summaryrefslogtreecommitdiffstats
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README36
1 files changed, 33 insertions, 3 deletions
diff --git a/README b/README
index c67fc25..cc15197 100644
--- a/README
+++ b/README
@@ -18,7 +18,7 @@ Configure the IRC channel or server if possible:
- use a bot to set XMPP users to have +o, +v or +h to prevent flood kicks
- disable invite-only mode on channel. you may use IRC channel passwords.
-Required environment variables for configuration:
+Required environment variables for configuration of a bridge:
- IX_JID JID of ircxmpp user on XMPP server to connect with
- IX_PASS password for XMPP authentication of ircxmpp user
- IX_HOST hostname of the IRC server, prefix the value with # to connect with TLS
@@ -26,9 +26,14 @@ Required environment variables for configuration:
- IX_CHANNEL channel on IRC server to bridge
- IX_MUC multi-user chat on XMPP server to bridge
-Optional environment variables for configuration:
+Optional environment variables for configuration of a bridge:
- IX_CHPASS set to IRC channel password if channel on IRC is password protected
+ - IX_DOMAIN start the built in DNS server and spoof IRC hostnames (more info below)
+
+Optional environment variables for global configuration: (those do not have numbered counterparts)
- IX_LOOPDELAY delay after each event loop cycle in microseconds, defaults to 10 ms.
+ - IX_DNS_PORT port on which the DNS server should run, if it's enabled, by default 53
+ - IX_DNS_IP IP on which to listen for DNS queries. by default this is INADDR_ANY-0.0.0.0
Operation principle:
- ircxmpp initiates two control connections, one to XMPP server, one to IRC server, and joins
@@ -47,7 +52,6 @@ To implement:
- ctcp messages (ACTION - /me) and perhaps file upload (that'd be hard)
- subject changing
- automatic +v/+h/+o botnet juggling between bridge IRC connections and control IRC conn
- - setting user@host of bridge bots on IRC to JIDs of XMPP users by temporary changing rDNS
- reusing bridge and control connections with same nick to different channels on same network
Notes:
@@ -93,4 +97,30 @@ Using as a library:
Gentoo/openrc?:
- http://github.com/OpenRC/openrc/pull/517 needs to be merged before for increased security
+Built-in DNS server for spoofing IRC hostnames:
+ - IRC hostnames can be spoofed so that they look like the XMPP JID domain of the XMPP user
+ - you need to run the program with CAP_NET_BIND_SERVICE, on debian systemd this is by default
+ - you need a domain name, on which you set a wildcard record to A record to server's IP
+ + for example *.ircxmpp.example. IN A 192.168.0.2 (this is for IRC PTR verification)
+ - in the in-addr.arpa zone for you IP address, add a NS record pointing to your server
+ + for example 2.0.168.193.in-addr.arpa. IN NS server.ircxmpp.example.
+ - start ircxmpp with the configuration variable IX_DOMAIN=ircxmpp.example.
+ - read the logs! the built in DNS server might spam bind: permission denied errors
+ - when a bridge will connect to IRC, the IRC server will query the ircxmpp NS for PTR
+ - when a request is received by the ircxmpp NS, last XMPP user's JID hostname will be sent
+ + let's say xmpp.server.de.ircxmpp.example; ircxmpp.example appended for verification
+ - IRC server will then verify that this domain really points to your IP address-that wildcard
+
+Built-in DNS server for spoofing IRC hostnames when using the program as a library:
+ - call ircxmpp_set_domain with your domain suffix to which JID host and dot will be prepended
+ - you can set your callback with ircxmpp_set_set_domain_setter
+ - callback is called when domain change is wanted even if ircxmpp_set_dns is false
+ - with this you can differently publish the domain name for spoofing, perhaps with nsupdate
+ - otherwise if ircxmpp_set_dns is true, internal DNS server works as described above
+
+IPv6:
+ - Haha, remember this is C you're talking about! That'd require writing code!
+ - TODO: add support in DNS server for ip6 (binding to AF_INET6 sockets, ip6 memmem, ...)
+ - TODO: use irc_connect6 somehow in libircclient, libstrophe should already work with IPv6
+
-- Anton Luka Šijanec <anton@sijanec.eu> Fri, 29 Apr 2022 17:00:00 +0200