1 files changed, 87 insertions, 0 deletions

diff --git a/contrib/README.cloaking b/contrib/README.cloaking
new file mode 100644
index 0000000..a89aa15
--- /dev/null
+++ b/contrib/README.cloaking
@@ -0,0 +1,87 @@
+ircd-hybrid IP/hostname cloaking README:
+-----------------------------------------------
+$Id$
+
+Copyright (c) 2005 by Alan 'knight-' LeVee of ChatJunkies IRC Network
+-----------------------------------------------
+
+This README file is designed to cover the aspects of the IP cloaking features
+new to hybrid in the contrib module named ip_cloaking.c. The basis for the IP
+cloaking is to add some level of privacy for local users to have by cloaking, or
+rather masking a part of their hostname with a CRC32 polymorphism hash.
+
+This will make the necessary additions to the source code to allow IP cloaking
+to work as well as adding in a new user mode known as +h. Normally on most IRC
+daemons such as UnrealIRCd or ircu2, IP masking is assigned the user mode +x but
+since we use +x for external operator messages we used +h as the next logical
+step.
+
+Basically the IP cloaking is a proof of concept utilising a CRC32 based salt
+encryption method that UnrealIRCd uses but with some changes and bit stuffing
+and bit shifting. However, before you compile the contrib module, it is
+*strongly* recommended that you modify the
+ip_cloaking.c module and edit the following:
+
+#define KEY
+#define KEY2
+#define KEY3
+
+With different numbers than are present in the provided module. This insures
+that no one can really decipher the secret keys because they'll go on the basis
+that they are stock and not modified. To get proper or good entropy on random
+numbers rather than trying to guess them it is a good idea to use an entropy
+variable or device to grab them. If you have BASH available you can use the
+randomization variable called ${RANDOM} to get your bits. You need at least 3
+secret keys in order for this to work, there is no preset requirement as to how
+many numbers per key is required but it should have at least 4 to 6 numbers on
+each block. If you want to do it easily and you have bash you can do the
+following command in a BASH shell:
+
+$ echo -e "#define KEY  ${RANDOM}\n#define KEY2 ${RANDOM}\n#define KEY3
+${RANDOM}"
+
+You'll get an output similar to this:
+
+#define KEY  935
+#define KEY2 23539
+#define KEY3 22522
+
+Once you run that command you can copy and paste the output into ip_cloaking.c
+and compile the module. However all servers *must* use the same secret keys in
+order for this to work properly or you'll run into problems especially for
+channel bans.
+
+Since you will also need the module m_change.so to go with IP cloaking it is
+best just to cd into the contrib. directory and build all the modules like so:
+
+cd contrib; make install
+
+Then you'll need to edit etc/ircd.conf and add the following lines to the
+modules {} block so you can load the module:
+
+module = "m_change.so";
+module = "ip_cloaking.so";
+
+Please note that *all* servers *must* have these modules loaded or IP cloaking
+will *not* work. Once this is done you can activate the IP cloaking by passing
+the following user mode:
+
+/MODE nickname +h
+
+You should then recieve a message:
+
+--- ec6f50f-8f92678.ypwest01.mi.comcast.net :is your visible host
+
+This means that anyone who runs WHOIS on you will receive that as the host
+response. However, if hide_spoof_ips is set to no yourself and IRC operators can
+get your true IP from WHOIS but no one else. Once user mode +h is set however,
+it cannot be unset (ala ircu2). Also as of right now, IP cloaking does not
+support IPv6 users due to the rare use of IPv6 and the difficulty in coding
+support for it. So if an IPv6 user tries to set +h they will get the following
+message:
+
+--- *** Sorry, IP cloaking does not support IPv6 users!
+
+If you have any questions please direct them to knight- on irc.chatjunkies.org
+in #cservice as this is not officially supported by the ircd-hybrid team. Thank
+you, and enjoy!