89 lines
3.6 KiB
Plaintext
89 lines
3.6 KiB
Plaintext
IrcVPN - Irc Virtual Public Network
|
|
===================================
|
|
This is an ethernet tunnel providing basic hubbed or switchet networks via Irc.
|
|
|
|
Warning: If you use this software on a "real" (read: not your own) network:
|
|
1. You may run into various flood protections
|
|
2. Your IRC-OP may (should?) kill you for that
|
|
|
|
Furthermore: All of your data will go kind-of plaintext over an Irc-channel.
|
|
While this is a rather uncommon way of IP transit, everybody who
|
|
is able to join the channel may be able to eavesdrop.
|
|
|
|
|
|
Installation and requirements
|
|
=============================
|
|
* python-irclib
|
|
* ether2any
|
|
|
|
For configuration take a look at conf.py, it has some comments to give you a
|
|
hint of what the settings will do. Some of the security settings are rather
|
|
untested, keep that in mind. After configuration, start the tunnel with
|
|
python ircvpn.py. A tap device will open and the tunnel should be ready to run.
|
|
|
|
|
|
What it does and how it works
|
|
=============================
|
|
IrcVPN uses an Irc channel as its transport medium. When starting this tunnel,
|
|
it makes a connection to the configured Irc server, joins a channel and starts
|
|
pushing all outgoing network traffic (base64 encoded with a small header) into
|
|
that channel. The nick will be a combination of the configured prefix and
|
|
the TAP interfaces MAC address.
|
|
|
|
There are two network modes available:
|
|
|
|
.Hubbed Network
|
|
In a hubbed network topology all the clients share one broadcast medium, the
|
|
Irc channel.
|
|
|
|
.Switchet Network
|
|
In a switched network topology still all the clients join the irc channel and
|
|
use it for broadcast messages but unicast traffic goes directly to the user
|
|
to whom it is addressed, as it is sent to the nick-prefix-MAC-address
|
|
combination. Wether the user with the specific mac actually IS in the network
|
|
is not checked.
|
|
|
|
Flood protection is kind of the biggest issue for the IrcVPN: After a
|
|
configured amount of messages most irc servers queue the incoming messages
|
|
and send them out throttled to one message per second. If the send queue is
|
|
flooded over its capacity the responsible user gets kicked from the server. So
|
|
this tunnel is not going to perform very well on normal servers out there.
|
|
When setting up your own server, the flood protection CAN be turned off but
|
|
irc servers with configurable flood protections tend to allow flooding only in
|
|
channels (rendering switched networks unusable) and only if the user has either
|
|
voice, half-op or op permissions in that channel. This is where voicebot.py
|
|
comes in: The voicebot voices everyone who utters a certain phrase. Therefore
|
|
it is kind of ensured that every bot has permission to flood "the ether" with
|
|
network packets as much as it wants.
|
|
|
|
Irc's right management can always be used to mute, rate-limit or remove
|
|
spamming or otherwise unwanted clients.
|
|
|
|
|
|
Header Format
|
|
=============
|
|
<fragmentation flag><packet id> <base64 encoded message>
|
|
|
|
The *fragmentation flag* can be either of o, b, c, e. *o* stands for oneliner,
|
|
which means that afterwards there is a complete ethernet frame (no
|
|
fragmentation). *b*, *c*, *e* stand for begin, continue, end and mark packets
|
|
which are broken into several pieces (as irc does not support infinite line
|
|
length).
|
|
|
|
The packet id is just a random generated number between 0, 99999 (inclusive).
|
|
|
|
|
|
What could be done
|
|
==================
|
|
* replace base64 with something more suitable for Irc
|
|
* test security settings
|
|
* find static linkable irc server, patch out flood protection
|
|
* VVLAN - a Virtual VLAN between irc channels/servers
|
|
|
|
|
|
Licensing
|
|
=========
|
|
Written by Sebastian Lohff <seba@seba-geek.de>
|
|
Published under the GPLv3 or later
|
|
|