View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004957 | unreal | ircd | public | 2017-05-26 15:34 | 2017-10-08 15:19 |
Reporter | Gottem | Assigned To | syzop | ||
Priority | normal | Severity | tweak | Reproducibility | N/A |
Status | resolved | Resolution | fixed | ||
Platform | x86_64 | OS | Debian | OS Version | 7 (wheezy) |
Product Version | 4.0.10 | ||||
Fixed in Version | 4.0.16 | ||||
Summary | 0004957: Hide last hostname part from cloaked hosts | ||||
Description | Some people may also want to hide the last bit of the cloaked host, for whatever reasons. So in the case of my dev net, my host would not be "halp-8A208773.home.lan" but "halp-8A208773" instead. Proposal: * Add config directive to toggle the "full" cloak (default = no). | ||||
Steps To Reproduce | N/A | ||||
Additional Information | Patch is attached. It's for v4.0.10 but I couldn't find any differences between that and the git repo. =] Opted for a patch instead of a module because it's probably a much wanted feature, plus people would have to screw with .default.conf files to make sure the new mod doesn't interfere with cloak.c. | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
3rd party modules | N/A | ||||
|
I see, so you want more privacy. I think in such cases IP-only cloaking would be better.. so that everyone gets an XXX.YYY.ZZZ.IP cloaked host. That at least gives you some sort of ranging. Right now in order for all your users to get XXX.YYY.ZZZ.IP cloaking you have to use allow::options::useip.. which I doubt many people know. We could move that to a cloak option. What do you think. Do you think XXX.YYY.ZZZ.IP still gives away "too much" information? Do you think full cloaking would still be useful? If so, then I'd suggest to cloak it based on the IP and not on DNS. Why? Doing it on a resolved hostname serves no purpose.. it can only fail occasionally and then you would have to cloak on ip and get a completely different host. In other words: it has no benefit to use DNS if you don't display any of it, only downsides AFAICT. What do you think? |
|
Well I actually looked into this in the first place because PeGaSuS wanted a "full" cloak. I don't like the XXX.YYY.ZZZ.IP format myself, I roll with halp-8A208773.home.lan. =] I must admit I never dove into the allow {} block much, I wouldn't have thought the option would be in there. :D I think PeGaSuS actually wants the XXX.YYY.ZZZ.IP mask though. In my opinion the "useip" directive should be network-wide (so somewhere in the set {} block?). I doubt there will ever be a case where you want to use the IP cloak for a certain set of clients only. |
|
Quoting Syzop "Right now in order for all your users to get XXX.YYY.ZZZ.IP cloaking you have to use allow::options::useip.. which I doubt many people know. We could move that to a cloak option." Here's the global idea. What i was thinking about was about UnrealIRCd still doing DNS resolving, but on cloak apply like if it wasn't doing it. So, if someone connects from bl9-103-48.dsl.telepac.pt (resolved hostname) we can apply bans by country, like /gline *@*.pt. After the hostname being resolved the next step would be convert it into a single IP like 85.242.103.48, wich will return the cloak type i like to have: XXX.YYY.ZZZ.IP. I hope i'm clear enough. Can this be achieved by any chance? |
|
Sorry, i forgot one question on my previous note. With allow::options::useip enabled will UnrealIRCd do the dns resolving anyway? |
|
I've tried the option of allow::options::useip, and as expected it affects DNS resolving. DNS resolving is important to ban by hostname, but the cloaked host will be always something like Clk-9025166E.rev.sfr.fr and the allow::options::useip can not be used. I, personally, don't like those kind of hostmask. I prefer the XXX.YYY.ZZZ.IP method. I think this could be a good enhancement to have IRCd using DNS resolving upon connection, and after successful connection be able to set the cloaked mask as the method i prefer. Hoping to hear good news about this. Best regards. |
|
I think there could be several methods regarding cloaking. For example: IP Cloaks: "IP4"=1.2.3.4 "IP3"=1.2.3.X "IP2"=1.2.X.X Eg. ip.1.2.3.4.cable.isp.net Host: "Host1"=cloak-<cloak>.cable.isp.net "Host2"=cloak-<cloak>.isp.net |
|
commit 1b6d49a9dc486772c534c3173b791e57a408db27 Author: Bram Matthys <[email protected]> Date: Sun Oct 8 15:14:57 2017 +0200 Add set { cloak-method ip; }; which will make cloaking only be done on the IP and thus result in an XX.YY.ZZ.IP cloaked host. This so you can have "IP cloaking" without disabling DNS lookups. GLINES on hosts still work and IRCOps (and yourself) can still see the host in /WHOIS. Requested in 4957 by Gottem and The_Myth. https://github.com/unrealircd/unrealircd/commit/1b6d49a9dc486772c534c3173b791e57a408db27 I hope that will suffice for now :) |
Date Modified | Username | Field | Change |
---|---|---|---|
2017-05-26 15:34 | Gottem | New Issue | |
2017-05-26 15:34 | Gottem | File Added: fullcloak.patch | |
2017-05-28 09:59 | syzop | Note Added: 0019777 | |
2017-05-28 09:59 | syzop | Assigned To | => syzop |
2017-05-28 09:59 | syzop | Status | new => feedback |
2017-05-29 18:04 | Gottem | Note Added: 0019779 | |
2017-08-10 19:34 | PeGaSuS | Note Added: 0019820 | |
2017-08-10 19:38 | PeGaSuS | Note Added: 0019821 | |
2017-08-14 21:58 | PeGaSuS | Note Added: 0019822 | |
2017-09-27 23:27 | Amiga600 | Note Added: 0019887 | |
2017-10-08 15:19 | syzop | Status | feedback => resolved |
2017-10-08 15:19 | syzop | Resolution | open => fixed |
2017-10-08 15:19 | syzop | Fixed in Version | => 4.0.16 |
2017-10-08 15:19 | syzop | Note Added: 0019902 |