for irc as ether: After a
|
||||
configured amount of messages most irc-servers queue the incoming messages
|
||||
and send them out as one per second. If the send-queue is overflowed the user
|
||||
gets kicked from the server. So this tunnel is not going to perform very well
|
||||
on normal servers out there. Setting up an own server, the flood protection CAN
|
||||
be turned off but irc-server with configurable flood protections tend to allow
|
||||
flooding only in channels and only if the user is either voiced, half-op or op.
|
||||
This is where voicebot.py comes in: The voicebot voices everyone who joins the
|
||||
channel and utters a certain phrase. Therefore it is kind of ensured that every
|
||||
bot has the right to flood the ether as much as it wants with network packets.
|
||||
Flood protection is kind of the biggest issue for the IrcVPN: After a
|
||||
configured amount of messages most irc servers queue the incoming messages
|
||||
and send them out throttled to one message per second. If the send queue is
|
||||
flooded over its capacity the responsible user gets kicked from the server. So
|
||||
this tunnel is not going to perform very well on normal servers out there.
|
||||
When setting up your own server, the flood protection CAN be turned off but
|
||||
irc servers with configurable flood protections tend to allow flooding only in
|
||||
channels (rendering switched networks unusable) and only if the user has either
|
||||
voice, half-op or op permissions in that channel. This is where voicebot.py
|
||||
comes in: The voicebot voices everyone who utters a certain phrase. Therefore
|
||||
it is kind of ensured that every bot has permission to flood "the ether" with
|
||||
network packets as much as it wants.
|
||||
|
||||
Ircs right management can always be used to mute, rate-limit or remove spamming
|
||||
or otherwise unwanted clients.
|
||||
Irc's right management can always be used to mute, rate-limit or remove
|
||||
spamming or otherwise unwanted clients.
|
||||
|
||||
|
||||
Header Format
|
||||
|
@ -65,16 +67,16 @@ Header Format
|
|||
The *fragmentation flag* can be either of o, b, c, e. *o* stands for oneliner,
|
||||
which means that afterwards there is a complete ethernet frame (no
|
||||
fragmentation). *b*, *c*, *e* stand for begin, continue, end and mark packets
|
||||
which are broken into several pieces (as of irc does not support infinit line
|
||||
which are broken into several pieces (as irc does not support infinite line
|
||||
length).
|
||||
|
||||
The packet id is just a randon generated number between 0, 99999 (incl.).
|
||||
The packet id is just a random generated number between 0, 99999 (inclusive).
|
||||
|
||||
|
||||
What could be done
|
||||
==================
|
||||
* replace base64 with something more fitting for Irc
|
||||
* replace base64 with something more suitable for Irc
|
||||
* test security settings
|
||||
* find static linkable irc server, patch flood protection out of it
|
||||
* VVLAN - a Virtual VLAN between irc-channels/servers
|
||||
* find static linkable irc server, patch out flood protection
|
||||
* VVLAN - a Virtual VLAN between irc channels/servers
|
||||
|
||||
|
|
Loading…
Reference in New Issue