This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Linking 2 1.8.4 bots using TLS

General support and discussion of Eggdrop bots.
Post Reply
L
LimeyTX
Voice
Posts: 19
Joined: Wed Jun 29, 2011 6:06 pm

Linking 2 1.8.4 bots using TLS

Post by LimeyTX »

I created two bots, let's call them hub and leaf. They are on different servers. I created via .+bot on each bot a reference to the other and I did .link and they linked. Anything I typed on one bot appeared on the other bot of the botnet as you would expect. I then unlinked the two bots.

Both bots have an eggdrop.key and eggdrop.crt made using "make sslcert".

So then on the leaf I typed

Code: Select all

.botattr hub +hp
.botattr hub |s #chan
and on hub I typed

Code: Select all

.botattr leaf +s
.botattr leaf |s #chan
and, as I expected, hub tried to link to leaf and the following appeared on leaf.

Code: Select all

Got STARTTLS from hub. Replying...
STARTTLS failed while linking to hub
Received challenge from hub.. sending response ...
Lost Bot: hub
Although they won't link automatically, I can .link them together but they still don't transfer the userfile. Both transfer and share are loaded.

Can anyone give me a clue as to what is going on? The fact that they linked correctly BEFORE the botattr was set but not after doesn't make any sense to me.
User avatar
CrazyCat
Revered One
Posts: 1215
Joined: Sun Jan 13, 2002 8:00 pm
Location: France
Contact:

Post by CrazyCat »

Did you have a look on this issue ?
L
LimeyTX
Voice
Posts: 19
Joined: Wed Jun 29, 2011 6:06 pm

Post by LimeyTX »

Yes I did, not that I understood all of it, but I made sure all verify settings were set to 0 and restarted both bots. The behavior is the same. I can link them manually but if I don't when the hub tries to link to the leaf it fails as stated in my original post.
L
LimeyTX
Voice
Posts: 19
Joined: Wed Jun 29, 2011 6:06 pm

Post by LimeyTX »

Some additional information that may be useful. When, on hub I do

Code: Select all

.link leaf
the following shows up on the leaf console.

Code: Select all

<leaf> [15:51:13] Telnet connection: <hub hostname>/51363
<leaf> [15:51:13] Sent STARTTLS to hub...
<leaf> [15:51:13] Challenging hub...
<leaf> [15:51:13] TLS: handshake successful. Secure connection established.
<leaf> [15:51:13] TLS: peer did not present a certificate
<leaf> [15:51:13] TLS: cipher used: TLS_AES_256_GCM_SHA384 TLSv1.3; 256 bits (256 secret)
<leaf> [15:51:13] TLS: handshake successful. Secure connection established.
<leaf> [15:51:13] TLS: peer did not present a certificate
<leaf> [15:51:13] TLS: cipher used: TLS_AES_256_GCM_SHA384 TLSv1.3; 256 bits (256 secret)
<leaf> [15:51:13] TLS: handshake successful. Secure connection established.
<leaf> [15:51:13] TLS: peer did not present a certificate
<leaf> [15:51:13] TLS: cipher used: TLS_AES_256_GCM_SHA384 TLSv1.3; 256 bits (256 secret)
<leaf> [15:51:13] Linked to hub.
hub has a certificate so I am not sure why it wasn't presented.

Maybe this will jog someone's memory as to what is wrong.
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Post by willyw »

That makes it look like the changing of flags and attempting to share user file, is not the cause of the failure to link.

I wonder - when the link did succeed, which bot did you enter the .link command on?
In other words, have you kept track and/or noticed? .... does it behave the same, from either end?

I have had trouble in the past with userfile sharing. Establishing the basic link without userfile sharing was not a problem.
Eventually, I got it. I remember thinking that it had to do with defining the reserved-portrange.

But - just now, I went and found those bots - still linked, still sharing - and played with that setting, and linked and unlinked them a time or two. It didn't seem to make a difference. Worked fine, either way.

Obviously, I am not your bot linking/userfile sharing wizard.
However, if you hang out on some irc network, I will be happy to meet you and compare notes, until we find the difference. If we succeed, you can come back here and post the solution, for all.

If you want to pm me here a network/channel/nick/botnick/whatever and when, maybe we can work it out.

p.s.
For what it is worth - I don't use "make sslcert" . I use the commands found in eggdrop.conf.
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
L
LimeyTX
Voice
Posts: 19
Joined: Wed Jun 29, 2011 6:06 pm

Post by LimeyTX »

Further information.

I corrected some details in the SSL portion of the .conf file and now the hub links to the leaf and begins the userfile transfer but then the userfile transfer is aborted and the connection closes.

Code: Select all

<leaf> [19:50:01] Got STARTTLS from hub. Replying...
<leaf> [19:50:01] Received challenge from hub... sending response ...
<leaf> [19:50:01] TLS: handshake successful. Secure connection established.
...               Personal details on certificate edited out
<leaf> [19:50:01] TLS: certificate SHA1 Fingerprint: D9:12:E9:B7:86:1D:12:E7:E9:15:B0:BD:80:87:A8:52:84:B3:B7:D1
<leaf> [19:50:01] TLS: certificate SHA-256 Fingerprint: C7:DF:83:67:9A:57:98:AA:52:C0:D6:E0:F7:D8:C6:36:3E:A3:62:E3:D5:99:DB:5A:D3:24:69:37:82:57:9A:15
<leaf> [19:50:01] TLS: certificate valid from Apr 14 21:21:05 2020 GMT to Apr 14 21:21:05 2021 GMT
<leaf> [19:50:01] TLS: cipher used: TLS_AES_256_GCM_SHA384 TLSv1.3; 256 bits (256 secret)
<leaf> [19:50:01] TLS: handshake successful. Secure connection established.
...               Personal details on certificate edited out
<leaf> [19:50:01] TLS: certificate SHA1 Fingerprint: D9:12:E9:B7:86:1D:12:E7:E9:15:B0:BD:80:87:A8:52:84:B3:B7:D1
<leaf> [19:50:01] TLS: certificate SHA-256 Fingerprint: C7:DF:83:67:9A:57:98:AA:52:C0:D6:E0:F7:D8:C6:36:3E:A3:62:E3:D5:99:DB:5A:D3:24:69:37:82:57:9A:15
<leaf> [19:50:01] TLS: certificate valid from Apr 14 21:21:05 2020 GMT to Apr 14 21:21:05 2021 GMT
<leaf> [19:50:01] TLS: cipher used: TLS_AES_256_GCM_SHA384 TLSv1.3; 256 bits (256 secret)
<leaf> [19:50:01] TLS: handshake successful. Secure connection established.
...               Personal details on certificate edited out
<leaf> [19:50:01] TLS: certificate SHA1 Fingerprint: D9:12:E9:B7:86:1D:12:E7:E9:15:B0:BD:80:87:A8:52:84:B3:B7:D1
<leaf> [19:50:01] TLS: certificate SHA-256 Fingerprint: C7:DF:83:67:9A:57:98:AA:52:C0:D6:E0:F7:D8:C6:36:3E:A3:62:E3:D5:99:DB:5A:D3:24:69:37:82:57:9A:15
<leaf> [19:50:01] TLS: certificate valid from Apr 14 21:21:05 2020 GMT to Apr 14 21:21:05 2021 GMT
<leaf> [19:50:01] TLS: cipher used: TLS_AES_256_GCM_SHA384 TLSv1.3; 256 bits (256 secret)
<leaf> [19:50:01] Linked to hub.
<leaf> [19:50:01] Downloading user file from hub
<leaf> [19:50:07] Failed connection; aborted userfile transfer.
<leaf> [19:50:35] Disconnected from: hub. No reason (lost 1 bot and 1 user).
I'm getting closer but still need help. How can I identify what is causing the transfer to be aborted?
L
LimeyTX
Voice
Posts: 19
Joined: Wed Jun 29, 2011 6:06 pm

Post by LimeyTX »

willyw: Thanks for your help. If you noticed, I posted an update just after your post where I had solved my original problem.

I added +d to my console on the leaf and this is what happens...

Code: Select all

<leaf> [22:30:01] Linked to hub.
<leaf> [22:30:01] Downloading user file from hub
<leaf> [22:30:02] TLS: attempting SSL negotiation...
<leaf> [22:30:02] TLS: state change: before SSL initialization
<leaf> [22:30:02] TLS: state change: before SSL initialization
<leaf> [22:30:02] TLS: awaiting more reads
<leaf> [22:30:02] TLS: handshake in progress
<leaf> [22:30:03] TLS: awaiting more reads
<leaf> [22:30:03] sockread EAGAIN: 15 11 (Resource temporarily unavailable)
<leaf> [22:30:04] TLS: awaiting more reads
<leaf> [22:30:04] sockread EAGAIN: 15 11 (Resource temporarily unavailable)

And then the last 2 lines repeat until it disconnects.

Does that help anyone or does anyone suggest more diagnostics I could provide?
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Post by willyw »

LimeyTX wrote:willyw: Thanks for your help.
i didn't do anything.
I wish I could.
If you noticed, I posted an update just after your post where I had solved my original problem.
Yes.
Now, you've got what I used to get. Bots link, but it craps out if you tell them to share the user file.
I added +d to my console on the leaf and this is what happens...
Do:
.help console
and list all the flags and examine their descriptions.

There are a couple that show raw botnet traffic. Maybe if you experiment with them, you might get lucky and spot a clue.

I've looked at the respective eggdrop.conf files on the "hub" and the "link" of mine, that work. I hope I'm not simply overlooking something.... but I'm not seeing anything special. Well, other than the reserved-portrange setting that I already mentioned, that when experimented both with and without earlier today, didn't seem to make a difference. It continued to work, either way. I guess that I was on the wrong track, back when I thought that might be the snag.

The really sad part is: Nothing is ringing a bell - as to how I got it working.
That's sad. I can understand me forgetting it, off the top of my head... but when I reviewed the .conf files today, I expected to get reminded. :(

You might like to try the Freenode irc network. Join #eggdrop.
Sometimes there is some chatter there.
If you catch one of the admins or more experienced folks, you could give them the link to this thread. Just a thought....
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
L
LimeyTX
Voice
Posts: 19
Joined: Wed Jun 29, 2011 6:06 pm

Post by LimeyTX »

I went to #eggdrop on Freenode and they solved my problem. It came down to port-range. I had forgotten to open the ports in the port range in the firewall. Once I did that, everything was cool!
w
willyw
Revered One
Posts: 1196
Joined: Thu Jan 15, 2009 12:55 am

Post by willyw »

LimeyTX wrote:I went to #eggdrop on Freenode and they solved my problem.
Great ! :)
It came down to port-range.
That's exactly what I did manage to remember, and mentioned above. But then I discounted it, since changing the value didn't seem to make any difference at all.

I suppose that it is possible, that on the shell that particular bot of mine is on, that none of the ports are blocked. I hadn't considered that.
I had forgotten to open the ports in the port range in the firewall. Once I did that, everything was cool!

I'm glad you got it going.
And I'm glad that I'm not nuts. :)
For a fun (and popular) Trivia game, visit us at: irc.librairc.net #science-fiction . Over 300K Q & A to play in BogusTrivia !
Post Reply