From 877b7b64021410c1bb686cad562e7446eb65c318 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Mon, 2 May 2022 00:45:48 +0200 Subject: dns server. untested. compiles. --- README | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) (limited to 'README') diff --git a/README b/README index c67fc25..cc15197 100644 --- a/README +++ b/README @@ -18,7 +18,7 @@ Configure the IRC channel or server if possible: - use a bot to set XMPP users to have +o, +v or +h to prevent flood kicks - disable invite-only mode on channel. you may use IRC channel passwords. -Required environment variables for configuration: +Required environment variables for configuration of a bridge: - IX_JID JID of ircxmpp user on XMPP server to connect with - IX_PASS password for XMPP authentication of ircxmpp user - IX_HOST hostname of the IRC server, prefix the value with # to connect with TLS @@ -26,9 +26,14 @@ Required environment variables for configuration: - IX_CHANNEL channel on IRC server to bridge - IX_MUC multi-user chat on XMPP server to bridge -Optional environment variables for configuration: +Optional environment variables for configuration of a bridge: - IX_CHPASS set to IRC channel password if channel on IRC is password protected + - IX_DOMAIN start the built in DNS server and spoof IRC hostnames (more info below) + +Optional environment variables for global configuration: (those do not have numbered counterparts) - IX_LOOPDELAY delay after each event loop cycle in microseconds, defaults to 10 ms. + - IX_DNS_PORT port on which the DNS server should run, if it's enabled, by default 53 + - IX_DNS_IP IP on which to listen for DNS queries. by default this is INADDR_ANY-0.0.0.0 Operation principle: - ircxmpp initiates two control connections, one to XMPP server, one to IRC server, and joins @@ -47,7 +52,6 @@ To implement: - ctcp messages (ACTION - /me) and perhaps file upload (that'd be hard) - subject changing - automatic +v/+h/+o botnet juggling between bridge IRC connections and control IRC conn - - setting user@host of bridge bots on IRC to JIDs of XMPP users by temporary changing rDNS - reusing bridge and control connections with same nick to different channels on same network Notes: @@ -93,4 +97,30 @@ Using as a library: Gentoo/openrc?: - http://github.com/OpenRC/openrc/pull/517 needs to be merged before for increased security +Built-in DNS server for spoofing IRC hostnames: + - IRC hostnames can be spoofed so that they look like the XMPP JID domain of the XMPP user + - you need to run the program with CAP_NET_BIND_SERVICE, on debian systemd this is by default + - you need a domain name, on which you set a wildcard record to A record to server's IP + + for example *.ircxmpp.example. IN A 192.168.0.2 (this is for IRC PTR verification) + - in the in-addr.arpa zone for you IP address, add a NS record pointing to your server + + for example 2.0.168.193.in-addr.arpa. IN NS server.ircxmpp.example. + - start ircxmpp with the configuration variable IX_DOMAIN=ircxmpp.example. + - read the logs! the built in DNS server might spam bind: permission denied errors + - when a bridge will connect to IRC, the IRC server will query the ircxmpp NS for PTR + - when a request is received by the ircxmpp NS, last XMPP user's JID hostname will be sent + + let's say xmpp.server.de.ircxmpp.example; ircxmpp.example appended for verification + - IRC server will then verify that this domain really points to your IP address-that wildcard + +Built-in DNS server for spoofing IRC hostnames when using the program as a library: + - call ircxmpp_set_domain with your domain suffix to which JID host and dot will be prepended + - you can set your callback with ircxmpp_set_set_domain_setter + - callback is called when domain change is wanted even if ircxmpp_set_dns is false + - with this you can differently publish the domain name for spoofing, perhaps with nsupdate + - otherwise if ircxmpp_set_dns is true, internal DNS server works as described above + +IPv6: + - Haha, remember this is C you're talking about! That'd require writing code! + - TODO: add support in DNS server for ip6 (binding to AF_INET6 sockets, ip6 memmem, ...) + - TODO: use irc_connect6 somehow in libircclient, libstrophe should already work with IPv6 + -- Anton Luka Šijanec Fri, 29 Apr 2022 17:00:00 +0200 -- cgit v1.2.3