InspIRCd v4 is still early in development!

If you use this branch you may experience crashes, weird behaviour, and unannounced breaking changes.

You probably want to use InspIRCd v3 instead.

The "cloak_sha256" Module (v4)

This module can be built against a third-party library (libpsl) to add more features.

Description

This module adds the hmac-sha256 and hmac-sha256-ip cloaking methods for use with the cloak module.

Configuration

To load this module use the following <module> tag:

<module name="cloak_sha256">

<cloak>

The <cloak> tag defines a cloaking profile. This tag can be defined as many times as required.

Name Type Default Value Description
key Text None A random 30+ character value to use as a secret key when cloaking. The longer this is the more secure it is.
prefix Text None The value to prefix cloaks with.
suffix Text ip The value to suffix IP address cloaks with.
case Text lower Whether to use upper-case or lower-case characters when converting cloak hashes to a human-readable form.
hostparts Number 3 If the hmac-sha256 method is used then the maximum number of DNS hostname segments that should be visible.
pathparts Number 1 The maximum number of UNIX socket path segments that should be visible.
psl Text 1 If defined and the module was built against libpsl then the path to a Public Suffix List database to use instead of <cloak:hostparts> for finding the public part of a hostname. Can also be set to system to use the system database.
class String None If non-empty then a comma-delimited list of of connect classes that can receive this cloak.

This module also extends the <cloak:method> field with the following values:

Name Description
hmac-sha256 If the user has a DNS hostname or is connecting via a UNIX socket then cloak with an HMAC-SHA256 hash of their hostname and socket path suffixed with the public part of that value. Otherwise, cloak with three HMAC-SHA256 hashes of significant ranges of their IP address (IPv4: /16 /24 /32, IPv6: /32 /48 /64).
hmac-sha256-ip If the user is connecting via a UNIX socket then cloak with an HMAC-SHA256 hash of their socket path suffixed with the public part of the path. Otherwise, cloak with three HMAC-SHA256 hashes of significant ranges of their IP address (IPv4: /16 /24 /32, IPv6: /32 /48 /64).

The case field should be set to one of the following values:

Value Description
lower Use lower-case characters in the cloak hash.
upper Use upper-case characters in the cloak hash.
Example Usage

Cloaking using the hmac-sha256 method:

<cloak method="hmac-sha256"
       key="changeme"
       prefix="MyNet"
       suffix="ip"
       case="lower"
       hostparts="3"
       pathparts="1"
       psl="system"
       class="">

Cloaking using the hmac-sha256-ip method:

<cloak method="hmac-sha256-ip"
       key="changeme"
       prefix="MyNet"
       suffix="ip"
       case="lower"
       pathparts="1"
       class="">