View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006572 | unreal | ircd | public | 2025-09-04 12:45 | 2025-10-09 18:42 |
| Reporter | Jellis | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | new | Resolution | open | ||
| Product Version | 6.1.10 | ||||
| Summary | 0006572: Ability to cloak a host/IP via oper command and/or external API/tool | ||||
| Description | I would like to request a feature in UnrealIRCd that allows opers (or a utility script/tool) to generate a cloaked hostname from a given IP address or hostname, without the user being connected. This would use the same cloaking algorithm and network-specific keys currently used by the IRCd. Why this is useful? In some scenarios, services or bots only have access to a user’s real IP/host (for example, web-based things, forms, or external integrations). For privacy reasons, we don’t want to expose raw IPs/hosts to channel operators or users.. Instead, it would be extremely useful to convert that IP/host into the cloaked hostname UnrealIRCd would generate on the network. This allows channel staff to: Apply bans using cloaked hosts instead of exposing raw IPs. Correlate external actions (like web actions) with connected users on IRC in a privacy-preserving way. Keep consistency: bans or matching rules would work the same way as if they were set against cloaked hosts in the IRC session. Many other use cases where external tools have a real host/IP and the chat has "another version" Requested implementation ideas: - An oper-only command such as: /GETCLOAK <ip/hostname> which outputs the cloaked hostname as Unreal would display it. - An external API/utility/library function (maybe in PHP, C, or via JSON-RPC to the IRCd) that can be used by services/web interfaces. This way, developers can generate cloaks on demand without duplicating Unreal’s internal cloaking code. Having this functionality externalized (e.g., bash via unrealircd cloak <ip/host>) would also make sense. Ofcourse, the exact cloaking algorithm and keys in use by the network should be applied, so the result matches what IRC clients see. | ||||
| Additional Information | Like discussed on #unreal-support on 04/09/2025 | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Hi Jellis. I don't know. If I understood your question, it is a terrible idea, IMO. Note (if I'm not mistaken) that for an IPv4 cloak (AAAAAAAA.BBBBBBBB.CCCCCCCC): CCCCCCCC is unique for the first 16 bits of an IPv4 address: xxx.yyy.*.* And BBBBBBBB is unique for the first 24 bits of an IPv4 address: xxx.yyy.zzz.* By allowing developers/users to generate a cloaked hostname from a given IP address (via API or something else), this user could, with a some attempts (and mapping CCCC and BBBB), get the first 24 bits of any IRC user's IP. Example: Hypothetically calling this API 65536 times (2^16 — from 1.1.0.0 to 255.255.0.0) and mapping each IP block to its corresponding cloaked IP, a user can determine the first 16 bits of an IPv4 address for any user on IRC. I understood that you suggested making it an oper-only command. But by using an API that allows developers to generate cloaks, this could result in a risk exposure. For security reasons, I believe that the Cloaked Hostname/IP should only be generated by the server and by no other means. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-09-04 12:45 | Jellis | New Issue | |
| 2025-09-23 22:16 | rafaelgrether | Note Added: 0023515 |
