View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006482 | unreal | ircd | public | 2024-11-12 19:27 | 2024-11-12 19:27 |
| Reporter | anhtribao | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | new | Resolution | open | ||
| Platform | n/a | OS | n/a | OS Version | n/a |
| Summary | 0006482: Give capability to the server admin to override a prefix geo-location country through the configuration | ||||
| Description | Feature request: give capability to the server admin to override a prefix geo-location country through the configuration Motivations/Use cases: 1. (temporarily) reassign a prefix to another country in case it has not been correctly assigned in the upstream geoip database, until that database gets fixed 2. having the possibility to assign RFC 1918 ranges to countries, that can be proven useful for testing purpose, cross-countries virtual private routed networks, ... Implementation proposal: 1. the server admin would override the location through a new geoip:: block, for example "geoip { prefix a:b:c:d::/64; country ZZ; };" 2. when a new IP connects the ircd would check against matching a geoip:: inside the configuration and apply the country, else it would refer to the geoip database 3. provide to the opers the ability to list those overrides (through the existing /GEOIP command or /STATS <something>) -> permits remote audit of the configuration 4. provide an information in /WHOIS about the override, e.g. "is connecting from Othala (XA) [overriden from Abydos (XB)]" -> for informational purpose 5. /GEOIP <ip> may return the information from geoip database OR may return both geoip database information and overriding value 6. Opers would get inside the connection notice "[country: XA] [orig-country: XB]" 7. If users have access to geo in /WHOIS, additionally (default config = user don't have access to geo) a) when connecting from an IP matching the overriden prefix, the user may get a notice such as "The server configuration has specified that your IP is connecting from Othala (XA) instead of Abydos (XB)." b) if geoip location is changed during runtime through a /REHASH, affected users can get a notice informing them Scope: local (the geoip:: blocks should be duplicated among all the servers configuration, like the network-name or cloak-keys, discrepancies between servers may be send through warning notices during link or rehash) Potential identified risks: 1. rogue administrator that maliciously reassigns a prefix to another country that may lead to abuse (?): a) may lead to country-based zline/ban "evasions" that is already "evadable" through an eline/except => no increased risk of abuse from what admins currently can do (but this item would be more dependant on networks' affairs rather than unrealircd issue) b) political bullying (forcingly assign "users" to hostile countries): currently users don't have have access to others and own geo. Users could also be warned during connection process => maybe this is more a concerns of the networks' affairs c) no more abuse than using a /CHG(HOST|IDENT|HOST) on a user (affecting public properties) or using /REPUTATION to change the IP reputation. 2. potential long term discrepancy between upstream geoip database in case an IP range gets reallocated somewhere else ex. <ip> was running in country XA and incorrectly reported in XB, locally assigned to XA through geoip::; then <ip> gets bought and runs in country XC and the database gets correctly updated, <ip> would still appears in XA => wrongly reported countries can be reported back to the server admins by the users | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-11-12 19:27 | anhtribao | New Issue |
