InspIRCd v4 is still early in development!
If you use this branch you may experience crashes, weird behaviour, and unannounced breaking changes.
You probably want to use InspIRCd v3 instead.
The "cloak_sha256" Module (v4)
This module can be built against a third-party library (libpsl) to add more features.
Description
This module adds the hmac-sha256 and hmac-sha256-ip cloaking methods for use with the cloak module.
Configuration
To load this module use the following <module> tag:
<module name="cloak_sha256">
<cloak>
The <cloak> tag defines a cloaking profile. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| key | Text | None | A random 30+ character value to use as a secret key when cloaking. The longer this is the more secure it is. |
| prefix | Text | None | The value to prefix cloaks with. |
| suffix | Text | ip | The value to suffix IP address cloaks with. |
| case | Text | lower | Whether to use upper-case or lower-case characters when converting cloak hashes to a human-readable form. |
| hostparts | Number | 3 | If the hmac-sha256 method is used then the maximum number of DNS hostname segments that should be visible. |
| pathparts | Number | 1 | The maximum number of UNIX socket path segments that should be visible. |
| psl | Text | 1 | If defined and the module was built against libpsl then the path to a Public Suffix List database to use instead of <cloak:hostparts> for finding the public part of a hostname. Can also be set to system to use the system database. |
| class | String | None | If non-empty then a comma-delimited list of of connect classes that can receive this cloak. |
This module also extends the <cloak:method> field with the following values:
| Name | Description |
|---|---|
| hmac-sha256 | If the user has a DNS hostname or is connecting via a UNIX socket then cloak with an HMAC-SHA256 hash of their hostname and socket path suffixed with the public part of that value. Otherwise, cloak with three HMAC-SHA256 hashes of significant ranges of their IP address (IPv4: /16 /24 /32, IPv6: /32 /48 /64). |
| hmac-sha256-ip | If the user is connecting via a UNIX socket then cloak with an HMAC-SHA256 hash of their socket path suffixed with the public part of the path. Otherwise, cloak with three HMAC-SHA256 hashes of significant ranges of their IP address (IPv4: /16 /24 /32, IPv6: /32 /48 /64). |
The case field should be set to one of the following values:
| Value | Description |
|---|---|
| lower | Use lower-case characters in the cloak hash. |
| upper | Use upper-case characters in the cloak hash. |
Example Usage
Cloaking using the hmac-sha256 method:
<cloak method="hmac-sha256"
key="changeme"
prefix="MyNet"
suffix="ip"
case="lower"
hostparts="3"
pathparts="1"
psl="system"
class="">
Cloaking using the hmac-sha256-ip method:
<cloak method="hmac-sha256-ip"
key="changeme"
prefix="MyNet"
suffix="ip"
case="lower"
pathparts="1"
class="">