username/bouncer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: rewrite all documentation for stealth connect and current state

Browse Source 
Update README, PROJECT, ROADMAP, TASKS, TODO, USAGE, CHEATSHEET,
INSTALL, and DEBUG to reflect stealth connect, probation window,
markov nick generation, local DNS resolution, and multi-IP failover.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
user
2026-02-19 18:31:20 +01:00
parent 845496f1b3
commit a58848395c
9 changed files with 402 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

170
docs/DEBUG.md
View File

@@ -6,65 +6,8 @@
bouncer -c config/bouncer.toml -v
```
Debug logging shows:
- SOCKS5 proxy connection attempts
- IRC server registration
- Client connect/disconnect events
- Message routing
- Backlog replay counts
## Common Issues
### "config not found"
Ensure the config path is correct:
```bash
bouncer -c /full/path/to/bouncer.toml
```
### Connection refused (SOCKS5 proxy)
Verify the proxy is running:
```bash
ss -tlnp | grep 1080
```
### Connection timeout to IRC server
Check the SOCKS5 proxy can reach the IRC server:
```bash
curl --socks5 127.0.0.1:1080 -v telnet://irc.libera.chat:6697
```
### Nick already in use
The bouncer appends `_` to the nick and retries. Check logs for:
```
WARNING bouncer.network [libera] nick in use, trying mynick_
```
### TLS certificate errors
If connecting to a server with a self-signed cert, this is currently not supported. All TLS connections use the system CA store.
## Inspecting the Backlog Database
```bash
sqlite3 config/bouncer.db
-- Recent messages
SELECT * FROM messages ORDER BY id DESC LIMIT 20;
-- Messages per network
SELECT network, COUNT(*) FROM messages GROUP BY network;
-- Client state
SELECT * FROM client_state;
```
Shows: SOCKS5 connections, DNS resolution, IRC registration, state transitions,
K-line detection, nick changes, channel joins, client events, backlog replay.
## Log Format
@@ -72,4 +15,111 @@ SELECT * FROM client_state;
HH:MM:SS LEVEL module message
```
Levels: `DEBUG`, `INFO`, `WARNING`, `ERROR`
## Connection States in Logs
| Log message | Meaning |
|-------------|---------|
| `connecting to ...` | SOCKS5 + TLS handshake starting |
| `connected, registering as <nick>` | Random identity sent to server |
| `registered as <nick>` | Server accepted registration (001) |
| `probation started (15s)` | Watching for K-line |
| `server ERROR: ... (K-Lined)` | K-lined during probation |
| `probation passed, connection stable` | Safe to reveal identity |
| `switching nick: <random> -> <real>` | Changing to configured nick |
| `nick changed: <old> -> <new>` | Server confirmed nick change |
| `joined #channel` | Channel join successful |
| `reconnecting in Ns (attempt N)` | Backoff before retry |
## Common Issues
### K-lined on every attempt
All SOCKS5 exit IPs may be banned on the target network. The bouncer will
keep retrying with exponential backoff, cycling through different exit IPs
(DNS round-robin). This is expected behavior -- it will eventually find a
clean IP if one exists.
Check which IPs are being tried:
```bash
bouncer -c config/bouncer.toml -v 2>&1 | grep 'trying\|K-Lined\|Banned'
```
### "config not found"
```bash
bouncer -c /full/path/to/bouncer.toml
```
### SOCKS5 proxy not running
```bash
ss -tlnp | grep 1080
```
### SOCKS5 proxy can't reach server
Test connectivity directly:
```bash
curl --socks5 127.0.0.1:1080 -v telnet://irc.libera.chat:6697
```
If remote DNS fails, test with local resolution:
```bash
curl --socks5 127.0.0.1:1080 -v https://$(getent ahostsv4 irc.libera.chat | head -1 | awk '{print $1}'):6697 -k
```
### Nick already in use
During probation (random nick): bouncer generates another random nick.
After probation (configured nick): bouncer appends `_` and retries.
```
WARNING bouncer.network [libera] nick in use, trying mynick_
```
### TLS certificate errors
All TLS connections use the system CA store. Self-signed certs are not
currently supported.
### Connection drops after registration
Typical for networks that ban proxy/VPN IPs. The bouncer handles this:
detects the K-line, waits with backoff, reconnects with fresh identity.
## Inspecting the Backlog
```bash
sqlite3 config/bouncer.db
```
```sql
-- recent messages
SELECT datetime(timestamp, 'unixepoch', 'localtime') as time,
network, sender, target, command, content
FROM messages ORDER BY id DESC LIMIT 20;
-- message counts per network
SELECT network, COUNT(*) as msgs FROM messages GROUP BY network;
-- last client disconnect per network
SELECT network, last_seen_id,
datetime(last_disconnect, 'unixepoch', 'localtime') as disconnected
FROM client_state;
-- search messages
SELECT * FROM messages WHERE content LIKE '%keyword%' ORDER BY id DESC LIMIT 10;
```
## Watching Live Logs
Run bouncer in foreground with verbose:
```bash
bouncer -c config/bouncer.toml -v 2>&1 | grep -v aiosqlite
```
The `grep -v aiosqlite` filters out noisy SQLite debug lines.