diff options
author | ng0 <ng0@infotropique.org> | 2017-10-21 16:37:12 +0000 |
---|---|---|
committer | ng0 <ng0@infotropique.org> | 2017-10-21 16:37:12 +0000 |
commit | 7f07f09d52aed7c449a330d8a82c1280776e49e0 (patch) | |
tree | 01dc30d8791a3b23661f31b046029b9de4cd6a21 /doc/chapters | |
parent | c49513a65ed3db8ba7043481d0dab920ab40ee48 (diff) | |
download | gnunet-7f07f09d52aed7c449a330d8a82c1280776e49e0.tar.gz gnunet-7f07f09d52aed7c449a330d8a82c1280776e49e0.zip |
move docmentation to separate folder
Diffstat (limited to 'doc/chapters')
-rw-r--r-- | doc/chapters/developer.texi | 7926 | ||||
-rw-r--r-- | doc/chapters/installation.texi | 3826 | ||||
-rw-r--r-- | doc/chapters/philosophy.texi | 373 | ||||
-rw-r--r-- | doc/chapters/user.texi | 2009 | ||||
-rw-r--r-- | doc/chapters/vocabulary.texi | 47 |
5 files changed, 0 insertions, 14181 deletions
diff --git a/doc/chapters/developer.texi b/doc/chapters/developer.texi deleted file mode 100644 index e690e5f5b..000000000 --- a/doc/chapters/developer.texi +++ /dev/null | |||
@@ -1,7926 +0,0 @@ | |||
1 | @c *********************************************************************** | ||
2 | @node GNUnet Developer Handbook | ||
3 | @chapter GNUnet Developer Handbook | ||
4 | |||
5 | This book is intended to be an introduction for programmers that want to | ||
6 | extend the GNUnet framework. GNUnet is more than a simple peer-to-peer | ||
7 | application. For developers, GNUnet is: | ||
8 | |||
9 | @itemize @bullet | ||
10 | @item Free software under the GNU General Public License, with a community | ||
11 | that believes in the GNU philosophy | ||
12 | @item | ||
13 | A set of standards, including coding conventions and architectural rules | ||
14 | @item | ||
15 | A set of layered protocols, both specifying the communication between | ||
16 | peers as well as the communication between components of a single peer. | ||
17 | @item | ||
18 | A set of libraries with well-defined APIs suitable for writing extensions | ||
19 | @end itemize | ||
20 | |||
21 | In particular, the architecture specifies that a peer consists of many | ||
22 | processes communicating via protocols. Processes can be written in almost | ||
23 | any language. C and Java APIs exist for accessing existing services and | ||
24 | for writing extensions. It is possible to write extensions in other | ||
25 | languages by implementing the necessary IPC protocols. | ||
26 | |||
27 | GNUnet can be extended and improved along many possible dimensions, and | ||
28 | anyone interested in free software and freedom-enhancing networking is | ||
29 | welcome to join the effort. This developer handbook attempts to provide | ||
30 | an initial introduction to some of the key design choices and central | ||
31 | components of the system. This manual is far from complete, and we | ||
32 | welcome informed contributions, be it in the form of new chapters or | ||
33 | insightful comments. | ||
34 | |||
35 | However, the website is experiencing a constant onslaught of sophisticated | ||
36 | link-spam entered manually by exploited workers solving puzzles and | ||
37 | customizing text. To limit this commercial defacement, we are strictly | ||
38 | moderating comments and have disallowed "normal" users from posting new | ||
39 | content. However, this is really only intended to keep the spam at bay. If | ||
40 | you are a real user or aspiring developer, please drop us a note | ||
41 | (IRC, e-mail, contact form) with your user profile ID number included. | ||
42 | We will then relax these restrictions on your account. We're sorry for | ||
43 | this inconvenience; however, few people would want to read this site | ||
44 | if 99% of it was advertisements for bogus websites. | ||
45 | |||
46 | |||
47 | |||
48 | @c *********************************************************************** | ||
49 | |||
50 | |||
51 | |||
52 | |||
53 | |||
54 | |||
55 | |||
56 | |||
57 | @menu | ||
58 | * Developer Introduction:: | ||
59 | * Code overview:: | ||
60 | * System Architecture:: | ||
61 | * Subsystem stability:: | ||
62 | * Naming conventions and coding style guide:: | ||
63 | * Build-system:: | ||
64 | * Developing extensions for GNUnet using the gnunet-ext template:: | ||
65 | * Writing testcases:: | ||
66 | * GNUnet's TESTING library:: | ||
67 | * Performance regression analysis with Gauger:: | ||
68 | * GNUnet's TESTBED Subsystem:: | ||
69 | * libgnunetutil:: | ||
70 | * The Automatic Restart Manager (ARM):: | ||
71 | * GNUnet's TRANSPORT Subsystem:: | ||
72 | * NAT library:: | ||
73 | * Distance-Vector plugin:: | ||
74 | * SMTP plugin:: | ||
75 | * Bluetooth plugin:: | ||
76 | * WLAN plugin:: | ||
77 | * The ATS Subsystem:: | ||
78 | * GNUnet's CORE Subsystem:: | ||
79 | * GNUnet's CADET subsystem:: | ||
80 | * GNUnet's NSE subsystem:: | ||
81 | * GNUnet's HOSTLIST subsystem:: | ||
82 | * GNUnet's IDENTITY subsystem:: | ||
83 | * GNUnet's NAMESTORE Subsystem:: | ||
84 | * GNUnet's PEERINFO subsystem:: | ||
85 | * GNUnet's PEERSTORE subsystem:: | ||
86 | * GNUnet's SET Subsystem:: | ||
87 | * GNUnet's STATISTICS subsystem:: | ||
88 | * GNUnet's Distributed Hash Table (DHT):: | ||
89 | * The GNU Name System (GNS):: | ||
90 | * The GNS Namecache:: | ||
91 | * The REVOCATION Subsystem:: | ||
92 | * GNUnet's File-sharing (FS) Subsystem:: | ||
93 | * GNUnet's REGEX Subsystem:: | ||
94 | @end menu | ||
95 | |||
96 | @node Developer Introduction | ||
97 | @section Developer Introduction | ||
98 | |||
99 | This developer handbook is intended as first introduction to GNUnet for | ||
100 | new developers that want to extend the GNUnet framework. After the | ||
101 | introduction, each of the GNUnet subsystems (directories in the | ||
102 | @file{src/} tree) is (supposed to be) covered in its own chapter. In | ||
103 | addition to this documentation, GNUnet developers should be aware of the | ||
104 | services available on the GNUnet server to them. | ||
105 | |||
106 | New developers can have a look a the GNUnet tutorials for C and java | ||
107 | available in the @file{src/} directory of the repository or under the | ||
108 | following links: | ||
109 | |||
110 | @c ** FIXME: Link to files in source, not online. | ||
111 | @c ** FIXME: Where is the Java tutorial? | ||
112 | @itemize @bullet | ||
113 | @item @uref{https://gnunet.org/git/gnunet.git/plain/doc/gnunet-c-tutoria | ||
114 | l.pdf, GNUnet C tutorial} | ||
115 | @item GNUnet Java tutorial | ||
116 | @end itemize | ||
117 | |||
118 | In addition to this book, the GNUnet server contains various resources for | ||
119 | GNUnet developers. They are all conveniently reachable via the "Developer" | ||
120 | entry in the navigation menu. Some additional tools (such as static | ||
121 | analysis reports) require a special developer access to perform certain | ||
122 | operations. If you feel you need access, you should contact | ||
123 | @uref{http://grothoff.org/christian/, Christian Grothoff}, | ||
124 | GNUnet's maintainer. | ||
125 | |||
126 | The public subsystems on the GNUnet server that help developers are: | ||
127 | |||
128 | @itemize @bullet | ||
129 | @item The Version control system keeps our code and enables distributed | ||
130 | development. Only developers with write access can commit code, everyone | ||
131 | else is encouraged to submit patches to the | ||
132 | @uref{https://lists.gnu.org/mailman/listinfo/gnunet-developers, | ||
133 | GNUnet-developers mailinglist}. | ||
134 | @item The GNUnet bugtracking system is used to track feature requests, | ||
135 | open bug reports and their resolutions. Anyone can report bugs, only | ||
136 | developers can claim to have fixed them. | ||
137 | @item A buildbot is used to check GNUnet builds automatically on a range | ||
138 | of platforms. Builds are triggered automatically after 30 minutes of no | ||
139 | changes to Git. | ||
140 | @item The current quality of our automated test suite is assessed using | ||
141 | Code coverage analysis. This analysis is run daily; however the webpage | ||
142 | is only updated if all automated tests pass at that time. Testcases that | ||
143 | improve our code coverage are always welcome. | ||
144 | @item We try to automatically find bugs using a static analysis scan. | ||
145 | This scan is run daily; however the webpage is only updated if all | ||
146 | automated tests pass at the time. Note that not everything that is | ||
147 | flagged by the analysis is a bug, sometimes even good code can be marked | ||
148 | as possibly problematic. Nevertheless, developers are encouraged to at | ||
149 | least be aware of all issues in their code that are listed. | ||
150 | @item We use Gauger for automatic performance regression visualization. | ||
151 | Details on how to use Gauger are here. | ||
152 | @item We use @uref{http://junit.org/, junit} to automatically test | ||
153 | gnunet-java. Automatically generated, current reports on the test suite | ||
154 | are here. | ||
155 | @item We use Cobertura to generate test coverage reports for gnunet-java. | ||
156 | Current reports on test coverage are here. | ||
157 | @end itemize | ||
158 | |||
159 | |||
160 | |||
161 | @c *********************************************************************** | ||
162 | @menu | ||
163 | * Project overview:: | ||
164 | @end menu | ||
165 | |||
166 | @node Project overview | ||
167 | @subsection Project overview | ||
168 | |||
169 | The GNUnet project consists at this point of several sub-projects. This | ||
170 | section is supposed to give an initial overview about the various | ||
171 | sub-projects. Note that this description also lists projects that are far | ||
172 | from complete, including even those that have literally not a single line | ||
173 | of code in them yet. | ||
174 | |||
175 | GNUnet sub-projects in order of likely relevance are currently: | ||
176 | |||
177 | @table @asis | ||
178 | |||
179 | @item gnunet Core of the P2P framework, including file-sharing, VPN and | ||
180 | chat applications; this is what the developer handbook covers mostly | ||
181 | @item gnunet-gtk Gtk+-based user interfaces, including gnunet-fs-gtk | ||
182 | (file-sharing), gnunet-statistics-gtk (statistics over time), | ||
183 | gnunet-peerinfo-gtk (information about current connections and known | ||
184 | peers), gnunet-chat-gtk (chat GUI) and gnunet-setup (setup tool for | ||
185 | "everything") | ||
186 | @item gnunet-fuse Mounting directories shared via GNUnet's file-sharing | ||
187 | on Linux | ||
188 | @item gnunet-update Installation and update tool | ||
189 | @item gnunet-ext Template for starting 'external' GNUnet projects | ||
190 | @item gnunet-java Java APIs for writing GNUnet services and applications | ||
191 | @c ** FIXME: Point to new website repository once we have it: | ||
192 | @c ** @item svn/gnunet-www/ Code and media helping drive the GNUnet | ||
193 | website | ||
194 | @item eclectic Code to run | ||
195 | GNUnet nodes on testbeds for research, development, testing and evaluation | ||
196 | @c ** FIXME: Solve the status and location of gnunet-qt | ||
197 | @item gnunet-qt qt-based GNUnet GUI (dead?) | ||
198 | @item gnunet-cocoa cocoa-based GNUnet GUI (dead?) | ||
199 | |||
200 | @end table | ||
201 | |||
202 | We are also working on various supporting libraries and tools: | ||
203 | @c ** FIXME: What about gauger, and what about libmwmodem? | ||
204 | |||
205 | @table @asis | ||
206 | @item libextractor GNU libextractor (meta data extraction) | ||
207 | @item libmicrohttpd GNU libmicrohttpd (embedded HTTP(S) server library) | ||
208 | @item gauger Tool for performance regression analysis | ||
209 | @item monkey Tool for automated debugging of distributed systems | ||
210 | @item libmwmodem Library for accessing satellite connection quality | ||
211 | reports | ||
212 | @end table | ||
213 | |||
214 | Finally, there are various external projects (see links for a list of | ||
215 | those that have a public website) which build on top of the GNUnet | ||
216 | framework. | ||
217 | |||
218 | @c *********************************************************************** | ||
219 | @node Code overview | ||
220 | @section Code overview | ||
221 | |||
222 | This section gives a brief overview of the GNUnet source code. | ||
223 | Specifically, we sketch the function of each of the subdirectories in | ||
224 | the @file{gnunet/src/} directory. The order given is roughly bottom-up | ||
225 | (in terms of the layers of the system). | ||
226 | |||
227 | @table @asis | ||
228 | @item util/ --- libgnunetutil Library with general utility functions, all | ||
229 | GNUnet binaries link against this library. Anything from memory | ||
230 | allocation and data structures to cryptography and inter-process | ||
231 | communication. The goal is to provide an OS-independent interface and | ||
232 | more 'secure' or convenient implementations of commonly used primitives. | ||
233 | The API is spread over more than a dozen headers, developers should study | ||
234 | those closely to avoid duplicating existing functions. | ||
235 | @item hello/ --- libgnunethello HELLO messages are used to | ||
236 | describe under which addresses a peer can be reached (for example, | ||
237 | protocol, IP, port). This library manages parsing and generating of HELLO | ||
238 | messages. | ||
239 | @item block/ --- libgnunetblock The DHT and other components of GNUnet | ||
240 | store information in units called 'blocks'. Each block has a type and the | ||
241 | type defines a particular format and how that binary format is to be | ||
242 | linked to a hash code (the key for the DHT and for databases). The block | ||
243 | library is a wapper around block plugins which provide the necessary | ||
244 | functions for each block type. | ||
245 | @item statistics/ The statistics service enables associating | ||
246 | values (of type uint64_t) with a componenet name and a string. The main | ||
247 | uses is debugging (counting events), performance tracking and user | ||
248 | entertainment (what did my peer do today?). | ||
249 | @item arm/ The automatic-restart-manager (ARM) service | ||
250 | is the GNUnet master service. Its role is to start gnunet-services, to | ||
251 | re-start them when they crashed and finally to shut down the system when | ||
252 | requested. | ||
253 | @item peerinfo/ The peerinfo service keeps track of which peers are known | ||
254 | to the local peer and also tracks the validated addresses for each peer | ||
255 | (in the form of a HELLO message) for each of those peers. The peer is not | ||
256 | necessarily connected to all peers known to the peerinfo service. | ||
257 | Peerinfo provides persistent storage for peer identities --- peers are | ||
258 | not forgotten just because of a system restart. | ||
259 | @item datacache/ --- libgnunetdatacache The datacache | ||
260 | library provides (temporary) block storage for the DHT. Existing plugins | ||
261 | can store blocks in Sqlite, Postgres or MySQL databases. All data stored | ||
262 | in the cache is lost when the peer is stopped or restarted (datacache | ||
263 | uses temporary tables). | ||
264 | @item datastore/ The datastore service stores file-sharing blocks in | ||
265 | databases for extended periods of time. In contrast to the datacache, data | ||
266 | is not lost when peers restart. However, quota restrictions may still | ||
267 | cause old, expired or low-priority data to be eventually discarded. | ||
268 | Existing plugins can store blocks in Sqlite, Postgres or MySQL databases. | ||
269 | @item template/ Template for writing a new service. Does nothing. | ||
270 | @item ats/ The automatic transport | ||
271 | selection (ATS) service is responsible for deciding which address (i.e. | ||
272 | which transport plugin) should be used for communication with other peers, | ||
273 | and at what bandwidth. | ||
274 | @item nat/ --- libgnunetnat Library that provides basic | ||
275 | functions for NAT traversal. The library supports NAT traversal with | ||
276 | manual hole-punching by the user, UPnP and ICMP-based autonomous NAT | ||
277 | traversal. The library also includes an API for testing if the current | ||
278 | configuration works and the @code{gnunet-nat-server} which provides an | ||
279 | external service to test the local configuration. | ||
280 | @item fragmentation/ --- libgnunetfragmentation Some | ||
281 | transports (UDP and WLAN, mostly) have restrictions on the maximum | ||
282 | transfer unit (MTU) for packets. The fragmentation library can be used to | ||
283 | break larger packets into chunks of at most 1k and transmit the resulting | ||
284 | fragments reliabily (with acknowledgement, retransmission, timeouts, | ||
285 | etc.). | ||
286 | @item transport/ The transport service is responsible for managing the | ||
287 | basic P2P communication. It uses plugins to support P2P communication | ||
288 | over TCP, UDP, HTTP, HTTPS and other protocols.The transport service | ||
289 | validates peer addresses, enforces bandwidth restrictions, limits the | ||
290 | total number of connections and enforces connectivity restrictions (i.e. | ||
291 | friends-only). | ||
292 | @item peerinfo-tool/ | ||
293 | This directory contains the gnunet-peerinfo binary which can be used to | ||
294 | inspect the peers and HELLOs known to the peerinfo service. | ||
295 | @item core/ The core | ||
296 | service is responsible for establishing encrypted, authenticated | ||
297 | connections with other peers, encrypting and decrypting messages and | ||
298 | forwarding messages to higher-level services that are interested in them. | ||
299 | @item testing/ --- | ||
300 | libgnunettesting The testing library allows starting (and stopping) peers | ||
301 | for writing testcases.@ | ||
302 | It also supports automatic generation of configurations for peers | ||
303 | ensuring that the ports and paths are disjoint. libgnunettesting is also | ||
304 | the foundation for the testbed service | ||
305 | @item testbed/ The testbed service is | ||
306 | used for creating small or large scale deployments of GNUnet peers for | ||
307 | evaluation of protocols. It facilitates peer depolyments on multiple | ||
308 | hosts (for example, in a cluster) and establishing varous network | ||
309 | topologies (both underlay and overlay). | ||
310 | @item nse/ The network size estimation (NSE) service | ||
311 | implements a protocol for (securely) estimating the current size of the | ||
312 | P2P network. | ||
313 | @item dht/ The distributed hash table (DHT) service provides a | ||
314 | distributed implementation of a hash table to store blocks under hash | ||
315 | keys in the P2P network. | ||
316 | @item hostlist/ The hostlist service allows learning about | ||
317 | other peers in the network by downloading HELLO messages from an HTTP | ||
318 | server, can be configured to run such an HTTP server and also implements | ||
319 | a P2P protocol to advertise and automatically learn about other peers | ||
320 | that offer a public hostlist server. | ||
321 | @item topology/ The topology service is responsible for | ||
322 | maintaining the mesh topology. It tries to maintain connections to friends | ||
323 | (depending on the configuration) and also tries to ensure that the peer | ||
324 | has a decent number of active connections at all times. If necessary, new | ||
325 | connections are added. All peers should run the topology service, | ||
326 | otherwise they may end up not being connected to any other peer (unless | ||
327 | some other service ensures that core establishes the required | ||
328 | connections). The topology service also tells the transport service which | ||
329 | connections are permitted (for friend-to-friend networking) | ||
330 | @item fs/ The file-sharing (FS) service implements GNUnet's | ||
331 | file-sharing application. Both anonymous file-sharing (using gap) and | ||
332 | non-anonymous file-sharing (using dht) are supported. | ||
333 | @item cadet/ The CADET | ||
334 | service provides a general-purpose routing abstraction to create | ||
335 | end-to-end encrypted tunnels in mesh networks. We wrote a paper | ||
336 | documenting key aspects of the design. | ||
337 | @item tun/ --- libgnunettun Library for building IPv4, IPv6 | ||
338 | packets and creating checksums for UDP, TCP and ICMP packets. The header | ||
339 | defines C structs for common Internet packet formats and in particular | ||
340 | structs for interacting with TUN (virtual network) interfaces. | ||
341 | @item mysql/ --- | ||
342 | libgnunetmysql Library for creating and executing prepared MySQL | ||
343 | statements and to manage the connection to the MySQL database. | ||
344 | Essentially a lightweight wrapper for the interaction between GNUnet | ||
345 | components and libmysqlclient. | ||
346 | @item dns/ Service that allows intercepting and modifying DNS requests of | ||
347 | the local machine. Currently used for IPv4-IPv6 protocol translation | ||
348 | (DNS-ALG) as implemented by "pt/" and for the GNUnet naming system. The | ||
349 | service can also be configured to offer an exit service for DNS traffic. | ||
350 | @item vpn/ The virtual | ||
351 | public network (VPN) service provides a virtual tunnel interface (VTUN) | ||
352 | for IP routing over GNUnet. Needs some other peers to run an "exit" | ||
353 | service to work. | ||
354 | Can be activated using the "gnunet-vpn" tool or integrated with DNS using | ||
355 | the "pt" daemon. | ||
356 | @item exit/ Daemon to allow traffic from the VPN to exit this | ||
357 | peer to the Internet or to specific IP-based services of the local peer. | ||
358 | Currently, an exit service can only be restricted to IPv4 or IPv6, not to | ||
359 | specific ports and or IP address ranges. If this is not acceptable, | ||
360 | additional firewall rules must be added manually. exit currently only | ||
361 | works for normal UDP, TCP and ICMP traffic; DNS queries need to leave the | ||
362 | system via a DNS service. | ||
363 | @item pt/ protocol translation daemon. This daemon enables 4-to-6, | ||
364 | 6-to-4, 4-over-6 or 6-over-4 transitions for the local system. It | ||
365 | essentially uses "DNS" to intercept DNS replies and then maps results to | ||
366 | those offered by the VPN, which then sends them using mesh to some daemon | ||
367 | offering an appropriate exit service. | ||
368 | @item identity/ Management of egos (alter egos) of a user; identities are | ||
369 | essentially named ECC private keys and used for zones in the GNU name | ||
370 | system and for namespaces in file-sharing, but might find other uses later | ||
371 | @item revocation/ Key revocation service, can be used to revoke the | ||
372 | private key of an identity if it has been compromised | ||
373 | @item namecache/ Cache | ||
374 | for resolution results for the GNU name system; data is encrypted and can | ||
375 | be shared among users, loss of the data should ideally only result in a | ||
376 | performance degradation (persistence not required) | ||
377 | @item namestore/ Database | ||
378 | for the GNU name system with per-user private information, persistence | ||
379 | required | ||
380 | @item gns/ GNU name system, a GNU approach to DNS and PKI. | ||
381 | @item dv/ A plugin | ||
382 | for distance-vector (DV)-based routing. DV consists of a service and a | ||
383 | transport plugin to provide peers with the illusion of a direct P2P | ||
384 | connection for connections that use multiple (typically up to 3) hops in | ||
385 | the actual underlay network. | ||
386 | @item regex/ Service for the (distributed) evaluation of | ||
387 | regular expressions. | ||
388 | @item scalarproduct/ The scalar product service offers an | ||
389 | API to perform a secure multiparty computation which calculates a scalar | ||
390 | product between two peers without exposing the private input vectors of | ||
391 | the peers to each other. | ||
392 | @item consensus/ The consensus service will allow a set | ||
393 | of peers to agree on a set of values via a distributed set union | ||
394 | computation. | ||
395 | @item rest/ The rest API allows access to GNUnet services using RESTful | ||
396 | interaction. The services provide plugins that can exposed by the rest | ||
397 | server. | ||
398 | @item experimentation/ The experimentation daemon coordinates distributed | ||
399 | experimentation to evaluate transport and ats properties | ||
400 | @end table | ||
401 | |||
402 | @c *********************************************************************** | ||
403 | @node System Architecture | ||
404 | @section System Architecture | ||
405 | |||
406 | GNUnet developers like legos. The blocks are indestructible, can be | ||
407 | stacked together to construct complex buildings and it is generally easy | ||
408 | to swap one block for a different one that has the same shape. GNUnet's | ||
409 | architecture is based on legos: | ||
410 | |||
411 | @c images here | ||
412 | |||
413 | This chapter documents the GNUnet lego system, also known as GNUnet's | ||
414 | system architecture. | ||
415 | |||
416 | The most common GNUnet component is a service. Services offer an API (or | ||
417 | several, depending on what you count as "an API") which is implemented as | ||
418 | a library. The library communicates with the main process of the service | ||
419 | using a service-specific network protocol. The main process of the service | ||
420 | typically doesn't fully provide everything that is needed --- it has holes | ||
421 | to be filled by APIs to other services. | ||
422 | |||
423 | A special kind of component in GNUnet are user interfaces and daemons. | ||
424 | Like services, they have holes to be filled by APIs of other services. | ||
425 | Unlike services, daemons do not implement their own network protocol and | ||
426 | they have no API: | ||
427 | |||
428 | The GNUnet system provides a range of services, daemons and user | ||
429 | interfaces, which are then combined into a layered GNUnet instance (also | ||
430 | known as a peer). | ||
431 | |||
432 | Note that while it is generally possible to swap one service for another | ||
433 | compatible service, there is often only one implementation. However, | ||
434 | during development we often have a "new" version of a service in parallel | ||
435 | with an "old" version. While the "new" version is not working, developers | ||
436 | working on other parts of the service can continue their development by | ||
437 | simply using the "old" service. Alternative design ideas can also be | ||
438 | easily investigated by swapping out individual components. This is | ||
439 | typically achieved by simply changing the name of the "BINARY" in the | ||
440 | respective configuration section. | ||
441 | |||
442 | Key properties of GNUnet services are that they must be separate | ||
443 | processes and that they must protect themselves by applying tight error | ||
444 | checking against the network protocol they implement (thereby achieving a | ||
445 | certain degree of robustness). | ||
446 | |||
447 | On the other hand, the APIs are implemented to tolerate failures of the | ||
448 | service, isolating their host process from errors by the service. If the | ||
449 | service process crashes, other services and daemons around it should not | ||
450 | also fail, but instead wait for the service process to be restarted by | ||
451 | ARM. | ||
452 | |||
453 | |||
454 | @c *********************************************************************** | ||
455 | @node Subsystem stability | ||
456 | @section Subsystem stability | ||
457 | |||
458 | This page documents the current stability of the various GNUnet | ||
459 | subsystems. Stability here describes the expected degree of compatibility | ||
460 | with future versions of GNUnet. For each subsystem we distinguish between | ||
461 | compatibility on the P2P network level (communication protocol between | ||
462 | peers), the IPC level (communication between the service and the service | ||
463 | library) and the API level (stability of the API). P2P compatibility is | ||
464 | relevant in terms of which applications are likely going to be able to | ||
465 | communicate with future versions of the network. IPC communication is | ||
466 | relevant for the implementation of language bindings that re-implement the | ||
467 | IPC messages. Finally, API compatibility is relevant to developers that | ||
468 | hope to be able to avoid changes to applications build on top of the APIs | ||
469 | of the framework. | ||
470 | |||
471 | The following table summarizes our current view of the stability of the | ||
472 | respective protocols or APIs: | ||
473 | |||
474 | @multitable @columnfractions .20 .20 .20 .20 | ||
475 | @headitem Subsystem @tab P2P @tab IPC @tab C API | ||
476 | @item util @tab n/a @tab n/a @tab stable | ||
477 | @item arm @tab n/a @tab stable @tab stable | ||
478 | @item ats @tab n/a @tab unstable @tab testing | ||
479 | @item block @tab n/a @tab n/a @tab stable | ||
480 | @item cadet @tab testing @tab testing @tab testing | ||
481 | @item consensus @tab experimental @tab experimental @tab experimental | ||
482 | @item core @tab stable @tab stable @tab stable | ||
483 | @item datacache @tab n/a @tab n/a @tab stable | ||
484 | @item datastore @tab n/a @tab stable @tab stable | ||
485 | @item dht @tab stable @tab stable @tab stable | ||
486 | @item dns @tab stable @tab stable @tab stable | ||
487 | @item dv @tab testing @tab testing @tab n/a | ||
488 | @item exit @tab testing @tab n/a @tab n/a | ||
489 | @item fragmentation @tab stable @tab n/a @tab stable | ||
490 | @item fs @tab stable @tab stable @tab stable | ||
491 | @item gns @tab stable @tab stable @tab stable | ||
492 | @item hello @tab n/a @tab n/a @tab testing | ||
493 | @item hostlist @tab stable @tab stable @tab n/a | ||
494 | @item identity @tab stable @tab stable @tab n/a | ||
495 | @item multicast @tab experimental @tab experimental @tab experimental | ||
496 | @item mysql @tab stable @tab n/a @tab stable | ||
497 | @item namestore @tab n/a @tab stable @tab stable | ||
498 | @item nat @tab n/a @tab n/a @tab stable | ||
499 | @item nse @tab stable @tab stable @tab stable | ||
500 | @item peerinfo @tab n/a @tab stable @tab stable | ||
501 | @item psyc @tab experimental @tab experimental @tab experimental | ||
502 | @item pt @tab n/a @tab n/a @tab n/a | ||
503 | @item regex @tab stable @tab stable @tab stable | ||
504 | @item revocation @tab stable @tab stable @tab stable | ||
505 | @item social @tab experimental @tab experimental @tab experimental | ||
506 | @item statistics @tab n/a @tab stable @tab stable | ||
507 | @item testbed @tab n/a @tab testing @tab testing | ||
508 | @item testing @tab n/a @tab n/a @tab testing | ||
509 | @item topology @tab n/a @tab n/a @tab n/a | ||
510 | @item transport @tab stable @tab stable @tab stable | ||
511 | @item tun @tab n/a @tab n/a @tab stable | ||
512 | @item vpn @tab testing @tab n/a @tab n/a | ||
513 | @end multitable | ||
514 | |||
515 | Here is a rough explanation of the values: | ||
516 | |||
517 | @table @samp | ||
518 | @item stable | ||
519 | No incompatible changes are planned at this time; for IPC/APIs, if | ||
520 | there are incompatible changes, they will be minor and might only require | ||
521 | minimal changes to existing code; for P2P, changes will be avoided if at | ||
522 | all possible for the 0.10.x-series | ||
523 | |||
524 | @item testing | ||
525 | No incompatible changes are | ||
526 | planned at this time, but the code is still known to be in flux; so while | ||
527 | we have no concrete plans, our expectation is that there will still be | ||
528 | minor modifications; for P2P, changes will likely be extensions that | ||
529 | should not break existing code | ||
530 | |||
531 | @item unstable | ||
532 | Changes are planned and will happen; however, they | ||
533 | will not be totally radical and the result should still resemble what is | ||
534 | there now; nevertheless, anticipated changes will break protocol/API | ||
535 | compatibility | ||
536 | |||
537 | @item experimental | ||
538 | Changes are planned and the result may look nothing like | ||
539 | what the API/protocol looks like today | ||
540 | |||
541 | @item unknown | ||
542 | Someone should think about where this subsystem headed | ||
543 | |||
544 | @item n/a | ||
545 | This subsystem does not have an API/IPC-protocol/P2P-protocol | ||
546 | @end table | ||
547 | |||
548 | @c *********************************************************************** | ||
549 | @node Naming conventions and coding style guide | ||
550 | @section Naming conventions and coding style guide | ||
551 | |||
552 | Here you can find some rules to help you write code for GNUnet. | ||
553 | |||
554 | |||
555 | |||
556 | @c *********************************************************************** | ||
557 | @menu | ||
558 | * Naming conventions:: | ||
559 | * Coding style:: | ||
560 | @end menu | ||
561 | |||
562 | @node Naming conventions | ||
563 | @subsection Naming conventions | ||
564 | |||
565 | |||
566 | @c *********************************************************************** | ||
567 | @menu | ||
568 | * include files:: | ||
569 | * binaries:: | ||
570 | * logging:: | ||
571 | * configuration:: | ||
572 | * exported symbols:: | ||
573 | * private (library-internal) symbols (including structs and macros):: | ||
574 | * testcases:: | ||
575 | * performance tests:: | ||
576 | * src/ directories:: | ||
577 | @end menu | ||
578 | |||
579 | @node include files | ||
580 | @subsubsection include files | ||
581 | |||
582 | @itemize @bullet | ||
583 | @item _lib: library without need for a process | ||
584 | @item _service: library that needs a service process | ||
585 | @item _plugin: plugin definition | ||
586 | @item _protocol: structs used in network protocol | ||
587 | @item exceptions: | ||
588 | @itemize @bullet | ||
589 | @item gnunet_config.h --- generated | ||
590 | @item platform.h --- first included | ||
591 | @item plibc.h --- external library | ||
592 | @item gnunet_common.h --- fundamental routines | ||
593 | @item gnunet_directories.h --- generated | ||
594 | @item gettext.h --- external library | ||
595 | @end itemize | ||
596 | @end itemize | ||
597 | |||
598 | @c *********************************************************************** | ||
599 | @node binaries | ||
600 | @subsubsection binaries | ||
601 | |||
602 | @itemize @bullet | ||
603 | @item gnunet-service-xxx: service process (has listen socket) | ||
604 | @item gnunet-daemon-xxx: daemon process (no listen socket) | ||
605 | @item gnunet-helper-xxx[-yyy]: SUID helper for module xxx | ||
606 | @item gnunet-yyy: command-line tool for end-users | ||
607 | @item libgnunet_plugin_xxx_yyy.so: plugin for API xxx | ||
608 | @item libgnunetxxx.so: library for API xxx | ||
609 | @end itemize | ||
610 | |||
611 | @c *********************************************************************** | ||
612 | @node logging | ||
613 | @subsubsection logging | ||
614 | |||
615 | @itemize @bullet | ||
616 | @item services and daemons use their directory name in GNUNET_log_setup | ||
617 | (i.e. 'core') and log using plain 'GNUNET_log'. | ||
618 | @item command-line tools use their full name in GNUNET_log_setup (i.e. | ||
619 | 'gnunet-publish') and log using plain 'GNUNET_log'. | ||
620 | @item service access libraries log using 'GNUNET_log_from' and use | ||
621 | 'DIRNAME-api' for the component (i.e. 'core-api') | ||
622 | @item pure libraries (without associated service) use 'GNUNET_log_from' | ||
623 | with the component set to their library name (without lib or '.so'), | ||
624 | which should also be their directory name (i.e. 'nat') | ||
625 | @item plugins should use 'GNUNET_log_from' with the directory name and the | ||
626 | plugin name combined to produce the component name (i.e. 'transport-tcp'). | ||
627 | @item logging should be unified per-file by defining a LOG macro with the | ||
628 | appropriate arguments, along these lines:@ #define LOG(kind,...) | ||
629 | GNUNET_log_from (kind, "example-api",__VA_ARGS__) | ||
630 | @end itemize | ||
631 | |||
632 | @c *********************************************************************** | ||
633 | @node configuration | ||
634 | @subsubsection configuration | ||
635 | |||
636 | @itemize @bullet | ||
637 | @item paths (that are substituted in all filenames) are in PATHS (have as | ||
638 | few as possible) | ||
639 | @item all options for a particular module (src/MODULE) are under [MODULE] | ||
640 | @item options for a plugin of a module are under [MODULE-PLUGINNAME] | ||
641 | @end itemize | ||
642 | |||
643 | @c *********************************************************************** | ||
644 | @node exported symbols | ||
645 | @subsubsection exported symbols | ||
646 | |||
647 | @itemize @bullet | ||
648 | @item must start with "GNUNET_modulename_" and be defined in | ||
649 | "modulename.c" | ||
650 | @item exceptions: those defined in gnunet_common.h | ||
651 | @end itemize | ||
652 | |||
653 | @c *********************************************************************** | ||
654 | @node private (library-internal) symbols (including structs and macros) | ||
655 | @subsubsection private (library-internal) symbols (including structs and macros) | ||
656 | |||
657 | @itemize @bullet | ||
658 | @item must NOT start with any prefix | ||
659 | @item must not be exported in a way that linkers could use them or@ other | ||
660 | libraries might see them via headers; they must be either@ | ||
661 | declared/defined in C source files or in headers that are in@ the | ||
662 | respective directory under src/modulename/ and NEVER be@ declared | ||
663 | in src/include/. | ||
664 | @end itemize | ||
665 | |||
666 | @node testcases | ||
667 | @subsubsection testcases | ||
668 | |||
669 | @itemize @bullet | ||
670 | @item must be called "test_module-under-test_case-description.c" | ||
671 | @item "case-description" maybe omitted if there is only one test | ||
672 | @end itemize | ||
673 | |||
674 | @c *********************************************************************** | ||
675 | @node performance tests | ||
676 | @subsubsection performance tests | ||
677 | |||
678 | @itemize @bullet | ||
679 | @item must be called "perf_module-under-test_case-description.c" | ||
680 | @item "case-description" maybe omitted if there is only one performance | ||
681 | test | ||
682 | @item Must only be run if HAVE_BENCHMARKS is satisfied | ||
683 | @end itemize | ||
684 | |||
685 | @c *********************************************************************** | ||
686 | @node src/ directories | ||
687 | @subsubsection src/ directories | ||
688 | |||
689 | @itemize @bullet | ||
690 | @item gnunet-NAME: end-user applications (i.e., gnunet-search, gnunet-arm) | ||
691 | @item gnunet-service-NAME: service processes with accessor library (i.e., | ||
692 | gnunet-service-arm) | ||
693 | @item libgnunetNAME: accessor library (_service.h-header) or standalone | ||
694 | library (_lib.h-header) | ||
695 | @item gnunet-daemon-NAME: daemon process without accessor library (i.e., | ||
696 | gnunet-daemon-hostlist) and no GNUnet management port | ||
697 | @item libgnunet_plugin_DIR_NAME: loadable plugins (i.e., | ||
698 | libgnunet_plugin_transport_tcp) | ||
699 | @end itemize | ||
700 | |||
701 | @c *********************************************************************** | ||
702 | @node Coding style | ||
703 | @subsection Coding style | ||
704 | |||
705 | @itemize @bullet | ||
706 | @item GNU guidelines generally apply | ||
707 | @item Indentation is done with spaces, two per level, no tabs | ||
708 | @item C99 struct initialization is fine | ||
709 | @item declare only one variable per line, so@ | ||
710 | |||
711 | @example | ||
712 | int i; int j; | ||
713 | @end example | ||
714 | |||
715 | instead of | ||
716 | |||
717 | @example | ||
718 | int i,j; | ||
719 | @end example | ||
720 | |||
721 | This helps keep diffs small and forces developers to think precisely about | ||
722 | the type of every variable. Note that @code{char *} is different from | ||
723 | @code{const char*} and @code{int} is different from @code{unsigned int} | ||
724 | or @code{uint32_t}. Each variable type should be chosen with care. | ||
725 | |||
726 | @item While @code{goto} should generally be avoided, having a @code{goto} | ||
727 | to the end of a function to a block of clean up statements (free, close, | ||
728 | etc.) can be acceptable. | ||
729 | |||
730 | @item Conditions should be written with constants on the left (to avoid | ||
731 | accidental assignment) and with the 'true' target being either the | ||
732 | 'error' case or the significantly simpler continuation. For example: | ||
733 | |||
734 | @example | ||
735 | if (0 != stat ("filename," &sbuf)) @{ error(); @} else @{ | ||
736 | /* handle normal case here */ | ||
737 | @} | ||
738 | @end example | ||
739 | |||
740 | instead of | ||
741 | |||
742 | @example | ||
743 | if (stat ("filename," &sbuf) == 0) @{ | ||
744 | /* handle normal case here */ | ||
745 | @} else @{ error(); @} | ||
746 | @end example | ||
747 | |||
748 | If possible, the error clause should be terminated with a 'return' (or | ||
749 | 'goto' to some cleanup routine) and in this case, the 'else' clause | ||
750 | should be omitted: | ||
751 | |||
752 | @example | ||
753 | if (0 != stat ("filename," &sbuf)) @{ error(); return; @} | ||
754 | /* handle normal case here */ | ||
755 | @end example | ||
756 | |||
757 | This serves to avoid deep nesting. The 'constants on the left' rule | ||
758 | applies to all constants (including. @code{GNUNET_SCHEDULER_NO_TASK}), | ||
759 | NULL, and enums). With the two above rules (constants on left, errors in | ||
760 | 'true' branch), there is only one way to write most branches correctly. | ||
761 | |||
762 | @item Combined assignments and tests are allowed if they do not hinder | ||
763 | code clarity. For example, one can write: | ||
764 | |||
765 | @example | ||
766 | if (NULL == (value = lookup_function())) @{ error(); return; @} | ||
767 | @end example | ||
768 | |||
769 | |||
770 | @item Use @code{break} and @code{continue} wherever possible to avoid | ||
771 | deep(er) nesting. Thus, we would write: | ||
772 | |||
773 | @example | ||
774 | next = head; while (NULL != (pos = next)) @{ next = pos->next; if (! | ||
775 | should_free (pos)) continue; GNUNET_CONTAINER_DLL_remove (head, tail, pos); | ||
776 | GNUNET_free (pos); @} | ||
777 | @end example | ||
778 | |||
779 | |||
780 | instead of | ||
781 | @example | ||
782 | next = head; while (NULL != (pos = next)) @{ next = | ||
783 | pos->next; if (should_free (pos)) @{ | ||
784 | /* unnecessary nesting! */ | ||
785 | GNUNET_CONTAINER_DLL_remove (head, tail, pos); GNUNET_free (pos); @} @} | ||
786 | @end example | ||
787 | |||
788 | |||
789 | @item We primarily use @code{for} and @code{while} loops. A @code{while} | ||
790 | loop is used if the method for advancing in the loop is not a | ||
791 | straightforward increment operation. In particular, we use: | ||
792 | |||
793 | @example | ||
794 | next = head; | ||
795 | while (NULL != (pos = next)) | ||
796 | @{ | ||
797 | next = pos->next; | ||
798 | if (! should_free (pos)) | ||
799 | continue; | ||
800 | GNUNET_CONTAINER_DLL_remove (head, tail, pos); | ||
801 | GNUNET_free (pos); | ||
802 | @} | ||
803 | @end example | ||
804 | |||
805 | |||
806 | to free entries in a list (as the iteration changes the structure of the | ||
807 | list due to the free; the equivalent @code{for} loop does no longer | ||
808 | follow the simple @code{for} paradigm of @code{for(INIT;TEST;INC)}). | ||
809 | However, for loops that do follow the simple @code{for} paradigm we do | ||
810 | use @code{for}, even if it involves linked lists: | ||
811 | |||
812 | @example | ||
813 | /* simple iteration over a linked list */ | ||
814 | for (pos = head; NULL != pos; pos = pos->next) | ||
815 | @{ | ||
816 | use (pos); | ||
817 | @} | ||
818 | @end example | ||
819 | |||
820 | |||
821 | @item The first argument to all higher-order functions in GNUnet must be | ||
822 | declared to be of type @code{void *} and is reserved for a closure. We do | ||
823 | not use inner functions, as trampolines would conflict with setups that | ||
824 | use non-executable stacks.@ The first statement in a higher-order | ||
825 | function, which unusually should be part of the variable declarations, | ||
826 | should assign the @code{cls} argument to the precise expected type. | ||
827 | For example: | ||
828 | |||
829 | @example | ||
830 | int callback (void *cls, char *args) @{ | ||
831 | struct Foo *foo = cls; int other_variables; | ||
832 | |||
833 | /* rest of function */ | ||
834 | @} | ||
835 | @end example | ||
836 | |||
837 | |||
838 | @item It is good practice to write complex @code{if} expressions instead | ||
839 | of using deeply nested @code{if} statements. However, except for addition | ||
840 | and multiplication, all operators should use parens. This is fine: | ||
841 | |||
842 | @example | ||
843 | if ( (1 == foo) || ((0 == bar) && (x != y)) ) | ||
844 | return x; | ||
845 | @end example | ||
846 | |||
847 | |||
848 | However, this is not: | ||
849 | @example | ||
850 | if (1 == foo) | ||
851 | return x; | ||
852 | if (0 == bar && x != y) | ||
853 | return x; | ||
854 | @end example | ||
855 | |||
856 | |||
857 | Note that splitting the @code{if} statement above is debateable as the | ||
858 | @code{return x} is a very trivial statement. However, once the logic after | ||
859 | the branch becomes more complicated (and is still identical), the "or" | ||
860 | formulation should be used for sure. | ||
861 | |||
862 | @item There should be two empty lines between the end of the function and | ||
863 | the comments describing the following function. There should be a single | ||
864 | empty line after the initial variable declarations of a function. If a | ||
865 | function has no local variables, there should be no initial empty line. If | ||
866 | a long function consists of several complex steps, those steps might be | ||
867 | separated by an empty line (possibly followed by a comment describing the | ||
868 | following step). The code should not contain empty lines in arbitrary | ||
869 | places; if in doubt, it is likely better to NOT have an empty line (this | ||
870 | way, more code will fit on the screen). | ||
871 | @end itemize | ||
872 | |||
873 | @c *********************************************************************** | ||
874 | @node Build-system | ||
875 | @section Build-system | ||
876 | |||
877 | If you have code that is likely not to compile or build rules you might | ||
878 | want to not trigger for most developers, use "if HAVE_EXPERIMENTAL" in | ||
879 | your Makefile.am. Then it is OK to (temporarily) add non-compiling (or | ||
880 | known-to-not-port) code. | ||
881 | |||
882 | If you want to compile all testcases but NOT run them, run configure with | ||
883 | the @code{--enable-test-suppression} option. | ||
884 | |||
885 | If you want to run all testcases, including those that take a while, run | ||
886 | configure with the @code{--enable-expensive-testcases} option. | ||
887 | |||
888 | If you want to compile and run benchmarks, run configure with the | ||
889 | @code{--enable-benchmarks} option. | ||
890 | |||
891 | If you want to obtain code coverage results, run configure with the | ||
892 | @code{--enable-coverage} option and run the coverage.sh script in | ||
893 | @file{contrib/}. | ||
894 | |||
895 | @c *********************************************************************** | ||
896 | @node Developing extensions for GNUnet using the gnunet-ext template | ||
897 | @section Developing extensions for GNUnet using the gnunet-ext template | ||
898 | |||
899 | |||
900 | For developers who want to write extensions for GNUnet we provide the | ||
901 | gnunet-ext template to provide an easy to use skeleton. | ||
902 | |||
903 | gnunet-ext contains the build environment and template files for the | ||
904 | development of GNUnet services, command line tools, APIs and tests. | ||
905 | |||
906 | First of all you have to obtain gnunet-ext from git: | ||
907 | |||
908 | @code{git clone https://gnunet.org/git/gnunet-ext.git} | ||
909 | |||
910 | The next step is to bootstrap and configure it. For configure you have to | ||
911 | provide the path containing GNUnet with | ||
912 | @code{--with-gnunet=/path/to/gnunet} and the prefix where you want the | ||
913 | install the extension using @code{--prefix=/path/to/install}: | ||
914 | |||
915 | @example | ||
916 | ./bootstrap | ||
917 | ./configure --prefix=/path/to/install --with-gnunet=/path/to/gnunet | ||
918 | @end example | ||
919 | |||
920 | When your GNUnet installation is not included in the default linker search | ||
921 | path, you have to add @code{/path/to/gnunet} to the file | ||
922 | @file{/etc/ld.so.conf} and run @code{ldconfig} or your add it to the | ||
923 | environmental variable @code{LD_LIBRARY_PATH} by using | ||
924 | |||
925 | @code{export LD_LIBRARY_PATH=/path/to/gnunet/lib} | ||
926 | |||
927 | @c *********************************************************************** | ||
928 | @node Writing testcases | ||
929 | @section Writing testcases | ||
930 | |||
931 | Ideally, any non-trivial GNUnet code should be covered by automated | ||
932 | testcases. Testcases should reside in the same place as the code that is | ||
933 | being tested. The name of source files implementing tests should begin | ||
934 | with "test_" followed by the name of the file that contains the code that | ||
935 | is being tested. | ||
936 | |||
937 | Testcases in GNUnet should be integrated with the autotools build system. | ||
938 | This way, developers and anyone building binary packages will be able to | ||
939 | run all testcases simply by running @code{make check}. The final | ||
940 | testcases shipped with the distribution should output at most some brief | ||
941 | progress information and not display debug messages by default. The | ||
942 | success or failure of a testcase must be indicated by returning zero | ||
943 | (success) or non-zero (failure) from the main method of the testcase. The | ||
944 | integration with the autotools is relatively straightforward and only | ||
945 | requires modifications to the @code{Makefile.am} in the directory | ||
946 | containing the testcase. For a testcase testing the code in @code{foo.c} | ||
947 | the @code{Makefile.am} would contain the following lines: | ||
948 | |||
949 | @example | ||
950 | check_PROGRAMS = test_foo TESTS = $(check_PROGRAMS) test_foo_SOURCES = | ||
951 | test_foo.c test_foo_LDADD = $(top_builddir)/src/util/libgnunetutil.la | ||
952 | @end example | ||
953 | |||
954 | Naturally, other libraries used by the testcase may be specified in the | ||
955 | @code{LDADD} directive as necessary. | ||
956 | |||
957 | Often testcases depend on additional input files, such as a configuration | ||
958 | file. These support files have to be listed using the EXTRA_DIST | ||
959 | directive in order to ensure that they are included in the distribution. | ||
960 | Example: | ||
961 | |||
962 | @example | ||
963 | EXTRA_DIST = test_foo_data.conf | ||
964 | @end example | ||
965 | |||
966 | Executing @code{make check} will run all testcases in the current | ||
967 | directory and all subdirectories. Testcases can be compiled individually | ||
968 | by running @code{make test_foo} and then invoked directly using | ||
969 | @code{./test_foo}. Note that due to the use of plugins in GNUnet, it is | ||
970 | typically necessary to run @code{make install} before running any | ||
971 | testcases. Thus the canonical command @code{make check install} has to be | ||
972 | changed to @code{make install check} for GNUnet. | ||
973 | |||
974 | @c *********************************************************************** | ||
975 | @node GNUnet's TESTING library | ||
976 | @section GNUnet's TESTING library | ||
977 | |||
978 | The TESTING library is used for writing testcases which involve starting a | ||
979 | single or multiple peers. While peers can also be started by testcases | ||
980 | using the ARM subsystem, using TESTING library provides an elegant way to | ||
981 | do this. The configurations of the peers are auto-generated from a given | ||
982 | template to have non-conflicting port numbers ensuring that peers' | ||
983 | services do not run into bind errors. This is achieved by testing ports' | ||
984 | availability by binding a listening socket to them before allocating them | ||
985 | to services in the generated configurations. | ||
986 | |||
987 | An another advantage while using TESTING is that it shortens the testcase | ||
988 | startup time as the hostkeys for peers are copied from a pre-computed set | ||
989 | of hostkeys instead of generating them at peer startup which may take a | ||
990 | considerable amount of time when starting multiple peers or on an embedded | ||
991 | processor. | ||
992 | |||
993 | TESTING also allows for certain services to be shared among peers. This | ||
994 | feature is invaluable when testing with multiple peers as it helps to | ||
995 | reduce the number of services run per each peer and hence the total | ||
996 | number of processes run per testcase. | ||
997 | |||
998 | TESTING library only handles creating, starting and stopping peers. | ||
999 | Features useful for testcases such as connecting peers in a topology are | ||
1000 | not available in TESTING but are available in the TESTBED subsystem. | ||
1001 | Furthermore, TESTING only creates peers on the localhost, however by | ||
1002 | using TESTBED testcases can benefit from creating peers across multiple | ||
1003 | hosts. | ||
1004 | |||
1005 | @menu | ||
1006 | * API:: | ||
1007 | * Finer control over peer stop:: | ||
1008 | * Helper functions:: | ||
1009 | * Testing with multiple processes:: | ||
1010 | @end menu | ||
1011 | |||
1012 | @c *********************************************************************** | ||
1013 | @node API | ||
1014 | @subsection API | ||
1015 | |||
1016 | TESTING abstracts a group of peers as a TESTING system. All peers in a | ||
1017 | system have common hostname and no two services of these peers have a | ||
1018 | same port or a UNIX domain socket path. | ||
1019 | |||
1020 | TESTING system can be created with the function | ||
1021 | @code{GNUNET_TESTING_system_create()} which returns a handle to the | ||
1022 | system. This function takes a directory path which is used for generating | ||
1023 | the configurations of peers, an IP address from which connections to the | ||
1024 | peers' services should be allowed, the hostname to be used in peers' | ||
1025 | configuration, and an array of shared service specifications of type | ||
1026 | @code{struct GNUNET_TESTING_SharedService}. | ||
1027 | |||
1028 | The shared service specification must specify the name of the service to | ||
1029 | share, the configuration pertaining to that shared service and the | ||
1030 | maximum number of peers that are allowed to share a single instance of | ||
1031 | the shared service. | ||
1032 | |||
1033 | TESTING system created with @code{GNUNET_TESTING_system_create()} chooses | ||
1034 | ports from the default range 12000 - 56000 while auto-generating | ||
1035 | configurations for peers. This range can be customised with the function | ||
1036 | @code{GNUNET_TESTING_system_create_with_portrange()}. This function is | ||
1037 | similar to @code{GNUNET_TESTING_system_create()} except that it take 2 | ||
1038 | additional parameters --- the start and end of the port range to use. | ||
1039 | |||
1040 | A TESTING system is destroyed with the funciton | ||
1041 | @code{GNUNET_TESTING_system_destory()}. This function takes the handle of | ||
1042 | the system and a flag to remove the files created in the directory used | ||
1043 | to generate configurations. | ||
1044 | |||
1045 | A peer is created with the function | ||
1046 | @code{GNUNET_TESTING_peer_configure()}. This functions takes the system | ||
1047 | handle, a configuration template from which the configuration for the peer | ||
1048 | is auto-generated and the index from where the hostkey for the peer has to | ||
1049 | be copied from. When successfull, this function returs a handle to the | ||
1050 | peer which can be used to start and stop it and to obtain the identity of | ||
1051 | the peer. If unsuccessful, a NULL pointer is returned with an error | ||
1052 | message. This function handles the generated configuration to have | ||
1053 | non-conflicting ports and paths. | ||
1054 | |||
1055 | Peers can be started and stopped by calling the functions | ||
1056 | @code{GNUNET_TESTING_peer_start()} and @code{GNUNET_TESTING_peer_stop()} | ||
1057 | respectively. A peer can be destroyed by calling the function | ||
1058 | @code{GNUNET_TESTING_peer_destroy}. When a peer is destroyed, the ports | ||
1059 | and paths in allocated in its configuration are reclaimed for usage in new | ||
1060 | peers. | ||
1061 | |||
1062 | @c *********************************************************************** | ||
1063 | @node Finer control over peer stop | ||
1064 | @subsection Finer control over peer stop | ||
1065 | |||
1066 | Using @code{GNUNET_TESTING_peer_stop()} is normally fine for testcases. | ||
1067 | However, calling this function for each peer is inefficient when trying to | ||
1068 | shutdown multiple peers as this function sends the termination signal to | ||
1069 | the given peer process and waits for it to terminate. It would be faster | ||
1070 | in this case to send the termination signals to the peers first and then | ||
1071 | wait on them. This is accomplished by the functions | ||
1072 | @code{GNUNET_TESTING_peer_kill()} which sends a termination signal to the | ||
1073 | peer, and the function @code{GNUNET_TESTING_peer_wait()} which waits on | ||
1074 | the peer. | ||
1075 | |||
1076 | Further finer control can be achieved by choosing to stop a peer | ||
1077 | asynchronously with the function @code{GNUNET_TESTING_peer_stop_async()}. | ||
1078 | This function takes a callback parameter and a closure for it in addition | ||
1079 | to the handle to the peer to stop. The callback function is called with | ||
1080 | the given closure when the peer is stopped. Using this function | ||
1081 | eliminates blocking while waiting for the peer to terminate. | ||
1082 | |||
1083 | An asynchronous peer stop can be cancelled by calling the function | ||
1084 | @code{GNUNET_TESTING_peer_stop_async_cancel()}. Note that calling this | ||
1085 | function does not prevent the peer from terminating if the termination | ||
1086 | signal has already been sent to it. It does, however, cancels the | ||
1087 | callback to be called when the peer is stopped. | ||
1088 | |||
1089 | @c *********************************************************************** | ||
1090 | @node Helper functions | ||
1091 | @subsection Helper functions | ||
1092 | |||
1093 | Most of the testcases can benefit from an abstraction which configures a | ||
1094 | peer and starts it. This is provided by the function | ||
1095 | @code{GNUNET_TESTING_peer_run()}. This function takes the testing | ||
1096 | directory pathname, a configuration template, a callback and its closure. | ||
1097 | This function creates a peer in the given testing directory by using the | ||
1098 | configuration template, starts the peer and calls the given callback with | ||
1099 | the given closure. | ||
1100 | |||
1101 | The function @code{GNUNET_TESTING_peer_run()} starts the ARM service of | ||
1102 | the peer which starts the rest of the configured services. A similar | ||
1103 | function @code{GNUNET_TESTING_service_run} can be used to just start a | ||
1104 | single service of a peer. In this case, the peer's ARM service is not | ||
1105 | started; instead, only the given service is run. | ||
1106 | |||
1107 | @c *********************************************************************** | ||
1108 | @node Testing with multiple processes | ||
1109 | @subsection Testing with multiple processes | ||
1110 | |||
1111 | When testing GNUnet, the splitting of the code into a services and clients | ||
1112 | often complicates testing. The solution to this is to have the testcase | ||
1113 | fork @code{gnunet-service-arm}, ask it to start the required server and | ||
1114 | daemon processes and then execute appropriate client actions (to test the | ||
1115 | client APIs or the core module or both). If necessary, multiple ARM | ||
1116 | services can be forked using different ports (!) to simulate a network. | ||
1117 | However, most of the time only one ARM process is needed. Note that on | ||
1118 | exit, the testcase should shutdown ARM with a @code{TERM} signal (to give | ||
1119 | it the chance to cleanly stop its child processes). | ||
1120 | |||
1121 | The following code illustrates spawning and killing an ARM process from a | ||
1122 | testcase: | ||
1123 | |||
1124 | @example | ||
1125 | static void run (void *cls, char *const *args, const char | ||
1126 | *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg) @{ struct | ||
1127 | GNUNET_OS_Process *arm_pid; arm_pid = GNUNET_OS_start_process (NULL, NULL, | ||
1128 | "gnunet-service-arm", "gnunet-service-arm", "-c", cfgname, NULL); | ||
1129 | /* do real test work here */ | ||
1130 | if (0 != GNUNET_OS_process_kill (arm_pid, SIGTERM)) GNUNET_log_strerror | ||
1131 | (GNUNET_ERROR_TYPE_WARNING, "kill"); GNUNET_assert (GNUNET_OK == | ||
1132 | GNUNET_OS_process_wait (arm_pid)); GNUNET_OS_process_close (arm_pid); @} | ||
1133 | |||
1134 | GNUNET_PROGRAM_run (argc, argv, "NAME-OF-TEST", "nohelp", options, &run, cls); | ||
1135 | @end example | ||
1136 | |||
1137 | |||
1138 | An alternative way that works well to test plugins is to implement a | ||
1139 | mock-version of the environment that the plugin expects and then to | ||
1140 | simply load the plugin directly. | ||
1141 | |||
1142 | @c *********************************************************************** | ||
1143 | @node Performance regression analysis with Gauger | ||
1144 | @section Performance regression analysis with Gauger | ||
1145 | |||
1146 | To help avoid performance regressions, GNUnet uses Gauger. Gauger is a | ||
1147 | simple logging tool that allows remote hosts to send performance data to | ||
1148 | a central server, where this data can be analyzed and visualized. Gauger | ||
1149 | shows graphs of the repository revisions and the performace data recorded | ||
1150 | for each revision, so sudden performance peaks or drops can be identified | ||
1151 | and linked to a specific revision number. | ||
1152 | |||
1153 | In the case of GNUnet, the buildbots log the performance data obtained | ||
1154 | during the tests after each build. The data can be accesed on GNUnet's | ||
1155 | Gauger page. | ||
1156 | |||
1157 | The menu on the left allows to select either the results of just one | ||
1158 | build bot (under "Hosts") or review the data from all hosts for a given | ||
1159 | test result (under "Metrics"). In case of very different absolute value | ||
1160 | of the results, for instance arm vs. amd64 machines, the option | ||
1161 | "Normalize" on a metric view can help to get an idea about the | ||
1162 | performance evolution across all hosts. | ||
1163 | |||
1164 | Using Gauger in GNUnet and having the performance of a module tracked over | ||
1165 | time is very easy. First of course, the testcase must generate some | ||
1166 | consistent metric, which makes sense to have logged. Highly volatile or | ||
1167 | random dependant metrics probably are not ideal candidates for meaningful | ||
1168 | regression detection. | ||
1169 | |||
1170 | To start logging any value, just include @code{gauger.h} in your testcase | ||
1171 | code. Then, use the macro @code{GAUGER()} to make the buildbots log | ||
1172 | whatever value is of interest for you to @code{gnunet.org}'s Gauger | ||
1173 | server. No setup is necessary as most buildbots have already everything | ||
1174 | in place and new metrics are created on demand. To delete a metric, you | ||
1175 | need to contact a member of the GNUnet development team (a file will need | ||
1176 | to be removed manually from the respective directory). | ||
1177 | |||
1178 | The code in the test should look like this: | ||
1179 | |||
1180 | @example | ||
1181 | [other includes] | ||
1182 | #include <gauger.h> | ||
1183 | |||
1184 | int main (int argc, char *argv[]) @{ | ||
1185 | |||
1186 | [run test, generate data] GAUGER("YOUR_MODULE", "METRIC_NAME", (float)value, | ||
1187 | "UNIT"); @} | ||
1188 | @end example | ||
1189 | |||
1190 | |||
1191 | Where: | ||
1192 | |||
1193 | @table @asis | ||
1194 | |||
1195 | @item @strong{YOUR_MODULE} is a category in the gauger page and should be | ||
1196 | the name of the module or subsystem like "Core" or "DHT" | ||
1197 | @item @strong{METRIC} is | ||
1198 | the name of the metric being collected and should be concise and | ||
1199 | descriptive, like "PUT operations in sqlite-datastore". | ||
1200 | @item @strong{value} is the value | ||
1201 | of the metric that is logged for this run. | ||
1202 | @item @strong{UNIT} is the unit in | ||
1203 | which the value is measured, for instance "kb/s" or "kb of RAM/node". | ||
1204 | @end table | ||
1205 | |||
1206 | If you wish to use Gauger for your own project, you can grab a copy of the | ||
1207 | latest stable release or check out Gauger's Subversion repository. | ||
1208 | |||
1209 | @c *********************************************************************** | ||
1210 | @node GNUnet's TESTBED Subsystem | ||
1211 | @section GNUnet's TESTBED Subsystem | ||
1212 | |||
1213 | The TESTBED subsystem facilitates testing and measuring of multi-peer | ||
1214 | deployments on a single host or over multiple hosts. | ||
1215 | |||
1216 | The architecture of the testbed module is divided into the following: | ||
1217 | @itemize @bullet | ||
1218 | |||
1219 | @item Testbed API: An API which is used by the testing driver programs. It | ||
1220 | provides with functions for creating, destroying, starting, stopping | ||
1221 | peers, etc. | ||
1222 | |||
1223 | @item Testbed service (controller): A service which is started through the | ||
1224 | Testbed API. This service handles operations to create, destroy, start, | ||
1225 | stop peers, connect them, modify their configurations. | ||
1226 | |||
1227 | @item Testbed helper: When a controller has to be started on a host, the | ||
1228 | testbed API starts the testbed helper on that host which in turn starts | ||
1229 | the controller. The testbed helper receives a configuration for the | ||
1230 | controller through its stdin and changes it to ensure the controller | ||
1231 | doesn't run into any port conflict on that host. | ||
1232 | @end itemize | ||
1233 | |||
1234 | |||
1235 | The testbed service (controller) is different from the other GNUnet | ||
1236 | services in that it is not started by ARM and is not supposed to be run | ||
1237 | as a daemon. It is started by the testbed API through a testbed helper. | ||
1238 | In a typical scenario involving multiple hosts, a controller is started | ||
1239 | on each host. Controllers take up the actual task of creating peers, | ||
1240 | starting and stopping them on the hosts they run. | ||
1241 | |||
1242 | While running deployments on a single localhost the testbed API starts the | ||
1243 | testbed helper directly as a child process. When running deployments on | ||
1244 | remote hosts the testbed API starts Testbed Helpers on each remote host | ||
1245 | through remote shell. By default testbed API uses SSH as a remote shell. | ||
1246 | This can be changed by setting the environmental variable | ||
1247 | GNUNET_TESTBED_RSH_CMD to the required remote shell program. This | ||
1248 | variable can also contain parameters which are to be passed to the remote | ||
1249 | shell program. For e.g: | ||
1250 | |||
1251 | @example | ||
1252 | export GNUNET_TESTBED_RSH_CMD="ssh -o BatchMode=yes \ | ||
1253 | -o NoHostAuthenticationForLocalhost=yes %h"@ | ||
1254 | @end example | ||
1255 | |||
1256 | Substitutions are allowed int the above command string also allows for | ||
1257 | substitions. through placemarks which begin with a `%'. At present the | ||
1258 | following substitutions are supported | ||
1259 | |||
1260 | @itemize @bullet | ||
1261 | @item | ||
1262 | %h: hostname | ||
1263 | @item | ||
1264 | %u: username | ||
1265 | @item | ||
1266 | %p: port | ||
1267 | @end itemize | ||
1268 | |||
1269 | Note that the substitution placemark is replaced only when the | ||
1270 | corresponding field is available and only once. Specifying @code{%u@@%h} | ||
1271 | doesn't work either. If you want to user username substitutions for SSH | ||
1272 | use the argument @code{-l} before the username substitution. | ||
1273 | Ex: @code{ssh -l %u -p %p %h} | ||
1274 | |||
1275 | The testbed API and the helper communicate through the helpers stdin and | ||
1276 | stdout. As the helper is started through a remote shell on remote hosts | ||
1277 | any output messages from the remote shell interfere with the communication | ||
1278 | and results in a failure while starting the helper. For this reason, it is | ||
1279 | suggested to use flags to make the remote shells produce no output | ||
1280 | messages and to have password-less logins. The default remote shell, SSH, | ||
1281 | the default options are: | ||
1282 | |||
1283 | @example | ||
1284 | -o BatchMode=yes -o NoHostBasedAuthenticationForLocalhost=yes" | ||
1285 | @end example | ||
1286 | |||
1287 | Password-less logins should be ensured by using SSH keys. | ||
1288 | |||
1289 | Since the testbed API executes the remote shell as a non-interactive | ||
1290 | shell, certain scripts like .bashrc, .profiler may not be executed. If | ||
1291 | this is the case testbed API can be forced to execute an interactive | ||
1292 | shell by setting up the environmental variable | ||
1293 | `GNUNET_TESTBED_RSH_CMD_SUFFIX' to a shell program. | ||
1294 | An example could be: | ||
1295 | |||
1296 | @example | ||
1297 | export GNUNET_TESTBED_RSH_CMD_SUFFIX="sh -lc" | ||
1298 | @end example | ||
1299 | |||
1300 | The testbed API will then execute the remote shell program as: | ||
1301 | |||
1302 | @example | ||
1303 | $GNUNET_TESTBED_RSH_CMD -p $port $dest $GNUNET_TESTBED_RSH_CMD_SUFFIX \ | ||
1304 | gnunet-helper-testbed | ||
1305 | @end example | ||
1306 | |||
1307 | On some systems, problems may arise while starting testbed helpers if | ||
1308 | GNUnet is installed into a custom location since the helper may not be | ||
1309 | found in the standard path. This can be addressed by setting the variable | ||
1310 | `HELPER_BINARY_PATH' to the path of the testbed helper. Testbed API will | ||
1311 | then use this path to start helper binaries both locally and remotely. | ||
1312 | |||
1313 | Testbed API can accessed by including "gnunet_testbed_service.h" file and | ||
1314 | linking with -lgnunettestbed. | ||
1315 | |||
1316 | |||
1317 | |||
1318 | @c *********************************************************************** | ||
1319 | @menu | ||
1320 | * Supported Topologies:: | ||
1321 | * Hosts file format:: | ||
1322 | * Topology file format:: | ||
1323 | * Testbed Barriers:: | ||
1324 | * Automatic large-scale deployment of GNUnet in the PlanetLab testbed:: | ||
1325 | * TESTBED Caveats:: | ||
1326 | @end menu | ||
1327 | |||
1328 | @node Supported Topologies | ||
1329 | @subsection Supported Topologies | ||
1330 | |||
1331 | While testing multi-peer deployments, it is often needed that the peers | ||
1332 | are connected in some topology. This requirement is addressed by the | ||
1333 | function @code{GNUNET_TESTBED_overlay_connect()} which connects any given | ||
1334 | two peers in the testbed. | ||
1335 | |||
1336 | The API also provides a helper function | ||
1337 | @code{GNUNET_TESTBED_overlay_configure_topology()} to connect a given set | ||
1338 | of peers in any of the following supported topologies: | ||
1339 | |||
1340 | @itemize @bullet | ||
1341 | |||
1342 | @item @code{GNUNET_TESTBED_TOPOLOGY_CLIQUE}: All peers are connected with | ||
1343 | each other | ||
1344 | |||
1345 | @item @code{GNUNET_TESTBED_TOPOLOGY_LINE}: Peers are connected to form a | ||
1346 | line | ||
1347 | |||
1348 | @item @code{GNUNET_TESTBED_TOPOLOGY_RING}: Peers are connected to form a | ||
1349 | ring topology | ||
1350 | |||
1351 | @item @code{GNUNET_TESTBED_TOPOLOGY_2D_TORUS}: Peers are connected to | ||
1352 | form a 2 dimensional torus topology. The number of peers may not be a | ||
1353 | perfect square, in that case the resulting torus may not have the uniform | ||
1354 | poloidal and toroidal lengths | ||
1355 | |||
1356 | @item @code{GNUNET_TESTBED_TOPOLOGY_ERDOS_RENYI}: Topology is generated | ||
1357 | to form a random graph. The number of links to be present should be given | ||
1358 | |||
1359 | @item @code{GNUNET_TESTBED_TOPOLOGY_SMALL_WORLD}: Peers are connected to | ||
1360 | form a 2D Torus with some random links among them. The number of random | ||
1361 | links are to be given | ||
1362 | |||
1363 | @item @code{GNUNET_TESTBED_TOPOLOGY_SMALL_WORLD_RING}: Peers are | ||
1364 | connected to form a ring with some random links among them. The number of | ||
1365 | random links are to be given | ||
1366 | |||
1367 | @item @code{GNUNET_TESTBED_TOPOLOGY_SCALE_FREE}: Connects peers in a | ||
1368 | topology where peer connectivity follows power law - new peers are | ||
1369 | connected with high probabililty to well connected peers. | ||
1370 | @footnote{See Emergence of Scaling in Random Networks. Science 286, | ||
1371 | 509-512, 1999.} | ||
1372 | |||
1373 | @item @code{GNUNET_TESTBED_TOPOLOGY_FROM_FILE}: The topology information | ||
1374 | is loaded from a file. The path to the file has to be given. See Topology | ||
1375 | file format for the format of this file. | ||
1376 | |||
1377 | @item @code{GNUNET_TESTBED_TOPOLOGY_NONE}: No topology | ||
1378 | @end itemize | ||
1379 | |||
1380 | |||
1381 | The above supported topologies can be specified respectively by setting | ||
1382 | the variable @code{OVERLAY_TOPOLOGY} to the following values in the | ||
1383 | configuration passed to Testbed API functions | ||
1384 | @code{GNUNET_TESTBED_test_run()} and | ||
1385 | @code{GNUNET_TESTBED_run()}: | ||
1386 | @itemize @bullet | ||
1387 | @item @code{CLIQUE} | ||
1388 | @item @code{RING} | ||
1389 | @item @code{LINE} | ||
1390 | @item @code{2D_TORUS} | ||
1391 | @item @code{RANDOM} | ||
1392 | @item @code{SMALL_WORLD} | ||
1393 | @item @code{SMALL_WORLD_RING} | ||
1394 | @item @code{SCALE_FREE} | ||
1395 | @item @code{FROM_FILE} | ||
1396 | @item @code{NONE} | ||
1397 | @end itemize | ||
1398 | |||
1399 | |||
1400 | Topologies @code{RANDOM}, @code{SMALL_WORLD} and @code{SMALL_WORLD_RING} | ||
1401 | require the option @code{OVERLAY_RANDOM_LINKS} to be set to the number of | ||
1402 | random links to be generated in the configuration. The option will be | ||
1403 | ignored for the rest of the topologies. | ||
1404 | |||
1405 | Topology @code{SCALE_FREE} requires the options | ||
1406 | @code{SCALE_FREE_TOPOLOGY_CAP} to be set to the maximum number of peers | ||
1407 | which can connect to a peer and @code{SCALE_FREE_TOPOLOGY_M} to be set to | ||
1408 | how many peers a peer should be atleast connected to. | ||
1409 | |||
1410 | Similarly, the topology @code{FROM_FILE} requires the option | ||
1411 | @code{OVERLAY_TOPOLOGY_FILE} to contain the path of the file containing | ||
1412 | the topology information. This option is ignored for the rest of the | ||
1413 | topologies. See Topology file format for the format of this file. | ||
1414 | |||
1415 | @c *********************************************************************** | ||
1416 | @node Hosts file format | ||
1417 | @subsection Hosts file format | ||
1418 | |||
1419 | The testbed API offers the function GNUNET_TESTBED_hosts_load_from_file() | ||
1420 | to load from a given file details about the hosts which testbed can use | ||
1421 | for deploying peers. This function is useful to keep the data about hosts | ||
1422 | separate instead of hard coding them in code. | ||
1423 | |||
1424 | Another helper function from testbed API, GNUNET_TESTBED_run() also takes | ||
1425 | a hosts file name as its parameter. It uses the above function to | ||
1426 | populate the hosts data structures and start controllers to deploy peers. | ||
1427 | |||
1428 | These functions require the hosts file to be of the following format: | ||
1429 | @itemize @bullet | ||
1430 | @item Each line is interpreted to have details about a host | ||
1431 | @item Host details should include the username to use for logging into the | ||
1432 | host, the hostname of the host and the port number to use for the remote | ||
1433 | shell program. All thee values should be given. | ||
1434 | @item These details should be given in the following format: | ||
1435 | @code{<username>@@<hostname>:<port>} | ||
1436 | @end itemize | ||
1437 | |||
1438 | Note that having canonical hostnames may cause problems while resolving | ||
1439 | the IP addresses (See this bug). Hence it is advised to provide the hosts' | ||
1440 | IP numerical addresses as hostnames whenever possible. | ||
1441 | |||
1442 | @c *********************************************************************** | ||
1443 | @node Topology file format | ||
1444 | @subsection Topology file format | ||
1445 | |||
1446 | A topology file describes how peers are to be connected. It should adhere | ||
1447 | to the following format for testbed to parse it correctly. | ||
1448 | |||
1449 | Each line should begin with the target peer id. This should be followed by | ||
1450 | a colon(`:') and origin peer ids seperated by `|'. All spaces except for | ||
1451 | newline characters are ignored. The API will then try to connect each | ||
1452 | origin peer to the target peer. | ||
1453 | |||
1454 | For example, the following file will result in 5 overlay connections: | ||
1455 | [2->1], [3->1],[4->3], [0->3], [2->0]@ @code{@ 1:2|3@ 3:4| 0@ 0: 2@ } | ||
1456 | |||
1457 | @c *********************************************************************** | ||
1458 | @node Testbed Barriers | ||
1459 | @subsection Testbed Barriers | ||
1460 | |||
1461 | The testbed subsystem's barriers API facilitates coordination among the | ||
1462 | peers run by the testbed and the experiment driver. The concept is | ||
1463 | similar to the barrier synchronisation mechanism found in parallel | ||
1464 | programming or multi-threading paradigms - a peer waits at a barrier upon | ||
1465 | reaching it until the barrier is reached by a predefined number of peers. | ||
1466 | This predefined number of peers required to cross a barrier is also called | ||
1467 | quorum. We say a peer has reached a barrier if the peer is waiting for the | ||
1468 | barrier to be crossed. Similarly a barrier is said to be reached if the | ||
1469 | required quorum of peers reach the barrier. A barrier which is reached is | ||
1470 | deemed as crossed after all the peers waiting on it are notified. | ||
1471 | |||
1472 | The barriers API provides the following functions: | ||
1473 | @itemize @bullet | ||
1474 | @item @strong{@code{GNUNET_TESTBED_barrier_init()}:} function to | ||
1475 | initialse a barrier in the experiment | ||
1476 | @item @strong{@code{GNUNET_TESTBED_barrier_cancel()}:} function to cancel | ||
1477 | a barrier which has been initialised before | ||
1478 | @item @strong{@code{GNUNET_TESTBED_barrier_wait()}:} function to signal | ||
1479 | barrier service that the caller has reached a barrier and is waiting for | ||
1480 | it to be crossed | ||
1481 | @item @strong{@code{GNUNET_TESTBED_barrier_wait_cancel()}:} function to | ||
1482 | stop waiting for a barrier to be crossed | ||
1483 | @end itemize | ||
1484 | |||
1485 | |||
1486 | Among the above functions, the first two, namely | ||
1487 | @code{GNUNET_TESTBED_barrier_init()} and | ||
1488 | @code{GNUNET_TESTBED_barrier_cancel()} are used by experiment drivers. All | ||
1489 | barriers should be initialised by the experiment driver by calling | ||
1490 | @code{GNUNET_TESTBED_barrier_init()}. This function takes a name to | ||
1491 | identify the barrier, the quorum required for the barrier to be crossed | ||
1492 | and a notification callback for notifying the experiment driver when the | ||
1493 | barrier is crossed. @code{GNUNET_TESTBED_barrier_cancel()} cancels an | ||
1494 | initialised barrier and frees the resources allocated for it. This | ||
1495 | function can be called upon a initialised barrier before it is crossed. | ||
1496 | |||
1497 | The remaining two functions @code{GNUNET_TESTBED_barrier_wait()} and | ||
1498 | @code{GNUNET_TESTBED_barrier_wait_cancel()} are used in the peer's | ||
1499 | processes. @code{GNUNET_TESTBED_barrier_wait()} connects to the local | ||
1500 | barrier service running on the same host the peer is running on and | ||
1501 | registers that the caller has reached the barrier and is waiting for the | ||
1502 | barrier to be crossed. Note that this function can only be used by peers | ||
1503 | which are started by testbed as this function tries to access the local | ||
1504 | barrier service which is part of the testbed controller service. Calling | ||
1505 | @code{GNUNET_TESTBED_barrier_wait()} on an uninitialised barrier results | ||
1506 | in failure. @code{GNUNET_TESTBED_barrier_wait_cancel()} cancels the | ||
1507 | notification registered by @code{GNUNET_TESTBED_barrier_wait()}. | ||
1508 | |||
1509 | |||
1510 | @c *********************************************************************** | ||
1511 | @menu | ||
1512 | * Implementation:: | ||
1513 | @end menu | ||
1514 | |||
1515 | @node Implementation | ||
1516 | @subsubsection Implementation | ||
1517 | |||
1518 | Since barriers involve coordination between experiment driver and peers, | ||
1519 | the barrier service in the testbed controller is split into two | ||
1520 | components. The first component responds to the message generated by the | ||
1521 | barrier API used by the experiment driver (functions | ||
1522 | @code{GNUNET_TESTBED_barrier_init()} and | ||
1523 | @code{GNUNET_TESTBED_barrier_cancel()}) and the second component to the | ||
1524 | messages generated by barrier API used by peers (functions | ||
1525 | @code{GNUNET_TESTBED_barrier_wait()} and | ||
1526 | @code{GNUNET_TESTBED_barrier_wait_cancel()}). | ||
1527 | |||
1528 | Calling @code{GNUNET_TESTBED_barrier_init()} sends a | ||
1529 | @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_INIT} message to the master | ||
1530 | controller. The master controller then registers a barrier and calls | ||
1531 | @code{GNUNET_TESTBED_barrier_init()} for each its subcontrollers. In this | ||
1532 | way barrier initialisation is propagated to the controller hierarchy. | ||
1533 | While propagating initialisation, any errors at a subcontroller such as | ||
1534 | timeout during further propagation are reported up the hierarchy back to | ||
1535 | the experiment driver. | ||
1536 | |||
1537 | Similar to @code{GNUNET_TESTBED_barrier_init()}, | ||
1538 | @code{GNUNET_TESTBED_barrier_cancel()} propagates | ||
1539 | @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_CANCEL} message which causes | ||
1540 | controllers to remove an initialised barrier. | ||
1541 | |||
1542 | The second component is implemented as a separate service in the binary | ||
1543 | `gnunet-service-testbed' which already has the testbed controller service. | ||
1544 | Although this deviates from the gnunet process architecture of having one | ||
1545 | service per binary, it is needed in this case as this component needs | ||
1546 | access to barrier data created by the first component. This component | ||
1547 | responds to @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_WAIT} messages from | ||
1548 | local peers when they call @code{GNUNET_TESTBED_barrier_wait()}. Upon | ||
1549 | receiving @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_WAIT} message, the | ||
1550 | service checks if the requested barrier has been initialised before and | ||
1551 | if it was not initialised, an error status is sent through | ||
1552 | @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_STATUS} message to the local | ||
1553 | peer and the connection from the peer is terminated. If the barrier is | ||
1554 | initialised before, the barrier's counter for reached peers is incremented | ||
1555 | and a notification is registered to notify the peer when the barrier is | ||
1556 | reached. The connection from the peer is left open. | ||
1557 | |||
1558 | When enough peers required to attain the quorum send | ||
1559 | @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_WAIT} messages, the controller | ||
1560 | sends a @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_STATUS} message to its | ||
1561 | parent informing that the barrier is crossed. If the controller has | ||
1562 | started further subcontrollers, it delays this message until it receives | ||
1563 | a similar notification from each of those subcontrollers. Finally, the | ||
1564 | barriers API at the experiment driver receives the | ||
1565 | @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_STATUS} when the barrier is | ||
1566 | reached at all the controllers. | ||
1567 | |||
1568 | The barriers API at the experiment driver responds to the | ||
1569 | @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_STATUS} message by echoing it | ||
1570 | back to the master controller and notifying the experiment controller | ||
1571 | through the notification callback that a barrier has been crossed. The | ||
1572 | echoed @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_STATUS} message is | ||
1573 | propagated by the master controller to the controller hierarchy. This | ||
1574 | propagation triggers the notifications registered by peers at each of the | ||
1575 | controllers in the hierarchy. Note the difference between this downward | ||
1576 | propagation of the @code{GNUNET_MESSAGE_TYPE_TESTBED_BARRIER_STATUS} | ||
1577 | message from its upward propagation --- the upward propagation is needed | ||
1578 | for ensuring that the barrier is reached by all the controllers and the | ||
1579 | downward propagation is for triggering that the barrier is crossed. | ||
1580 | |||
1581 | @c *********************************************************************** | ||
1582 | @node Automatic large-scale deployment of GNUnet in the PlanetLab testbed | ||
1583 | @subsection Automatic large-scale deployment of GNUnet in the PlanetLab testbed | ||
1584 | |||
1585 | PlanetLab is as a testbed for computer networking and distributed systems | ||
1586 | research. It was established in 2002 and as of June 2010 was composed of | ||
1587 | 1090 nodes at 507 sites worldwide. | ||
1588 | |||
1589 | To automate the GNUnet we created a set of automation tools to simplify | ||
1590 | the large-scale deployment. We provide you a set of scripts you can use | ||
1591 | to deploy GNUnet on a set of nodes and manage your installation. | ||
1592 | |||
1593 | Please also check @uref{https://gnunet.org/installation-fedora8-svn} and | ||
1594 | @uref{https://gnunet.org/installation-fedora12-svn} to find detailled | ||
1595 | instructions how to install GNUnet on a PlanetLab node. | ||
1596 | |||
1597 | |||
1598 | @c *********************************************************************** | ||
1599 | @menu | ||
1600 | * PlanetLab Automation for Fedora8 nodes:: | ||
1601 | * Install buildslave on PlanetLab nodes running fedora core 8:: | ||
1602 | * Setup a new PlanetLab testbed using GPLMT:: | ||
1603 | * Why do i get an ssh error when using the regex profiler?:: | ||
1604 | @end menu | ||
1605 | |||
1606 | @node PlanetLab Automation for Fedora8 nodes | ||
1607 | @subsubsection PlanetLab Automation for Fedora8 nodes | ||
1608 | |||
1609 | @c *********************************************************************** | ||
1610 | @node Install buildslave on PlanetLab nodes running fedora core 8 | ||
1611 | @subsubsection Install buildslave on PlanetLab nodes running fedora core 8 | ||
1612 | @c ** Actually this is a subsubsubsection, but must be fixed differently | ||
1613 | @c ** as subsubsection is the lowest. | ||
1614 | |||
1615 | Since most of the PlanetLab nodes are running the very old fedora core 8 | ||
1616 | image, installing the buildslave software is quite some pain. For our | ||
1617 | PlanetLab testbed we figured out how to install the buildslave software | ||
1618 | best. | ||
1619 | |||
1620 | @c This is a vvery terrible way to suggest installing software. | ||
1621 | @c FIXME: Is there an official, safer way instead of blind-piping a | ||
1622 | @c script? | ||
1623 | @c FIXME: Use newer pypi URLs below. | ||
1624 | Install Distribute for python:@ @code{@ curl | ||
1625 | http://python-distribute.org/distribute_setup.py | sudo python@ } | ||
1626 | |||
1627 | Install Distribute for zope.interface <= 3.8.0 (4.0 and 4.0.1 will not | ||
1628 | work): | ||
1629 | |||
1630 | @example | ||
1631 | wget https://pypi.python.org/packages/source/z/zope.interface/zope.interface-3.8.0.tar.gz | ||
1632 | tar zvfz zope.interface-3.8.0.tar.gz@ cd zope.interface-3.8.0 | ||
1633 | sudo python setup.py install | ||
1634 | @end example | ||
1635 | |||
1636 | Install the buildslave software (0.8.6 was the latest version): | ||
1637 | |||
1638 | @example | ||
1639 | wget http://buildbot.googlecode.com/files/buildbot-slave-0.8.6p1.tar.gz | ||
1640 | tar xvfz buildbot-slave-0.8.6p1.tar.gz@ cd buildslave-0.8.6p1 | ||
1641 | sudo python setup.py install | ||
1642 | @end example | ||
1643 | |||
1644 | The setup will download the matching twisted package and install it. | ||
1645 | It will also try to install the latest version of zope.interface which | ||
1646 | will fail to install. Buildslave will work anyway since version 3.8.0 | ||
1647 | was installed before! | ||
1648 | |||
1649 | @c *********************************************************************** | ||
1650 | @node Setup a new PlanetLab testbed using GPLMT | ||
1651 | @subsubsection Setup a new PlanetLab testbed using GPLMT | ||
1652 | |||
1653 | @itemize @bullet | ||
1654 | @item Get a new slice and assign nodes | ||
1655 | Ask your PlanetLab PI to give you a new slice and assign the nodes you | ||
1656 | need | ||
1657 | @item Install a buildmaster | ||
1658 | You can stick to the buildbot documentation:@ | ||
1659 | @uref{http://buildbot.net/buildbot/docs/current/manual/installation.html} | ||
1660 | @item Install the buildslave software on all nodes | ||
1661 | To install the buildslave on all nodes assigned to your slice you can use | ||
1662 | the tasklist @code{install_buildslave_fc8.xml} provided with GPLMT: | ||
1663 | |||
1664 | @example | ||
1665 | ./gplmt.py -c contrib/tumple_gnunet.conf -t \ | ||
1666 | contrib/tasklists/install_buildslave_fc8.xml -a -p <planetlab password> | ||
1667 | @end example | ||
1668 | |||
1669 | @item Create the buildmaster configuration and the slave setup commands | ||
1670 | |||
1671 | The master and the and the slaves have need to have credentials and the | ||
1672 | master has to have all nodes configured. This can be done with the | ||
1673 | @code{create_buildbot_configuration.py} script in the @code{scripts} | ||
1674 | directory | ||
1675 | |||
1676 | This scripts takes a list of nodes retrieved directly from PlanetLab or | ||
1677 | read from a file and a configuration template and creates: | ||
1678 | |||
1679 | @itemize @bullet | ||
1680 | @item a tasklist which can be executed with gplmt to setup the slaves | ||
1681 | @item a master.cfg file containing a PlanetLab nodes | ||
1682 | @end itemize | ||
1683 | |||
1684 | A configuration template is included in the <contrib>, most important is | ||
1685 | that the script replaces the following tags in the template: | ||
1686 | |||
1687 | %GPLMT_BUILDER_DEFINITION :@ GPLMT_BUILDER_SUMMARY@ GPLMT_SLAVES@ | ||
1688 | %GPLMT_SCHEDULER_BUILDERS | ||
1689 | |||
1690 | Create configuration for all nodes assigned to a slice:@ @code{@ | ||
1691 | ./create_buildbot_configuration.py -u <planetlab username> -p <planetlab | ||
1692 | password> -s <slice> -m <buildmaster+port> -t <template>@ }@ Create | ||
1693 | configuration for some nodes in a file:@ @code{@ | ||
1694 | ./create_buildbot_configuration.p -f <node_file> -m <buildmaster+port> -t | ||
1695 | <template>@ } | ||
1696 | |||
1697 | @item Copy the @code{master.cfg} to the buildmaster and start it | ||
1698 | Use @code{buildbot start <basedir>} to start the server | ||
1699 | @item Setup the buildslaves | ||
1700 | @end itemize | ||
1701 | |||
1702 | @c *********************************************************************** | ||
1703 | @node Why do i get an ssh error when using the regex profiler? | ||
1704 | @subsubsection Why do i get an ssh error when using the regex profiler? | ||
1705 | |||
1706 | Why do i get an ssh error "Permission denied (publickey,password)." when | ||
1707 | using the regex profiler although passwordless ssh to localhost works | ||
1708 | using publickey and ssh-agent? | ||
1709 | |||
1710 | You have to generate a public/private-key pair with no password:@ | ||
1711 | @code{ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_localhost}@ | ||
1712 | and then add the following to your ~/.ssh/config file: | ||
1713 | |||
1714 | @code{Host 127.0.0.1@ IdentityFile ~/.ssh/id_localhost} | ||
1715 | |||
1716 | now make sure your hostsfile looks like@ | ||
1717 | |||
1718 | [USERNAME]@@127.0.0.1:22@ | ||
1719 | [USERNAME]@@127.0.0.1:22 | ||
1720 | |||
1721 | You can test your setup by running `ssh 127.0.0.1` in a terminal and then | ||
1722 | in the opened session run it again. If you were not asked for a password | ||
1723 | on either login, then you should be good to go. | ||
1724 | |||
1725 | @c *********************************************************************** | ||
1726 | @node TESTBED Caveats | ||
1727 | @subsection TESTBED Caveats | ||
1728 | |||
1729 | This section documents a few caveats when using the GNUnet testbed | ||
1730 | subsystem. | ||
1731 | |||
1732 | |||
1733 | @c *********************************************************************** | ||
1734 | @menu | ||
1735 | * CORE must be started:: | ||
1736 | * ATS must want the connections:: | ||
1737 | @end menu | ||
1738 | |||
1739 | @node CORE must be started | ||
1740 | @subsubsection CORE must be started | ||
1741 | |||
1742 | A simple issue is #3993: Your configuration MUST somehow ensure that for | ||
1743 | each peer the CORE service is started when the peer is setup, otherwise | ||
1744 | TESTBED may fail to connect peers when the topology is initialized, as | ||
1745 | TESTBED will start some CORE services but not necessarily all (but it | ||
1746 | relies on all of them running). The easiest way is to set | ||
1747 | 'FORCESTART = YES' in the '[core]' section of the configuration file. | ||
1748 | Alternatively, having any service that directly or indirectly depends on | ||
1749 | CORE being started with FORCESTART will also do. This issue largely arises | ||
1750 | if users try to over-optimize by not starting any services with | ||
1751 | FORCESTART. | ||
1752 | |||
1753 | @c *********************************************************************** | ||
1754 | @node ATS must want the connections | ||
1755 | @subsubsection ATS must want the connections | ||
1756 | |||
1757 | When TESTBED sets up connections, it only offers the respective HELLO | ||
1758 | information to the TRANSPORT service. It is then up to the ATS service to | ||
1759 | @strong{decide} to use the connection. The ATS service will typically | ||
1760 | eagerly establish any connection if the number of total connections is | ||
1761 | low (relative to bandwidth). Details may further depend on the | ||
1762 | specific ATS backend that was configured. If ATS decides to NOT establish | ||
1763 | a connection (even though TESTBED provided the required information), then | ||
1764 | that connection will count as failed for TESTBED. Note that you can | ||
1765 | configure TESTBED to tolerate a certain number of connection failures | ||
1766 | (see '-e' option of gnunet-testbed-profiler). This issue largely arises | ||
1767 | for dense overlay topologies, especially if you try to create cliques | ||
1768 | with more than 20 peers. | ||
1769 | |||
1770 | @c *********************************************************************** | ||
1771 | @node libgnunetutil | ||
1772 | @section libgnunetutil | ||
1773 | |||
1774 | libgnunetutil is the fundamental library that all GNUnet code builds upon. | ||
1775 | Ideally, this library should contain most of the platform dependent code | ||
1776 | (except for user interfaces and really special needs that only few | ||
1777 | applications have). It is also supposed to offer basic services that most | ||
1778 | if not all GNUnet binaries require. The code of libgnunetutil is in the | ||
1779 | @file{src/util/} directory. The public interface to the library is in the | ||
1780 | gnunet_util.h header. The functions provided by libgnunetutil fall | ||
1781 | roughly into the following categories (in roughly the order of importance | ||
1782 | for new developers): | ||
1783 | |||
1784 | @itemize @bullet | ||
1785 | @item logging (common_logging.c) | ||
1786 | @item memory allocation (common_allocation.c) | ||
1787 | @item endianess conversion (common_endian.c) | ||
1788 | @item internationalization (common_gettext.c) | ||
1789 | @item String manipulation (string.c) | ||
1790 | @item file access (disk.c) | ||
1791 | @item buffered disk IO (bio.c) | ||
1792 | @item time manipulation (time.c) | ||
1793 | @item configuration parsing (configuration.c) | ||
1794 | @item command-line handling (getopt*.c) | ||
1795 | @item cryptography (crypto_*.c) | ||
1796 | @item data structures (container_*.c) | ||
1797 | @item CPS-style scheduling (scheduler.c) | ||
1798 | @item Program initialization (program.c) | ||
1799 | @item Networking (network.c, client.c, server*.c, service.c) | ||
1800 | @item message queueing (mq.c) | ||
1801 | @item bandwidth calculations (bandwidth.c) | ||
1802 | @item Other OS-related (os*.c, plugin.c, signal.c) | ||
1803 | @item Pseudonym management (pseudonym.c) | ||
1804 | @end itemize | ||
1805 | |||
1806 | It should be noted that only developers that fully understand this entire | ||
1807 | API will be able to write good GNUnet code. | ||
1808 | |||
1809 | Ideally, porting GNUnet should only require porting the gnunetutil | ||
1810 | library. More testcases for the gnunetutil APIs are therefore a great | ||
1811 | way to make porting of GNUnet easier. | ||
1812 | |||
1813 | @menu | ||
1814 | * Logging:: | ||
1815 | * Interprocess communication API (IPC):: | ||
1816 | * Cryptography API:: | ||
1817 | * Message Queue API:: | ||
1818 | * Service API:: | ||
1819 | * Optimizing Memory Consumption of GNUnet's (Multi-) Hash Maps:: | ||
1820 | * The CONTAINER_MDLL API:: | ||
1821 | @end menu | ||
1822 | |||
1823 | @c *********************************************************************** | ||
1824 | @node Logging | ||
1825 | @subsection Logging | ||
1826 | |||
1827 | GNUnet is able to log its activity, mostly for the purposes of debugging | ||
1828 | the program at various levels. | ||
1829 | |||
1830 | @file{gnunet_common.h} defines several @strong{log levels}: | ||
1831 | @table @asis | ||
1832 | |||
1833 | @item ERROR for errors (really problematic situations, often leading to | ||
1834 | crashes) | ||
1835 | @item WARNING for warnings (troubling situations that might have | ||
1836 | negative consequences, although not fatal) | ||
1837 | @item INFO for various information. | ||
1838 | Used somewhat rarely, as GNUnet statistics is used to hold and display | ||
1839 | most of the information that users might find interesting. | ||
1840 | @item DEBUG for debugging. | ||
1841 | Does not produce much output on normal builds, but when extra logging is | ||
1842 | enabled at compile time, a staggering amount of data is outputted under | ||
1843 | this log level. | ||
1844 | @end table | ||
1845 | |||
1846 | |||
1847 | Normal builds of GNUnet (configured with @code{--enable-logging[=yes]}) | ||
1848 | are supposed to log nothing under DEBUG level. The | ||
1849 | @code{--enable-logging=verbose} configure option can be used to create a | ||
1850 | build with all logging enabled. However, such build will produce large | ||
1851 | amounts of log data, which is inconvenient when one tries to hunt down a | ||
1852 | specific problem. | ||
1853 | |||
1854 | To mitigate this problem, GNUnet provides facilities to apply a filter to | ||
1855 | reduce the logs: | ||
1856 | @table @asis | ||
1857 | |||
1858 | @item Logging by default When no log levels are configured in any other | ||
1859 | way (see below), GNUnet will default to the WARNING log level. This | ||
1860 | mostly applies to GNUnet command line utilities, services and daemons; | ||
1861 | tests will always set log level to WARNING or, if | ||
1862 | @code{--enable-logging=verbose} was passed to configure, to DEBUG. The | ||
1863 | default level is suggested for normal operation. | ||
1864 | @item The -L option Most GNUnet executables accept an "-L loglevel" or | ||
1865 | "--log=loglevel" option. If used, it makes the process set a global log | ||
1866 | level to "loglevel". Thus it is possible to run some processes | ||
1867 | with -L DEBUG, for example, and others with -L ERROR to enable specific | ||
1868 | settings to diagnose problems with a particular process. | ||
1869 | @item Configuration files. Because GNUnet | ||
1870 | service and deamon processes are usually launched by gnunet-arm, it is not | ||
1871 | possible to pass different custom command line options directly to every | ||
1872 | one of them. The options passed to @code{gnunet-arm} only affect | ||
1873 | gnunet-arm and not the rest of GNUnet. However, one can specify a | ||
1874 | configuration key "OPTIONS" in the section that corresponds to a service | ||
1875 | or a daemon, and put a value of "-L loglevel" there. This will make the | ||
1876 | respective service or daemon set its log level to "loglevel" (as the | ||
1877 | value of OPTIONS will be passed as a command-line argument). | ||
1878 | |||
1879 | To specify the same log level for all services without creating separate | ||
1880 | "OPTIONS" entries in the configuration for each one, the user can specify | ||
1881 | a config key "GLOBAL_POSTFIX" in the [arm] section of the configuration | ||
1882 | file. The value of GLOBAL_POSTFIX will be appended to all command lines | ||
1883 | used by the ARM service to run other services. It can contain any option | ||
1884 | valid for all GNUnet commands, thus in particular the "-L loglevel" | ||
1885 | option. The ARM service itself is, however, unaffected by GLOBAL_POSTFIX; | ||
1886 | to set log level for it, one has to specify "OPTIONS" key in the [arm] | ||
1887 | section. | ||
1888 | @item Environment variables. | ||
1889 | Setting global per-process log levels with "-L loglevel" does not offer | ||
1890 | sufficient log filtering granularity, as one service will call interface | ||
1891 | libraries and supporting libraries of other GNUnet services, potentially | ||
1892 | producing lots of debug log messages from these libraries. Also, changing | ||
1893 | the config file is not always convenient (especially when running the | ||
1894 | GNUnet test suite).@ To fix that, and to allow GNUnet to use different | ||
1895 | log filtering at runtime without re-compiling the whole source tree, the | ||
1896 | log calls were changed to be configurable at run time. To configure them | ||
1897 | one has to define environment variables "GNUNET_FORCE_LOGFILE", | ||
1898 | "GNUNET_LOG" and/or "GNUNET_FORCE_LOG": | ||
1899 | @itemize @bullet | ||
1900 | |||
1901 | @item "GNUNET_LOG" only affects the logging when no global log level is | ||
1902 | configured by any other means (that is, the process does not explicitly | ||
1903 | set its own log level, there are no "-L loglevel" options on command line | ||
1904 | or in configuration files), and can be used to override the default | ||
1905 | WARNING log level. | ||
1906 | |||
1907 | @item "GNUNET_FORCE_LOG" will completely override any other log | ||
1908 | configuration options given. | ||
1909 | |||
1910 | @item "GNUNET_FORCE_LOGFILE" will completely override the location of the | ||
1911 | file to log messages to. It should contain a relative or absolute file | ||
1912 | name. Setting GNUNET_FORCE_LOGFILE is equivalent to passing | ||
1913 | "--log-file=logfile" or "-l logfile" option (see below). It supports "[]" | ||
1914 | format in file names, but not "@{@}" (see below). | ||
1915 | @end itemize | ||
1916 | |||
1917 | |||
1918 | Because environment variables are inherited by child processes when they | ||
1919 | are launched, starting or re-starting the ARM service with these | ||
1920 | variables will propagate them to all other services. | ||
1921 | |||
1922 | "GNUNET_LOG" and "GNUNET_FORCE_LOG" variables must contain a specially | ||
1923 | formatted @strong{logging definition} string, which looks like this:@ | ||
1924 | |||
1925 | @example | ||
1926 | [component];[file];[function];[from_line[-to_line]];loglevel[/component...] | ||
1927 | @end example | ||
1928 | |||
1929 | That is, a logging definition consists of definition entries, separated by | ||
1930 | slashes ('/'). If only one entry is present, there is no need to add a | ||
1931 | slash to its end (although it is not forbidden either).@ All definition | ||
1932 | fields (component, file, function, lines and loglevel) are mandatory, but | ||
1933 | (except for the loglevel) they can be empty. An empty field means | ||
1934 | "match anything". Note that even if fields are empty, the semicolon (';') | ||
1935 | separators must be present.@ The loglevel field is mandatory, and must | ||
1936 | contain one of the log level names (ERROR, WARNING, INFO or DEBUG).@ | ||
1937 | The lines field might contain one non-negative number, in which case it | ||
1938 | matches only one line, or a range "from_line-to_line", in which case it | ||
1939 | matches any line in the interval [from_line;to_line] (that is, including | ||
1940 | both start and end line).@ GNUnet mostly defaults component name to the | ||
1941 | name of the service that is implemented in a process ('transport', | ||
1942 | 'core', 'peerinfo', etc), but logging calls can specify custom component | ||
1943 | names using @code{GNUNET_log_from}.@ File name and function name are | ||
1944 | provided by the compiler (__FILE__ and __FUNCTION__ built-ins). | ||
1945 | |||
1946 | Component, file and function fields are interpreted as non-extended | ||
1947 | regular expressions (GNU libc regex functions are used). Matching is | ||
1948 | case-sensitive, "^" and "$" will match the beginning and the end of the | ||
1949 | text. If a field is empty, its contents are automatically replaced with | ||
1950 | a ".*" regular expression, which matches anything. Matching is done in | ||
1951 | the default way, which means that the expression matches as long as it's | ||
1952 | contained anywhere in the string. Thus "GNUNET_" will match both | ||
1953 | "GNUNET_foo" and "BAR_GNUNET_BAZ". Use '^' and/or '$' to make sure that | ||
1954 | the expression matches at the start and/or at the end of the string. | ||
1955 | The semicolon (';') can't be escaped, and GNUnet will not use it in | ||
1956 | component names (it can't be used in function names and file names | ||
1957 | anyway). | ||
1958 | |||
1959 | @end table | ||
1960 | |||
1961 | |||
1962 | Every logging call in GNUnet code will be (at run time) matched against | ||
1963 | the log definitions passed to the process. If a log definition fields are | ||
1964 | matching the call arguments, then the call log level is compared the the | ||
1965 | log level of that definition. If the call log level is less or equal to | ||
1966 | the definition log level, the call is allowed to proceed. Otherwise the | ||
1967 | logging call is forbidden, and nothing is logged. If no definitions | ||
1968 | matched at all, GNUnet will use the global log level or (if a global log | ||
1969 | level is not specified) will default to WARNING (that is, it will allow | ||
1970 | the call to proceed, if its level is less or equal to the global log | ||
1971 | level or to WARNING). | ||
1972 | |||
1973 | That is, definitions are evaluated from left to right, and the first | ||
1974 | matching definition is used to allow or deny the logging call. Thus it is | ||
1975 | advised to place narrow definitions at the beginning of the logdef | ||
1976 | string, and generic definitions - at the end. | ||
1977 | |||
1978 | Whether a call is allowed or not is only decided the first time this | ||
1979 | particular call is made. The evaluation result is then cached, so that | ||
1980 | any attempts to make the same call later will be allowed or disallowed | ||
1981 | right away. Because of that runtime log level evaluation should not | ||
1982 | significantly affect the process performance. | ||
1983 | Log definition parsing is only done once, at the first call to | ||
1984 | GNUNET_log_setup () made by the process (which is usually done soon after | ||
1985 | it starts). | ||
1986 | |||
1987 | At the moment of writing there is no way to specify logging definitions | ||
1988 | from configuration files, only via environment variables. | ||
1989 | |||
1990 | At the moment GNUnet will stop processing a log definition when it | ||
1991 | encounters an error in definition formatting or an error in regular | ||
1992 | expression syntax, and will not report the failure in any way. | ||
1993 | |||
1994 | |||
1995 | @c *********************************************************************** | ||
1996 | @menu | ||
1997 | * Examples:: | ||
1998 | * Log files:: | ||
1999 | * Updated behavior of GNUNET_log:: | ||
2000 | @end menu | ||
2001 | |||
2002 | @node Examples | ||
2003 | @subsubsection Examples | ||
2004 | |||
2005 | @table @asis | ||
2006 | |||
2007 | @item @code{GNUNET_FORCE_LOG=";;;;DEBUG" gnunet-arm -s} Start GNUnet | ||
2008 | process tree, running all processes with DEBUG level (one should be | ||
2009 | careful with it, as log files will grow at alarming rate!) | ||
2010 | @item @code{GNUNET_FORCE_LOG="core;;;;DEBUG" gnunet-arm -s} Start GNUnet | ||
2011 | process tree, running the core service under DEBUG level (everything else | ||
2012 | will use configured or default level). | ||
2013 | |||
2014 | @item Start GNUnet process tree, allowing any logging calls from | ||
2015 | gnunet-service-transport_validation.c (everything else will use | ||
2016 | configured or default level). | ||
2017 | |||
2018 | @example | ||
2019 | GNUNET_FORCE_LOG=";gnunet-service-transport_validation.c;;; DEBUG" \ | ||
2020 | gnunet-arm -s | ||
2021 | @end example | ||
2022 | |||
2023 | @item Start GNUnet process tree, allowing any logging calls from | ||
2024 | gnunet-gnunet-service-fs_push.c (everything else will use configured or | ||
2025 | default level). | ||
2026 | |||
2027 | @example | ||
2028 | GNUNET_FORCE_LOG="fs;gnunet-service-fs_push.c;;;DEBUG" gnunet-arm -s | ||
2029 | @end example | ||
2030 | |||
2031 | @item Start GNUnet process tree, allowing any logging calls from the | ||
2032 | GNUNET_NETWORK_socket_select function (everything else will use | ||
2033 | configured or default level). | ||
2034 | |||
2035 | @example | ||
2036 | GNUNET_FORCE_LOG=";;GNUNET_NETWORK_socket_select;;DEBUG" gnunet-arm -s | ||
2037 | @end example | ||
2038 | |||
2039 | @item Start GNUnet process tree, allowing any logging calls from the | ||
2040 | components that have "transport" in their names, and are made from | ||
2041 | function that have "send" in their names. Everything else will be allowed | ||
2042 | to be logged only if it has WARNING level. | ||
2043 | |||
2044 | @example | ||
2045 | GNUNET_FORCE_LOG="transport.*;;.*send.*;;DEBUG/;;;;WARNING" gnunet-arm -s | ||
2046 | @end example | ||
2047 | |||
2048 | @end table | ||
2049 | |||
2050 | |||
2051 | On Windows, one can use batch files to run GNUnet processes with special | ||
2052 | environment variables, without affecting the whole system. Such batch | ||
2053 | file will look like this: | ||
2054 | |||
2055 | @example | ||
2056 | set GNUNET_FORCE_LOG=;;do_transmit;;DEBUG@ gnunet-arm -s | ||
2057 | @end example | ||
2058 | |||
2059 | (note the absence of double quotes in the environment variable definition, | ||
2060 | as opposed to earlier examples, which use the shell). | ||
2061 | Another limitation, on Windows, GNUNET_FORCE_LOGFILE @strong{MUST} be set | ||
2062 | in order to GNUNET_FORCE_LOG to work. | ||
2063 | |||
2064 | |||
2065 | @c *********************************************************************** | ||
2066 | @node Log files | ||
2067 | @subsubsection Log files | ||
2068 | |||
2069 | GNUnet can be told to log everything into a file instead of stderr (which | ||
2070 | is the default) using the "--log-file=logfile" or "-l logfile" option. | ||
2071 | This option can also be passed via command line, or from the "OPTION" and | ||
2072 | "GLOBAL_POSTFIX" configuration keys (see above). The file name passed | ||
2073 | with this option is subject to GNUnet filename expansion. If specified in | ||
2074 | "GLOBAL_POSTFIX", it is also subject to ARM service filename expansion, | ||
2075 | in particular, it may contain "@{@}" (left and right curly brace) | ||
2076 | sequence, which will be replaced by ARM with the name of the service. | ||
2077 | This is used to keep logs from more than one service separate, while only | ||
2078 | specifying one template containing "@{@}" in GLOBAL_POSTFIX. | ||
2079 | |||
2080 | As part of a secondary file name expansion, the first occurrence of "[]" | ||
2081 | sequence ("left square brace" followed by "right square brace") in the | ||
2082 | file name will be replaced with a process identifier or the process when | ||
2083 | it initializes its logging subsystem. As a result, all processes will log | ||
2084 | into different files. This is convenient for isolating messages of a | ||
2085 | particular process, and prevents I/O races when multiple processes try to | ||
2086 | write into the file at the same time. This expansion is done | ||
2087 | independently of "@{@}" expansion that ARM service does (see above). | ||
2088 | |||
2089 | The log file name that is specified via "-l" can contain format characters | ||
2090 | from the 'strftime' function family. For example, "%Y" will be replaced | ||
2091 | with the current year. Using "basename-%Y-%m-%d.log" would include the | ||
2092 | current year, month and day in the log file. If a GNUnet process runs for | ||
2093 | long enough to need more than one log file, it will eventually clean up | ||
2094 | old log files. Currently, only the last three log files (plus the current | ||
2095 | log file) are preserved. So once the fifth log file goes into use (so | ||
2096 | after 4 days if you use "%Y-%m-%d" as above), the first log file will be | ||
2097 | automatically deleted. Note that if your log file name only contains "%Y", | ||
2098 | then log files would be kept for 4 years and the logs from the first year | ||
2099 | would be deleted once year 5 begins. If you do not use any date-related | ||
2100 | string format codes, logs would never be automatically deleted by GNUnet. | ||
2101 | |||
2102 | |||
2103 | @c *********************************************************************** | ||
2104 | |||
2105 | @node Updated behavior of GNUNET_log | ||
2106 | @subsubsection Updated behavior of GNUNET_log | ||
2107 | |||
2108 | It's currently quite common to see constructions like this all over the | ||
2109 | code: | ||
2110 | |||
2111 | @example | ||
2112 | #if MESH_DEBUG | ||
2113 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "MESH: client disconnected\n"); | ||
2114 | #endif | ||
2115 | @end example | ||
2116 | |||
2117 | The reason for the #if is not to avoid displaying the message when | ||
2118 | disabled (GNUNET_ERROR_TYPE takes care of that), but to avoid the | ||
2119 | compiler including it in the binary at all, when compiling GNUnet for | ||
2120 | platforms with restricted storage space / memory (MIPS routers, | ||
2121 | ARM plug computers / dev boards, etc). | ||
2122 | |||
2123 | This presents several problems: the code gets ugly, hard to write and it | ||
2124 | is very easy to forget to include the #if guards, creating non-consistent | ||
2125 | code. A new change in GNUNET_log aims to solve these problems. | ||
2126 | |||
2127 | @strong{This change requires to @file{./configure} with at least | ||
2128 | @code{--enable-logging=verbose} to see debug messages.} | ||
2129 | |||
2130 | Here is an example of code with dense debug statements: | ||
2131 | |||
2132 | @example | ||
2133 | switch (restrict_topology) @{ | ||
2134 | case GNUNET_TESTING_TOPOLOGY_CLIQUE:#if VERBOSE_TESTING | ||
2135 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, _("Blacklisting all but clique | ||
2136 | topology\n")); #endif unblacklisted_connections = create_clique (pg, | ||
2137 | &remove_connections, BLACKLIST, GNUNET_NO); break; case | ||
2138 | GNUNET_TESTING_TOPOLOGY_SMALL_WORLD_RING: #if VERBOSE_TESTING GNUNET_log | ||
2139 | (GNUNET_ERROR_TYPE_DEBUG, _("Blacklisting all but small world (ring) | ||
2140 | topology\n")); #endif unblacklisted_connections = create_small_world_ring | ||
2141 | (pg,&remove_connections, BLACKLIST); break; | ||
2142 | @end example | ||
2143 | |||
2144 | |||
2145 | Pretty hard to follow, huh? | ||
2146 | |||
2147 | From now on, it is not necessary to include the #if / #endif statements to | ||
2148 | achieve the same behavior. The GNUNET_log and GNUNET_log_from macros take | ||
2149 | care of it for you, depending on the configure option: | ||
2150 | |||
2151 | @itemize @bullet | ||
2152 | @item If @code{--enable-logging} is set to @code{no}, the binary will | ||
2153 | contain no log messages at all. | ||
2154 | @item If @code{--enable-logging} is set to @code{yes}, the binary will | ||
2155 | contain no DEBUG messages, and therefore running with -L DEBUG will have | ||
2156 | no effect. Other messages (ERROR, WARNING, INFO, etc) will be included. | ||
2157 | @item If @code{--enable-logging} is set to @code{verbose}, or | ||
2158 | @code{veryverbose} the binary will contain DEBUG messages (still, it will | ||
2159 | be neccessary to run with -L DEBUG or set the DEBUG config option to show | ||
2160 | them). | ||
2161 | @end itemize | ||
2162 | |||
2163 | |||
2164 | If you are a developer: | ||
2165 | @itemize @bullet | ||
2166 | @item please make sure that you @code{./configure | ||
2167 | --enable-logging=@{verbose,veryverbose@}}, so you can see DEBUG messages. | ||
2168 | @item please remove the @code{#if} statements around @code{GNUNET_log | ||
2169 | (GNUNET_ERROR_TYPE_DEBUG, ...)} lines, to improve the readibility of your | ||
2170 | code. | ||
2171 | @end itemize | ||
2172 | |||
2173 | Since now activating DEBUG automatically makes it VERBOSE and activates | ||
2174 | @strong{all} debug messages by default, you probably want to use the | ||
2175 | https://gnunet.org/logging functionality to filter only relevant messages. | ||
2176 | A suitable configuration could be: | ||
2177 | |||
2178 | @example | ||
2179 | $ export GNUNET_FORCE_LOG="^YOUR_SUBSYSTEM$;;;;DEBUG/;;;;WARNING" | ||
2180 | @end example | ||
2181 | |||
2182 | Which will behave almost like enabling DEBUG in that subsytem before the | ||
2183 | change. Of course you can adapt it to your particular needs, this is only | ||
2184 | a quick example. | ||
2185 | |||
2186 | @c *********************************************************************** | ||
2187 | @node Interprocess communication API (IPC) | ||
2188 | @subsection Interprocess communication API (IPC) | ||
2189 | |||
2190 | In GNUnet a variety of new message types might be defined and used in | ||
2191 | interprocess communication, in this tutorial we use the | ||
2192 | @code{struct AddressLookupMessage} as a example to introduce how to | ||
2193 | construct our own message type in GNUnet and how to implement the message | ||
2194 | communication between service and client. | ||
2195 | (Here, a client uses the @code{struct AddressLookupMessage} as a request | ||
2196 | to ask the server to return the address of any other peer connecting to | ||
2197 | the service.) | ||
2198 | |||
2199 | |||
2200 | @c *********************************************************************** | ||
2201 | @menu | ||
2202 | * Define new message types:: | ||
2203 | * Define message struct:: | ||
2204 | * Client - Establish connection:: | ||
2205 | * Client - Initialize request message:: | ||
2206 | * Client - Send request and receive response:: | ||
2207 | * Server - Startup service:: | ||
2208 | * Server - Add new handles for specified messages:: | ||
2209 | * Server - Process request message:: | ||
2210 | * Server - Response to client:: | ||
2211 | * Server - Notification of clients:: | ||
2212 | * Conversion between Network Byte Order (Big Endian) and Host Byte Order:: | ||
2213 | @end menu | ||
2214 | |||
2215 | @node Define new message types | ||
2216 | @subsubsection Define new message types | ||
2217 | |||
2218 | First of all, you should define the new message type in | ||
2219 | @file{gnunet_protocols.h}: | ||
2220 | |||
2221 | @example | ||
2222 | // Request to look addresses of peers in server. | ||
2223 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_ADDRESS_LOOKUP 29 | ||
2224 | // Response to the address lookup request. | ||
2225 | #define GNUNET_MESSAGE_TYPE_TRANSPORT_ADDRESS_REPLY 30 | ||
2226 | @end example | ||
2227 | |||
2228 | @c *********************************************************************** | ||
2229 | @node Define message struct | ||
2230 | @subsubsection Define message struct | ||
2231 | |||
2232 | After the type definition, the specified message structure should also be | ||
2233 | described in the header file, e.g. transport.h in our case. | ||
2234 | @example | ||
2235 | GNUNET_NETWORK_STRUCT_BEGIN | ||
2236 | |||
2237 | struct AddressLookupMessage @{ struct GNUNET_MessageHeader header; int32_t | ||
2238 | numeric_only GNUNET_PACKED; struct GNUNET_TIME_AbsoluteNBO timeout; uint32_t | ||
2239 | addrlen GNUNET_PACKED; | ||
2240 | /* followed by 'addrlen' bytes of the actual address, then | ||
2241 | followed by the 0-terminated name of the transport */ @}; | ||
2242 | GNUNET_NETWORK_STRUCT_END | ||
2243 | @end example | ||
2244 | |||
2245 | |||
2246 | Please note @code{GNUNET_NETWORK_STRUCT_BEGIN} and @code{GNUNET_PACKED} | ||
2247 | which both ensure correct alignment when sending structs over the network. | ||
2248 | |||
2249 | @menu | ||
2250 | @end menu | ||
2251 | |||
2252 | @c *********************************************************************** | ||
2253 | @node Client - Establish connection | ||
2254 | @subsubsection Client - Establish connection | ||
2255 | @c %**end of header | ||
2256 | |||
2257 | |||
2258 | At first, on the client side, the underlying API is employed to create a | ||
2259 | new connection to a service, in our example the transport service would be | ||
2260 | connected. | ||
2261 | |||
2262 | @example | ||
2263 | struct GNUNET_CLIENT_Connection *client; client = | ||
2264 | GNUNET_CLIENT_connect ("transport", cfg); | ||
2265 | @end example | ||
2266 | |||
2267 | @c *********************************************************************** | ||
2268 | @node Client - Initialize request message | ||
2269 | @subsubsection Client - Initialize request message | ||
2270 | @c %**end of header | ||
2271 | |||
2272 | When the connection is ready, we initialize the message. In this step, | ||
2273 | all the fields of the message should be properly initialized, namely the | ||
2274 | size, type, and some extra user-defined data, such as timeout, name of | ||
2275 | transport, address and name of transport. | ||
2276 | |||
2277 | @example | ||
2278 | struct AddressLookupMessage *msg; size_t len = | ||
2279 | sizeof (struct AddressLookupMessage) + addressLen + strlen (nameTrans) + 1; | ||
2280 | msg->header->size = htons (len); msg->header->type = htons | ||
2281 | (GNUNET_MESSAGE_TYPE_TRANSPORT_ADDRESS_LOOKUP); msg->timeout = | ||
2282 | GNUNET_TIME_absolute_hton (abs_timeout); msg->addrlen = htonl (addressLen); | ||
2283 | char *addrbuf = (char *) &msg[1]; memcpy (addrbuf, address, addressLen); char | ||
2284 | *tbuf = &addrbuf[addressLen]; memcpy (tbuf, nameTrans, strlen (nameTrans) + 1); | ||
2285 | @end example | ||
2286 | |||
2287 | Note that, here the functions @code{htonl}, @code{htons} and | ||
2288 | @code{GNUNET_TIME_absolute_hton} are applied to convert little endian | ||
2289 | into big endian, about the usage of the big/small edian order and the | ||
2290 | corresponding conversion function please refer to Introduction of | ||
2291 | Big Endian and Little Endian. | ||
2292 | |||
2293 | @c *********************************************************************** | ||
2294 | @node Client - Send request and receive response | ||
2295 | @subsubsection Client - Send request and receive response | ||
2296 | @c %**end of header | ||
2297 | |||
2298 | @b{FIXME: This is very outdated, see the tutorial for the current API!} | ||
2299 | |||
2300 | Next, the client would send the constructed message as a request to the | ||
2301 | service and wait for the response from the service. To accomplish this | ||
2302 | goal, there are a number of API calls that can be used. In this example, | ||
2303 | @code{GNUNET_CLIENT_transmit_and_get_response} is chosen as the most | ||
2304 | appropriate function to use. | ||
2305 | |||
2306 | @example | ||
2307 | GNUNET_CLIENT_transmit_and_get_response | ||
2308 | (client, msg->header, timeout, GNUNET_YES, &address_response_processor, | ||
2309 | arp_ctx); | ||
2310 | @end example | ||
2311 | |||
2312 | the argument @code{address_response_processor} is a function with | ||
2313 | @code{GNUNET_CLIENT_MessageHandler} type, which is used to process the | ||
2314 | reply message from the service. | ||
2315 | |||
2316 | @node Server - Startup service | ||
2317 | @subsubsection Server - Startup service | ||
2318 | |||
2319 | After receiving the request message, we run a standard GNUnet service | ||
2320 | startup sequence using @code{GNUNET_SERVICE_run}, as follows, | ||
2321 | |||
2322 | @example | ||
2323 | int main(int | ||
2324 | argc, char**argv) @{ GNUNET_SERVICE_run(argc, argv, "transport" | ||
2325 | GNUNET_SERVICE_OPTION_NONE, &run, NULL)); @} | ||
2326 | @end example | ||
2327 | |||
2328 | @c *********************************************************************** | ||
2329 | @node Server - Add new handles for specified messages | ||
2330 | @subsubsection Server - Add new handles for specified messages | ||
2331 | @c %**end of header | ||
2332 | |||
2333 | in the function above the argument @code{run} is used to initiate | ||
2334 | transport service,and defined like this: | ||
2335 | |||
2336 | @example | ||
2337 | static void run (void *cls, struct | ||
2338 | GNUNET_SERVER_Handle *serv, const struct GNUNET_CONFIGURATION_Handle *cfg) @{ | ||
2339 | GNUNET_SERVER_add_handlers (serv, handlers); @} | ||
2340 | @end example | ||
2341 | |||
2342 | |||
2343 | Here, @code{GNUNET_SERVER_add_handlers} must be called in the run | ||
2344 | function to add new handlers in the service. The parameter | ||
2345 | @code{handlers} is a list of @code{struct GNUNET_SERVER_MessageHandler} | ||
2346 | to tell the service which function should be called when a particular | ||
2347 | type of message is received, and should be defined in this way: | ||
2348 | |||
2349 | @example | ||
2350 | static struct GNUNET_SERVER_MessageHandler | ||
2351 | handlers[] = @{ @{&handle_start, NULL, GNUNET_MESSAGE_TYPE_TRANSPORT_START, | ||
2352 | 0@}, @{&handle_send, NULL, GNUNET_MESSAGE_TYPE_TRANSPORT_SEND, 0@}, | ||
2353 | @{&handle_try_connect, NULL, GNUNET_MESSAGE_TYPE_TRANSPORT_TRY_CONNECT, sizeof | ||
2354 | (struct TryConnectMessage)@}, @{&handle_address_lookup, NULL, | ||
2355 | GNUNET_MESSAGE_TYPE_TRANSPORT_ADDRESS_LOOKUP, 0@}, @{NULL, NULL, 0, 0@} @}; | ||
2356 | @end example | ||
2357 | |||
2358 | |||
2359 | As shown, the first member of the struct in the first area is a callback | ||
2360 | function, which is called to process the specified message types, given | ||
2361 | as the third member. The second parameter is the closure for the callback | ||
2362 | function, which is set to @code{NULL} in most cases, and the last | ||
2363 | parameter is the expected size of the message of this type, usually we | ||
2364 | set it to 0 to accept variable size, for special cases the exact size of | ||
2365 | the specified message also can be set. In addition, the terminator sign | ||
2366 | depicted as @code{@{NULL, NULL, 0, 0@}} is set in the last aera. | ||
2367 | |||
2368 | @c *********************************************************************** | ||
2369 | @node Server - Process request message | ||
2370 | @subsubsection Server - Process request message | ||
2371 | @c %**end of header | ||
2372 | |||
2373 | After the initialization of transport service, the request message would | ||
2374 | be processed. Before handling the main message data, the validity of this | ||
2375 | message should be checked out, e.g., to check whether the size of message | ||
2376 | is correct. | ||
2377 | |||
2378 | @example | ||
2379 | size = ntohs (message->size); if (size < sizeof (struct | ||
2380 | AddressLookupMessage)) @{ GNUNET_break_op (0); GNUNET_SERVER_receive_done | ||
2381 | (client, GNUNET_SYSERR); return; @} | ||
2382 | @end example | ||
2383 | |||
2384 | |||
2385 | Note that, opposite to the construction method of the request message in | ||
2386 | the client, in the server the function @code{nothl} and @code{ntohs} | ||
2387 | should be employed during the extraction of the data from the message, so | ||
2388 | that the data in big endian order can be converted back into little | ||
2389 | endian order. See more in detail please refer to Introduction of | ||
2390 | Big Endian and Little Endian. | ||
2391 | |||
2392 | Moreover in this example, the name of the transport stored in the message | ||
2393 | is a 0-terminated string, so we should also check whether the name of the | ||
2394 | transport in the received message is 0-terminated: | ||
2395 | |||
2396 | @example | ||
2397 | nameTransport = (const char *) | ||
2398 | &address[addressLen]; if (nameTransport[size - sizeof (struct | ||
2399 | AddressLookupMessage) | ||
2400 | - addressLen - 1] != '\0') @{ GNUNET_break_op | ||
2401 | (0); GNUNET_SERVER_receive_done (client, | ||
2402 | GNUNET_SYSERR); return; @} | ||
2403 | @end example | ||
2404 | |||
2405 | Here, @code{GNUNET_SERVER_receive_done} should be called to tell the | ||
2406 | service that the request is done and can receive the next message. The | ||
2407 | argument @code{GNUNET_SYSERR} here indicates that the service didn't | ||
2408 | understand the request message, and the processing of this request would | ||
2409 | be terminated. | ||
2410 | |||
2411 | In comparison to the aforementioned situation, when the argument is equal | ||
2412 | to @code{GNUNET_OK}, the service would continue to process the requst | ||
2413 | message. | ||
2414 | |||
2415 | @c *********************************************************************** | ||
2416 | @node Server - Response to client | ||
2417 | @subsubsection Server - Response to client | ||
2418 | @c %**end of header | ||
2419 | |||
2420 | Once the processing of current request is done, the server should give the | ||
2421 | response to the client. A new @code{struct AddressLookupMessage} would be | ||
2422 | produced by the server in a similar way as the client did and sent to the | ||
2423 | client, but here the type should be | ||
2424 | @code{GNUNET_MESSAGE_TYPE_TRANSPORT_ADDRESS_REPLY} rather than | ||
2425 | @code{GNUNET_MESSAGE_TYPE_TRANSPORT_ADDRESS_LOOKUP} in client. | ||
2426 | @example | ||
2427 | struct | ||
2428 | AddressLookupMessage *msg; size_t len = sizeof (struct AddressLookupMessage) + | ||
2429 | addressLen + strlen (nameTrans) + 1; msg->header->size = htons (len); | ||
2430 | msg->header->type = htons (GNUNET_MESSAGE_TYPE_TRANSPORT_ADDRESS_REPLY); | ||
2431 | |||
2432 | // ... | ||
2433 | |||
2434 | struct GNUNET_SERVER_TransmitContext *tc; tc = | ||
2435 | GNUNET_SERVER_transmit_context_create (client); | ||
2436 | GNUNET_SERVER_transmit_context_append_data (tc, NULL, 0, | ||
2437 | GNUNET_MESSAGE_TYPE_TRANSPORT_ADDRESS_REPLY); | ||
2438 | GNUNET_SERVER_transmit_context_run (tc, rtimeout); | ||
2439 | @end example | ||
2440 | |||
2441 | |||
2442 | Note that, there are also a number of other APIs provided to the service | ||
2443 | to send the message. | ||
2444 | |||
2445 | @c *********************************************************************** | ||
2446 | @node Server - Notification of clients | ||
2447 | @subsubsection Server - Notification of clients | ||
2448 | @c %**end of header | ||
2449 | |||
2450 | Often a service needs to (repeatedly) transmit notifications to a client | ||
2451 | or a group of clients. In these cases, the client typically has once | ||
2452 | registered for a set of events and then needs to receive a message | ||
2453 | whenever such an event happens (until the client disconnects). The use of | ||
2454 | a notification context can help manage message queues to clients and | ||
2455 | handle disconnects. Notification contexts can be used to send | ||
2456 | individualized messages to a particular client or to broadcast messages | ||
2457 | to a group of clients. An individualized notification might look like | ||
2458 | this: | ||
2459 | |||
2460 | @example | ||
2461 | GNUNET_SERVER_notification_context_unicast(nc, | ||
2462 | client, msg, GNUNET_YES); | ||
2463 | @end example | ||
2464 | |||
2465 | |||
2466 | Note that after processing the original registration message for | ||
2467 | notifications, the server code still typically needs to call | ||
2468 | @code{GNUNET_SERVER_receive_done} so that the client can transmit further | ||
2469 | messages to the server. | ||
2470 | |||
2471 | @c *********************************************************************** | ||
2472 | @node Conversion between Network Byte Order (Big Endian) and Host Byte Order | ||
2473 | @subsubsection Conversion between Network Byte Order (Big Endian) and Host Byte Order | ||
2474 | @c %** subsub? it's a referenced page on the ipc document. | ||
2475 | @c %**end of header | ||
2476 | |||
2477 | Here we can simply comprehend big endian and little endian as Network Byte | ||
2478 | Order and Host Byte Order respectively. What is the difference between | ||
2479 | both two? | ||
2480 | |||
2481 | Usually in our host computer we store the data byte as Host Byte Order, | ||
2482 | for example, we store a integer in the RAM which might occupies 4 Byte, | ||
2483 | as Host Byte Order the higher Byte would be stored at the lower address | ||
2484 | of RAM, and the lower Byte would be stored at the higher address of RAM. | ||
2485 | However, contrast to this, Network Byte Order just take the totally | ||
2486 | opposite way to store the data, says, it will store the lower Byte at the | ||
2487 | lower address, and the higher Byte will stay at higher address. | ||
2488 | |||
2489 | For the current communication of network, we normally exchange the | ||
2490 | information by surveying the data package, every two host wants to | ||
2491 | communicate with each other must send and receive data package through | ||
2492 | network. In order to maintain the identity of data through the | ||
2493 | transmission in the network, the order of the Byte storage must changed | ||
2494 | before sending and after receiving the data. | ||
2495 | |||
2496 | There ten convenient functions to realize the conversion of Byte Order in | ||
2497 | GNUnet, as following: | ||
2498 | |||
2499 | @table @asis | ||
2500 | |||
2501 | @item uint16_t htons(uint16_t hostshort) Convert host byte order to net | ||
2502 | byte order with short int | ||
2503 | @item uint32_t htonl(uint32_t hostlong) Convert host byte | ||
2504 | order to net byte order with long int | ||
2505 | @item uint16_t ntohs(uint16_t netshort) | ||
2506 | Convert net byte order to host byte order with short int | ||
2507 | @item uint32_t | ||
2508 | ntohl(uint32_t netlong) Convert net byte order to host byte order with | ||
2509 | long int | ||
2510 | @item unsigned long long GNUNET_ntohll (unsigned long long netlonglong) | ||
2511 | Convert net byte order to host byte order with long long int | ||
2512 | @item unsigned long long GNUNET_htonll (unsigned long long hostlonglong) | ||
2513 | Convert host byte order to net byte order with long long int | ||
2514 | @item struct GNUNET_TIME_RelativeNBO GNUNET_TIME_relative_hton | ||
2515 | (struct GNUNET_TIME_Relative a) Convert relative time to network byte | ||
2516 | order. | ||
2517 | @item struct GNUNET_TIME_Relative GNUNET_TIME_relative_ntoh | ||
2518 | (struct GNUNET_TIME_RelativeNBO a) Convert relative time from network | ||
2519 | byte order. | ||
2520 | @item struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton | ||
2521 | (struct GNUNET_TIME_Absolute a) Convert relative time to network byte | ||
2522 | order. | ||
2523 | @item struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_ntoh | ||
2524 | (struct GNUNET_TIME_AbsoluteNBO a) Convert relative time from network | ||
2525 | byte order. | ||
2526 | @end table | ||
2527 | |||
2528 | @c *********************************************************************** | ||
2529 | |||
2530 | @node Cryptography API | ||
2531 | @subsection Cryptography API | ||
2532 | @c %**end of header | ||
2533 | |||
2534 | The gnunetutil APIs provides the cryptographic primitives used in GNUnet. | ||
2535 | GNUnet uses 2048 bit RSA keys for the session key exchange and for signing | ||
2536 | messages by peers and most other public-key operations. Most researchers | ||
2537 | in cryptography consider 2048 bit RSA keys as secure and practically | ||
2538 | unbreakable for a long time. The API provides functions to create a fresh | ||
2539 | key pair, read a private key from a file (or create a new file if the | ||
2540 | file does not exist), encrypt, decrypt, sign, verify and extraction of | ||
2541 | the public key into a format suitable for network transmission. | ||
2542 | |||
2543 | For the encryption of files and the actual data exchanged between peers | ||
2544 | GNUnet uses 256-bit AES encryption. Fresh, session keys are negotiated | ||
2545 | for every new connection.@ Again, there is no published technique to | ||
2546 | break this cipher in any realistic amount of time. The API provides | ||
2547 | functions for generation of keys, validation of keys (important for | ||
2548 | checking that decryptions using RSA succeeded), encryption and decryption. | ||
2549 | |||
2550 | GNUnet uses SHA-512 for computing one-way hash codes. The API provides | ||
2551 | functions to compute a hash over a block in memory or over a file on disk. | ||
2552 | |||
2553 | The crypto API also provides functions for randomizing a block of memory, | ||
2554 | obtaining a single random number and for generating a permuation of the | ||
2555 | numbers 0 to n-1. Random number generation distinguishes between WEAK and | ||
2556 | STRONG random number quality; WEAK random numbers are pseudo-random | ||
2557 | whereas STRONG random numbers use entropy gathered from the operating | ||
2558 | system. | ||
2559 | |||
2560 | Finally, the crypto API provides a means to deterministically generate a | ||
2561 | 1024-bit RSA key from a hash code. These functions should most likely not | ||
2562 | be used by most applications; most importantly, | ||
2563 | GNUNET_CRYPTO_rsa_key_create_from_hash does not create an RSA-key that | ||
2564 | should be considered secure for traditional applications of RSA. | ||
2565 | |||
2566 | @c *********************************************************************** | ||
2567 | @node Message Queue API | ||
2568 | @subsection Message Queue API | ||
2569 | @c %**end of header | ||
2570 | |||
2571 | @strong{ Introduction }@ | ||
2572 | Often, applications need to queue messages that | ||
2573 | are to be sent to other GNUnet peers, clients or services. As all of | ||
2574 | GNUnet's message-based communication APIs, by design, do not allow | ||
2575 | messages to be queued, it is common to implement custom message queues | ||
2576 | manually when they are needed. However, writing very similar code in | ||
2577 | multiple places is tedious and leads to code duplication. | ||
2578 | |||
2579 | MQ (for Message Queue) is an API that provides the functionality to | ||
2580 | implement and use message queues. We intend to eventually replace all of | ||
2581 | the custom message queue implementations in GNUnet with MQ. | ||
2582 | |||
2583 | @strong{ Basic Concepts }@ | ||
2584 | The two most important entities in MQ are queues and envelopes. | ||
2585 | |||
2586 | Every queue is backed by a specific implementation (e.g. for mesh, stream, | ||
2587 | connection, server client, etc.) that will actually deliver the queued | ||
2588 | messages. For convenience,@ some queues also allow to specify a list of | ||
2589 | message handlers. The message queue will then also wait for incoming | ||
2590 | messages and dispatch them appropriately. | ||
2591 | |||
2592 | An envelope holds the the memory for a message, as well as metadata | ||
2593 | (Where is the envelope queued? What should happen after it has been | ||
2594 | sent?). Any envelope can only be queued in one message queue. | ||
2595 | |||
2596 | @strong{ Creating Queues }@ | ||
2597 | The following is a list of currently available message queues. Note that | ||
2598 | to avoid layering issues, message queues for higher level APIs are not | ||
2599 | part of @code{libgnunetutil}, but@ the respective API itself provides the | ||
2600 | queue implementation. | ||
2601 | |||
2602 | @table @asis | ||
2603 | |||
2604 | @item @code{GNUNET_MQ_queue_for_connection_client} | ||
2605 | Transmits queued messages over a @code{GNUNET_CLIENT_Connection} handle. | ||
2606 | Also supports receiving with message handlers. | ||
2607 | |||
2608 | @item @code{GNUNET_MQ_queue_for_server_client} | ||
2609 | Transmits queued messages over a @code{GNUNET_SERVER_Client} handle. Does | ||
2610 | not support incoming message handlers. | ||
2611 | |||
2612 | @item @code{GNUNET_MESH_mq_create} Transmits queued messages over a | ||
2613 | @code{GNUNET_MESH_Tunnel} handle. Does not support incoming message | ||
2614 | handlers. | ||
2615 | |||
2616 | @item @code{GNUNET_MQ_queue_for_callbacks} This is the most general | ||
2617 | implementation. Instead of delivering and receiving messages with one of | ||
2618 | GNUnet's communication APIs, implementation callbacks are called. Refer to | ||
2619 | "Implementing Queues" for a more detailed explanation. | ||
2620 | @end table | ||
2621 | |||
2622 | |||
2623 | @strong{ Allocating Envelopes }@ | ||
2624 | A GNUnet message (as defined by the GNUNET_MessageHeader) has three | ||
2625 | parts: The size, the type, and the body. | ||
2626 | |||
2627 | MQ provides macros to allocate an envelope containing a message | ||
2628 | conveniently, automatically setting the size and type fields of the | ||
2629 | message. | ||
2630 | |||
2631 | Consider the following simple message, with the body consisting of a | ||
2632 | single number value. | ||
2633 | @c why the empy code function? | ||
2634 | @code{} | ||
2635 | |||
2636 | @example | ||
2637 | struct NumberMessage @{ | ||
2638 | /** Type: GNUNET_MESSAGE_TYPE_EXAMPLE_1 */ | ||
2639 | struct GNUNET_MessageHeader header; uint32_t number GNUNET_PACKED; @}; | ||
2640 | @end example | ||
2641 | |||
2642 | An envelope containing an instance of the NumberMessage can be | ||
2643 | constructed like this: | ||
2644 | |||
2645 | @example | ||
2646 | struct GNUNET_MQ_Envelope *ev; struct NumberMessage *msg; ev = | ||
2647 | GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_EXAMPLE_1); msg->number = htonl (42); | ||
2648 | @end example | ||
2649 | |||
2650 | In the above code, @code{GNUNET_MQ_msg} is a macro. The return value is | ||
2651 | the newly allocated envelope. The first argument must be a pointer to some | ||
2652 | @code{struct} containing a @code{struct GNUNET_MessageHeader header} | ||
2653 | field, while the second argument is the desired message type, in host | ||
2654 | byte order. | ||
2655 | |||
2656 | The @code{msg} pointer now points to an allocated message, where the | ||
2657 | message type and the message size are already set. The message's size is | ||
2658 | inferred from the type of the @code{msg} pointer: It will be set to | ||
2659 | 'sizeof(*msg)', properly converted to network byte order. | ||
2660 | |||
2661 | If the message body's size is dynamic, the the macro | ||
2662 | @code{GNUNET_MQ_msg_extra} can be used to allocate an envelope whose | ||
2663 | message has additional space allocated after the @code{msg} structure. | ||
2664 | |||
2665 | If no structure has been defined for the message, | ||
2666 | @code{GNUNET_MQ_msg_header_extra} can be used to allocate additional space | ||
2667 | after the message header. The first argument then must be a pointer to a | ||
2668 | @code{GNUNET_MessageHeader}. | ||
2669 | |||
2670 | @strong{Envelope Properties}@ | ||
2671 | A few functions in MQ allow to set additional properties on envelopes: | ||
2672 | |||
2673 | @table @asis | ||
2674 | |||
2675 | @item @code{GNUNET_MQ_notify_sent} Allows to specify a function that will | ||
2676 | be called once the envelope's message@ has been sent irrevocably. | ||
2677 | An envelope can be canceled precisely up to the@ point where the notify | ||
2678 | sent callback has been called. | ||
2679 | |||
2680 | @item @code{GNUNET_MQ_disable_corking} No corking will be used when | ||
2681 | sending the message. Not every@ queue supports this flag, per default, | ||
2682 | envelopes are sent with corking.@ | ||
2683 | |||
2684 | @end table | ||
2685 | |||
2686 | |||
2687 | @strong{Sending Envelopes}@ | ||
2688 | Once an envelope has been constructed, it can be queued for sending with | ||
2689 | @code{GNUNET_MQ_send}. | ||
2690 | |||
2691 | Note that in order to avoid memory leaks, an envelope must either be sent | ||
2692 | (the queue will free it) or destroyed explicitly with | ||
2693 | @code{GNUNET_MQ_discard}. | ||
2694 | |||
2695 | @strong{Canceling Envelopes}@ | ||
2696 | An envelope queued with @code{GNUNET_MQ_send} can be canceled with | ||
2697 | @code{GNUNET_MQ_cancel}. Note that after the notify sent callback has | ||
2698 | been called, canceling a message results in undefined behavior. | ||
2699 | Thus it is unsafe to cancel an envelope that does not have a notify sent | ||
2700 | callback. When canceling an envelope, it is not necessary@ to call | ||
2701 | @code{GNUNET_MQ_discard}, and the envelope can't be sent again. | ||
2702 | |||
2703 | @strong{ Implementing Queues }@ | ||
2704 | @code{TODO} | ||
2705 | |||
2706 | @c *********************************************************************** | ||
2707 | @node Service API | ||
2708 | @subsection Service API | ||
2709 | @c %**end of header | ||
2710 | |||
2711 | Most GNUnet code lives in the form of services. Services are processes | ||
2712 | that offer an API for other components of the system to build on. Those | ||
2713 | other components can be command-line tools for users, graphical user | ||
2714 | interfaces or other services. Services provide their API using an IPC | ||
2715 | protocol. For this, each service must listen on either a TCP port or a | ||
2716 | UNIX domain socket; for this, the service implementation uses the server | ||
2717 | API. This use of server is exposed directly to the users of the service | ||
2718 | API. Thus, when using the service API, one is usually also often using | ||
2719 | large parts of the server API. The service API provides various | ||
2720 | convenience functions, such as parsing command-line arguments and the | ||
2721 | configuration file, which are not found in the server API. | ||
2722 | The dual to the service/server API is the client API, which can be used to | ||
2723 | access services. | ||
2724 | |||
2725 | The most common way to start a service is to use the GNUNET_SERVICE_run | ||
2726 | function from the program's main function. GNUNET_SERVICE_run will then | ||
2727 | parse the command line and configuration files and, based on the options | ||
2728 | found there, start the server. It will then give back control to the main | ||
2729 | program, passing the server and the configuration to the | ||
2730 | GNUNET_SERVICE_Main callback. GNUNET_SERVICE_run will also take care of | ||
2731 | starting the scheduler loop. If this is inappropriate (for example, | ||
2732 | because the scheduler loop is already running), GNUNET_SERVICE_start and | ||
2733 | related functions provide an alternative to GNUNET_SERVICE_run. | ||
2734 | |||
2735 | When starting a service, the service_name option is used to determine | ||
2736 | which sections in the configuration file should be used to configure the | ||
2737 | service. A typical value here is the name of the src/ sub-directory, for | ||
2738 | example "statistics". The same string would also be given to | ||
2739 | GNUNET_CLIENT_connect to access the service. | ||
2740 | |||
2741 | Once a service has been initialized, the program should use the | ||
2742 | GNUNET_SERVICE_Main callback to register message handlers using | ||
2743 | GNUNET_SERVER_add_handlers. The service will already have registered a | ||
2744 | handler for the "TEST" message. | ||
2745 | |||
2746 | The option bitfield (enum GNUNET_SERVICE_Options) determines how a service | ||
2747 | should behave during shutdown. There are three key strategies: | ||
2748 | |||
2749 | @table @asis | ||
2750 | |||
2751 | @item instant (GNUNET_SERVICE_OPTION_NONE) Upon receiving the shutdown | ||
2752 | signal from the scheduler, the service immediately terminates the server, | ||
2753 | closing all existing connections with clients. | ||
2754 | @item manual | ||
2755 | (GNUNET_SERVICE_OPTION_MANUAL_SHUTDOWN) The service does nothing by itself | ||
2756 | during shutdown. The main program will need to take the appropriate | ||
2757 | action by calling GNUNET_SERVER_destroy or GNUNET_SERVICE_stop (depending | ||
2758 | on how the service was initialized) to terminate the service. This method | ||
2759 | is used by gnunet-service-arm and rather uncommon. | ||
2760 | @item soft | ||
2761 | (GNUNET_SERVICE_OPTION_SOFT_SHUTDOWN) Upon receiving the shutdown signal | ||
2762 | from the scheduler, the service immediately tells the server to stop | ||
2763 | listening for incoming clients. Requests from normal existing clients are | ||
2764 | still processed and the server/service terminates once all normal clients | ||
2765 | have disconnected. Clients that are not expected to ever disconnect (such | ||
2766 | as clients that monitor performance values) can be marked as 'monitor' | ||
2767 | clients using GNUNET_SERVER_client_mark_monitor. Those clients will | ||
2768 | continue to be processed until all 'normal' clients have disconnected. | ||
2769 | Then, the server will terminate, closing the monitor connections. | ||
2770 | This mode is for example used by 'statistics', allowing existing 'normal' | ||
2771 | clients to set (possibly persistent) statistic values before terminating. | ||
2772 | |||
2773 | @end table | ||
2774 | |||
2775 | @c *********************************************************************** | ||
2776 | @node Optimizing Memory Consumption of GNUnet's (Multi-) Hash Maps | ||
2777 | @subsection Optimizing Memory Consumption of GNUnet's (Multi-) Hash Maps | ||
2778 | @c %**end of header | ||
2779 | |||
2780 | A commonly used data structure in GNUnet is a (multi-)hash map. It is most | ||
2781 | often used to map a peer identity to some data structure, but also to map | ||
2782 | arbitrary keys to values (for example to track requests in the distributed | ||
2783 | hash table or in file-sharing). As it is commonly used, the DHT is | ||
2784 | actually sometimes responsible for a large share of GNUnet's overall | ||
2785 | memory consumption (for some processes, 30% is not uncommon). The | ||
2786 | following text documents some API quirks (and their implications for | ||
2787 | applications) that were recently introduced to minimize the footprint of | ||
2788 | the hash map. | ||
2789 | |||
2790 | |||
2791 | @c *********************************************************************** | ||
2792 | @menu | ||
2793 | * Analysis:: | ||
2794 | * Solution:: | ||
2795 | * Migration:: | ||
2796 | * Conclusion:: | ||
2797 | * Availability:: | ||
2798 | @end menu | ||
2799 | |||
2800 | @node Analysis | ||
2801 | @subsubsection Analysis | ||
2802 | @c %**end of header | ||
2803 | |||
2804 | The main reason for the "excessive" memory consumption by the hash map is | ||
2805 | that GNUnet uses 512-bit cryptographic hash codes --- and the | ||
2806 | (multi-)hash map also uses the same 512-bit 'struct GNUNET_HashCode'. As | ||
2807 | a result, storing just the keys requires 64 bytes of memory for each key. | ||
2808 | As some applications like to keep a large number of entries in the hash | ||
2809 | map (after all, that's what maps are good for), 64 bytes per hash is | ||
2810 | significant: keeping a pointer to the value and having a linked list for | ||
2811 | collisions consume between 8 and 16 bytes, and 'malloc' may add about the | ||
2812 | same overhead per allocation, putting us in the 16 to 32 byte per entry | ||
2813 | ballpark. Adding a 64-byte key then triples the overall memory | ||
2814 | requirement for the hash map. | ||
2815 | |||
2816 | To make things "worse", most of the time storing the key in the hash map | ||
2817 | is not required: it is typically already in memory elsewhere! In most | ||
2818 | cases, the values stored in the hash map are some application-specific | ||
2819 | struct that _also_ contains the hash. Here is a simplified example: | ||
2820 | |||
2821 | @example | ||
2822 | struct MyValue @{ | ||
2823 | struct GNUNET_HashCode key; unsigned int my_data; @}; | ||
2824 | |||
2825 | // ... | ||
2826 | val = GNUNET_malloc (sizeof (struct MyValue)); val->key = key; val->my_data = | ||
2827 | 42; GNUNET_CONTAINER_multihashmap_put (map, &key, val, ...); | ||
2828 | @end example | ||
2829 | |||
2830 | This is a common pattern as later the entries might need to be removed, | ||
2831 | and at that time it is convenient to have the key immediately at hand: | ||
2832 | |||
2833 | @example | ||
2834 | GNUNET_CONTAINER_multihashmap_remove (map, &val->key, val); | ||
2835 | @end example | ||
2836 | |||
2837 | |||
2838 | Note that here we end up with two times 64 bytes for the key, plus maybe | ||
2839 | 64 bytes total for the rest of the 'struct MyValue' and the map entry in | ||
2840 | the hash map. The resulting redundant storage of the key increases | ||
2841 | overall memory consumption per entry from the "optimal" 128 bytes to 192 | ||
2842 | bytes. This is not just an extreme example: overheads in practice are | ||
2843 | actually sometimes close to those highlighted in this example. This is | ||
2844 | especially true for maps with a significant number of entries, as there | ||
2845 | we tend to really try to keep the entries small. | ||
2846 | |||
2847 | @c *********************************************************************** | ||
2848 | @node Solution | ||
2849 | @subsubsection Solution | ||
2850 | @c %**end of header | ||
2851 | |||
2852 | The solution that has now been implemented is to @strong{optionally} | ||
2853 | allow the hash map to not make a (deep) copy of the hash but instead have | ||
2854 | a pointer to the hash/key in the entry. This reduces the memory | ||
2855 | consumption for the key from 64 bytes to 4 to 8 bytes. However, it can | ||
2856 | also only work if the key is actually stored in the entry (which is the | ||
2857 | case most of the time) and if the entry does not modify the key (which in | ||
2858 | all of the code I'm aware of has been always the case if there key is | ||
2859 | stored in the entry). Finally, when the client stores an entry in the | ||
2860 | hash map, it @strong{must} provide a pointer to the key within the entry, | ||
2861 | not just a pointer to a transient location of the key. If | ||
2862 | the client code does not meet these requirements, the result is a dangling | ||
2863 | pointer and undefined behavior of the (multi-)hash map API. | ||
2864 | |||
2865 | @c *********************************************************************** | ||
2866 | @node Migration | ||
2867 | @subsubsection Migration | ||
2868 | @c %**end of header | ||
2869 | |||
2870 | To use the new feature, first check that the values contain the respective | ||
2871 | key (and never modify it). Then, all calls to | ||
2872 | @code{GNUNET_CONTAINER_multihashmap_put} on the respective map must be | ||
2873 | audited and most likely changed to pass a pointer into the value's struct. | ||
2874 | For the initial example, the new code would look like this: | ||
2875 | |||
2876 | @example | ||
2877 | struct MyValue @{ | ||
2878 | struct GNUNET_HashCode key; unsigned int my_data; @}; | ||
2879 | |||
2880 | // ... | ||
2881 | val = GNUNET_malloc (sizeof (struct MyValue)); val->key = key; val->my_data = | ||
2882 | 42; GNUNET_CONTAINER_multihashmap_put (map, &val->key, val, ...); | ||
2883 | @end example | ||
2884 | |||
2885 | |||
2886 | Note that @code{&val} was changed to @code{&val->key} in the argument to | ||
2887 | the @code{put} call. This is critical as often @code{key} is on the stack | ||
2888 | or in some other transient data structure and thus having the hash map | ||
2889 | keep a pointer to @code{key} would not work. Only the key inside of | ||
2890 | @code{val} has the same lifetime as the entry in the map (this must of | ||
2891 | course be checked as well). Naturally, @code{val->key} must be | ||
2892 | intiialized before the @code{put} call. Once all @code{put} calls have | ||
2893 | been converted and double-checked, you can change the call to create the | ||
2894 | hash map from | ||
2895 | |||
2896 | @example | ||
2897 | map = | ||
2898 | GNUNET_CONTAINER_multihashmap_create (SIZE, GNUNET_NO); | ||
2899 | @end example | ||
2900 | |||
2901 | to | ||
2902 | |||
2903 | @example | ||
2904 | map = GNUNET_CONTAINER_multihashmap_create (SIZE, GNUNET_YES); | ||
2905 | @end example | ||
2906 | |||
2907 | If everything was done correctly, you now use about 60 bytes less memory | ||
2908 | per entry in @code{map}. However, if now (or in the future) any call to | ||
2909 | @code{put} does not ensure that the given key is valid until the entry is | ||
2910 | removed from the map, undefined behavior is likely to be observed. | ||
2911 | |||
2912 | @c *********************************************************************** | ||
2913 | @node Conclusion | ||
2914 | @subsubsection Conclusion | ||
2915 | @c %**end of header | ||
2916 | |||
2917 | The new optimization can is often applicable and can result in a | ||
2918 | reduction in memory consumption of up to 30% in practice. However, it | ||
2919 | makes the code less robust as additional invariants are imposed on the | ||
2920 | multi hash map client. Thus applications should refrain from enabling the | ||
2921 | new mode unless the resulting performance increase is deemed significant | ||
2922 | enough. In particular, it should generally not be used in new code (wait | ||
2923 | at least until benchmarks exist). | ||
2924 | |||
2925 | @c *********************************************************************** | ||
2926 | @node Availability | ||
2927 | @subsubsection Availability | ||
2928 | @c %**end of header | ||
2929 | |||
2930 | The new multi hash map code was committed in SVN 24319 (will be in GNUnet | ||
2931 | 0.9.4). Various subsystems (transport, core, dht, file-sharing) were | ||
2932 | previously audited and modified to take advantage of the new capability. | ||
2933 | In particular, memory consumption of the file-sharing service is expected | ||
2934 | to drop by 20-30% due to this change. | ||
2935 | |||
2936 | @c *********************************************************************** | ||
2937 | @node The CONTAINER_MDLL API | ||
2938 | @subsection The CONTAINER_MDLL API | ||
2939 | @c %**end of header | ||
2940 | |||
2941 | This text documents the GNUNET_CONTAINER_MDLL API. The | ||
2942 | GNUNET_CONTAINER_MDLL API is similar to the GNUNET_CONTAINER_DLL API in | ||
2943 | that it provides operations for the construction and manipulation of | ||
2944 | doubly-linked lists. The key difference to the (simpler) DLL-API is that | ||
2945 | the MDLL-version allows a single element (instance of a "struct") to be | ||
2946 | in multiple linked lists at the same time. | ||
2947 | |||
2948 | Like the DLL API, the MDLL API stores (most of) the data structures for | ||
2949 | the doubly-linked list with the respective elements; only the 'head' and | ||
2950 | 'tail' pointers are stored "elsewhere" --- and the application needs to | ||
2951 | provide the locations of head and tail to each of the calls in the | ||
2952 | MDLL API. The key difference for the MDLL API is that the "next" and | ||
2953 | "previous" pointers in the struct can no longer be simply called "next" | ||
2954 | and "prev" --- after all, the element may be in multiple doubly-linked | ||
2955 | lists, so we cannot just have one "next" and one "prev" pointer! | ||
2956 | |||
2957 | The solution is to have multiple fields that must have a name of the | ||
2958 | format "next_XX" and "prev_XX" where "XX" is the name of one of the | ||
2959 | doubly-linked lists. Here is a simple example: | ||
2960 | |||
2961 | @example | ||
2962 | struct MyMultiListElement @{ | ||
2963 | struct MyMultiListElement *next_ALIST; | ||
2964 | struct MyMultiListElement *prev_ALIST; | ||
2965 | struct MyMultiListElement *next_BLIST; | ||
2966 | struct MyMultiListElement *prev_BLIST; | ||
2967 | void | ||
2968 | *data; | ||
2969 | @}; | ||
2970 | @end example | ||
2971 | |||
2972 | |||
2973 | Note that by convention, we use all-uppercase letters for the list names. | ||
2974 | In addition, the program needs to have a location for the head and tail | ||
2975 | pointers for both lists, for example: | ||
2976 | |||
2977 | @example | ||
2978 | static struct MyMultiListElement *head_ALIST; | ||
2979 | static struct MyMultiListElement *tail_ALIST; | ||
2980 | static struct MyMultiListElement *head_BLIST; | ||
2981 | static struct MyMultiListElement *tail_BLIST; | ||
2982 | @end example | ||
2983 | |||
2984 | |||
2985 | Using the MDLL-macros, we can now insert an element into the ALIST: | ||
2986 | |||
2987 | @example | ||
2988 | GNUNET_CONTAINER_MDLL_insert (ALIST, head_ALIST, tail_ALIST, element); | ||
2989 | @end example | ||
2990 | |||
2991 | |||
2992 | Passing "ALIST" as the first argument to MDLL specifies which of the | ||
2993 | next/prev fields in the 'struct MyMultiListElement' should be used. The | ||
2994 | extra "ALIST" argument and the "_ALIST" in the names of the | ||
2995 | next/prev-members are the only differences between the MDDL and DLL-API. | ||
2996 | Like the DLL-API, the MDLL-API offers functions for inserting (at head, | ||
2997 | at tail, after a given element) and removing elements from the list. | ||
2998 | Iterating over the list should be done by directly accessing the | ||
2999 | "next_XX" and/or "prev_XX" members. | ||
3000 | |||
3001 | @c *********************************************************************** | ||
3002 | @node The Automatic Restart Manager (ARM) | ||
3003 | @section The Automatic Restart Manager (ARM) | ||
3004 | @c %**end of header | ||
3005 | |||
3006 | GNUnet's Automated Restart Manager (ARM) is the GNUnet service responsible | ||
3007 | for system initialization and service babysitting. ARM starts and halts | ||
3008 | services, detects configuration changes and restarts services impacted by | ||
3009 | the changes as needed. It's also responsible for restarting services in | ||
3010 | case of crashes and is planned to incorporate automatic debugging for | ||
3011 | diagnosing service crashes providing developers insights about crash | ||
3012 | reasons. The purpose of this document is to give GNUnet developer an idea | ||
3013 | about how ARM works and how to interact with it. | ||
3014 | |||
3015 | @menu | ||
3016 | * Basic functionality:: | ||
3017 | * Key configuration options:: | ||
3018 | * Availability2:: | ||
3019 | * Reliability:: | ||
3020 | @end menu | ||
3021 | |||
3022 | @c *********************************************************************** | ||
3023 | @node Basic functionality | ||
3024 | @subsection Basic functionality | ||
3025 | @c %**end of header | ||
3026 | |||
3027 | @itemize @bullet | ||
3028 | @item ARM source code can be found under "src/arm".@ Service processes are | ||
3029 | managed by the functions in "gnunet-service-arm.c" which is controlled | ||
3030 | with "gnunet-arm.c" (main function in that file is ARM's entry point). | ||
3031 | |||
3032 | @item The functions responsible for communicating with ARM , starting and | ||
3033 | stopping services -including ARM service itself- are provided by the | ||
3034 | ARM API "arm_api.c".@ Function: GNUNET_ARM_connect() returns to the caller | ||
3035 | an ARM handle after setting it to the caller's context (configuration and | ||
3036 | scheduler in use). This handle can be used afterwards by the caller to | ||
3037 | communicate with ARM. Functions GNUNET_ARM_start_service() and | ||
3038 | GNUNET_ARM_stop_service() are used for starting and stopping services | ||
3039 | respectively. | ||
3040 | |||
3041 | @item A typical example of using these basic ARM services can be found in | ||
3042 | file test_arm_api.c. The test case connects to ARM, starts it, then uses | ||
3043 | it to start a service "resolver", stops the "resolver" then stops "ARM". | ||
3044 | @end itemize | ||
3045 | |||
3046 | @c *********************************************************************** | ||
3047 | @node Key configuration options | ||
3048 | @subsection Key configuration options | ||
3049 | @c %**end of header | ||
3050 | |||
3051 | Configurations for ARM and services should be available in a .conf file | ||
3052 | (As an example, see test_arm_api_data.conf). When running ARM, the | ||
3053 | configuration file to use should be passed to the command:@ | ||
3054 | @code{@ $ gnunet-arm -s -c configuration_to_use.conf@ }@ | ||
3055 | If no configuration is passed, the default configuration file will be used | ||
3056 | (see GNUNET_PREFIX/share/gnunet/defaults.conf which is created from | ||
3057 | contrib/defaults.conf).@ Each of the services is having a section starting | ||
3058 | by the service name between square brackets, for example: "[arm]". | ||
3059 | The following options configure how ARM configures or interacts with the | ||
3060 | various services: | ||
3061 | |||
3062 | @table @asis | ||
3063 | |||
3064 | @item PORT Port number on which the service is listening for incoming TCP | ||
3065 | connections. ARM will start the services should it notice a request at | ||
3066 | this port. | ||
3067 | |||
3068 | @item HOSTNAME Specifies on which host the service is deployed. Note | ||
3069 | that ARM can only start services that are running on the local system | ||
3070 | (but will not check that the hostname matches the local machine name). | ||
3071 | This option is used by the @code{gnunet_client_lib.h} implementation to | ||
3072 | determine which system to connect to. The default is "localhost". | ||
3073 | |||
3074 | @item BINARY The name of the service binary file. | ||
3075 | |||
3076 | @item OPTIONS To be passed to the service. | ||
3077 | |||
3078 | @item PREFIX A command to pre-pend to the actual command, for example, | ||
3079 | running a service with "valgrind" or "gdb" | ||
3080 | |||
3081 | @item DEBUG Run in debug mode (much verbosity). | ||
3082 | |||
3083 | @item AUTOSTART ARM will listen to UNIX domain socket and/or TCP port of | ||
3084 | the service and start the service on-demand. | ||
3085 | |||
3086 | @item FORCESTART ARM will always start this service when the peer | ||
3087 | is started. | ||
3088 | |||
3089 | @item ACCEPT_FROM IPv4 addresses the service accepts connections from. | ||
3090 | |||
3091 | @item ACCEPT_FROM6 IPv6 addresses the service accepts connections from. | ||
3092 | |||
3093 | @end table | ||
3094 | |||
3095 | |||
3096 | Options that impact the operation of ARM overall are in the "[arm]" | ||
3097 | section. ARM is a normal service and has (except for AUTOSTART) all of the | ||
3098 | options that other services do. In addition, ARM has the | ||
3099 | following options: | ||
3100 | |||
3101 | @table @asis | ||
3102 | |||
3103 | @item GLOBAL_PREFIX Command to be pre-pended to all services that are | ||
3104 | going to run. | ||
3105 | |||
3106 | @item GLOBAL_POSTFIX Global option that will be supplied to all the | ||
3107 | services that are going to run. | ||
3108 | |||
3109 | @end table | ||
3110 | |||
3111 | @c *********************************************************************** | ||
3112 | @node Availability2 | ||
3113 | @subsection Availability2 | ||
3114 | @c %**end of header | ||
3115 | |||
3116 | As mentioned before, one of the features provided by ARM is starting | ||
3117 | services on demand. Consider the example of one service "client" that | ||
3118 | wants to connect to another service a "server". The "client" will ask ARM | ||
3119 | to run the "server". ARM starts the "server". The "server" starts | ||
3120 | listening to incoming connections. The "client" will establish a | ||
3121 | connection with the "server". And then, they will start to communicate | ||
3122 | together.@ One problem with that scheme is that it's slow!@ | ||
3123 | The "client" service wants to communicate with the "server" service at | ||
3124 | once and is not willing wait for it to be started and listening to | ||
3125 | incoming connections before serving its request.@ One solution for that | ||
3126 | problem will be that ARM starts all services as default services. That | ||
3127 | solution will solve the problem, yet, it's not quite practical, for some | ||
3128 | services that are going to be started can never be used or are going to | ||
3129 | be used after a relatively long time.@ | ||
3130 | The approach followed by ARM to solve this problem is as follows: | ||
3131 | |||
3132 | @itemize @bullet | ||
3133 | |||
3134 | @item For each service having a PORT field in the configuration file and | ||
3135 | that is not one of the default services ( a service that accepts incoming | ||
3136 | connections from clients), ARM creates listening sockets for all addresses | ||
3137 | associated with that service. | ||
3138 | |||
3139 | @item The "client" will immediately establish a connection with | ||
3140 | the "server". | ||
3141 | |||
3142 | @item ARM --- pretending to be the "server" --- will listen on the | ||
3143 | respective port and notice the incoming connection from the "client" | ||
3144 | (but not accept it), instead | ||
3145 | |||
3146 | @item Once there is an incoming connection, ARM will start the "server", | ||
3147 | passing on the listen sockets (now, the service is started and can do its | ||
3148 | work). | ||
3149 | |||
3150 | @item Other client services now can directly connect directly to the | ||
3151 | "server". | ||
3152 | |||
3153 | @end itemize | ||
3154 | |||
3155 | @c *********************************************************************** | ||
3156 | @node Reliability | ||
3157 | @subsection Reliability | ||
3158 | |||
3159 | One of the features provided by ARM, is the automatic restart of crashed | ||
3160 | services.@ ARM needs to know which of the running services died. Function | ||
3161 | "gnunet-service-arm.c/maint_child_death()" is responsible for that. The | ||
3162 | function is scheduled to run upon receiving a SIGCHLD signal. The | ||
3163 | function, then, iterates ARM's list of services running and monitors | ||
3164 | which service has died (crashed). For all crashing services, ARM restarts | ||
3165 | them.@ | ||
3166 | Now, considering the case of a service having a serious problem causing it | ||
3167 | to crash each time it's started by ARM. If ARM keeps blindly restarting | ||
3168 | such a service, we are going to have the pattern: | ||
3169 | start-crash-restart-crash-restart-crash and so forth!! Which is of course | ||
3170 | not practical.@ | ||
3171 | For that reason, ARM schedules the service to be restarted after waiting | ||
3172 | for some delay that grows exponentially with each crash/restart of that | ||
3173 | service.@ To clarify the idea, considering the following example: | ||
3174 | |||
3175 | @itemize @bullet | ||
3176 | |||
3177 | @item Service S crashed. | ||
3178 | |||
3179 | @item ARM receives the SIGCHLD and inspects its list of services to find | ||
3180 | the dead one(s). | ||
3181 | |||
3182 | @item ARM finds S dead and schedules it for restarting after "backoff" | ||
3183 | time which is initially set to 1ms. ARM will double the backoff time | ||
3184 | correspondent to S (now backoff(S) = 2ms) | ||
3185 | |||
3186 | @item Because there is a severe problem with S, it crashed again. | ||
3187 | |||
3188 | @item Again ARM receives the SIGCHLD and detects that it's S again that's | ||
3189 | crashed. ARM schedules it for restarting but after its new backoff time | ||
3190 | (which became 2ms), and doubles its backoff time (now backoff(S) = 4). | ||
3191 | |||
3192 | @item and so on, until backoff(S) reaches a certain threshold | ||
3193 | (EXPONENTIAL_BACKOFF_THRESHOLD is set to half an hour), after reaching it, | ||
3194 | backoff(S) will remain half an hour, hence ARM won't be busy for a lot of | ||
3195 | time trying to restart a problematic service. | ||
3196 | @end itemize | ||
3197 | |||
3198 | @c *********************************************************************** | ||
3199 | @node GNUnet's TRANSPORT Subsystem | ||
3200 | @section GNUnet's TRANSPORT Subsystem | ||
3201 | @c %**end of header | ||
3202 | |||
3203 | This chapter documents how the GNUnet transport subsystem works. The | ||
3204 | GNUnet transport subsystem consists of three main components: the | ||
3205 | transport API (the interface used by the rest of the system to access the | ||
3206 | transport service), the transport service itself (most of the interesting | ||
3207 | functions, such as choosing transports, happens here) and the transport | ||
3208 | plugins. A transport plugin is a concrete implementation for how two | ||
3209 | GNUnet peers communicate; many plugins exist, for example for | ||
3210 | communication via TCP, UDP, HTTP, HTTPS and others. Finally, the | ||
3211 | transport subsystem uses supporting code, especially the NAT/UPnP | ||
3212 | library to help with tasks such as NAT traversal. | ||
3213 | |||
3214 | Key tasks of the transport service include: | ||
3215 | |||
3216 | @itemize @bullet | ||
3217 | |||
3218 | @item Create our HELLO message, notify clients and neighbours if our HELLO | ||
3219 | changes (using NAT library as necessary) | ||
3220 | |||
3221 | @item Validate HELLOs from other peers (send PING), allow other peers to | ||
3222 | validate our HELLO's addresses (send PONG) | ||
3223 | |||
3224 | @item Upon request, establish connections to other peers (using address | ||
3225 | selection from ATS subsystem) and maintain them (again using PINGs and | ||
3226 | PONGs) as long as desired | ||
3227 | |||
3228 | @item Accept incoming connections, give ATS service the opportunity to | ||
3229 | switch communication channels | ||
3230 | |||
3231 | @item Notify clients about peers that have connected to us or that have | ||
3232 | been disconnected from us | ||
3233 | |||
3234 | @item If a (stateful) connection goes down unexpectedly (without explicit | ||
3235 | DISCONNECT), quickly attempt to recover (without notifying clients) but do | ||
3236 | notify clients quickly if reconnecting fails | ||
3237 | |||
3238 | @item Send (payload) messages arriving from clients to other peers via | ||
3239 | transport plugins and receive messages from other peers, forwarding | ||
3240 | those to clients | ||
3241 | |||
3242 | @item Enforce inbound traffic limits (using flow-control if it is | ||
3243 | applicable); outbound traffic limits are enforced by CORE, not by us (!) | ||
3244 | |||
3245 | @item Enforce restrictions on P2P connection as specified by the blacklist | ||
3246 | configuration and blacklisting clients | ||
3247 | @end itemize | ||
3248 | |||
3249 | |||
3250 | Note that the term "clients" in the list above really refers to the | ||
3251 | GNUnet-CORE service, as CORE is typically the only client of the | ||
3252 | transport service. | ||
3253 | |||
3254 | @menu | ||
3255 | * Address validation protocol:: | ||
3256 | @end menu | ||
3257 | |||
3258 | @node Address validation protocol | ||
3259 | @subsection Address validation protocol | ||
3260 | @c %**end of header | ||
3261 | |||
3262 | This section documents how the GNUnet transport service validates | ||
3263 | connections with other peers. It is a high-level description of the | ||
3264 | protocol necessary to understand the details of the implementation. It | ||
3265 | should be noted that when we talk about PING and PONG messages in this | ||
3266 | section, we refer to transport-level PING and PONG messages, which are | ||
3267 | different from core-level PING and PONG messages (both in implementation | ||
3268 | and function). | ||
3269 | |||
3270 | The goal of transport-level address validation is to minimize the chances | ||
3271 | of a successful man-in-the-middle attack against GNUnet peers on the | ||
3272 | transport level. Such an attack would not allow the adversary to decrypt | ||
3273 | the P2P transmissions, but a successful attacker could at least measure | ||
3274 | traffic volumes and latencies (raising the adversaries capablities by | ||
3275 | those of a global passive adversary in the worst case). The scenarios we | ||
3276 | are concerned about is an attacker, Mallory, giving a HELLO to Alice that | ||
3277 | claims to be for Bob, but contains Mallory's IP address instead of Bobs | ||
3278 | (for some transport). Mallory would then forward the traffic to Bob (by | ||
3279 | initiating a connection to Bob and claiming to be Alice). As a further | ||
3280 | complication, the scheme has to work even if say Alice is behind a NAT | ||
3281 | without traversal support and hence has no address of her own (and thus | ||
3282 | Alice must always initiate the connection to Bob). | ||
3283 | |||
3284 | An additional constraint is that HELLO messages do not contain a | ||
3285 | cryptographic signature since other peers must be able to edit | ||
3286 | (i.e. remove) addresses from the HELLO at any time (this was not true in | ||
3287 | GNUnet 0.8.x). A basic @strong{assumption} is that each peer knows the | ||
3288 | set of possible network addresses that it @strong{might} be reachable | ||
3289 | under (so for example, the external IP address of the NAT plus the LAN | ||
3290 | address(es) with the respective ports). | ||
3291 | |||
3292 | The solution is the following. If Alice wants to validate that a given | ||
3293 | address for Bob is valid (i.e. is actually established @strong{directly} | ||
3294 | with the intended target), it sends a PING message over that connection | ||
3295 | to Bob. Note that in this case, Alice initiated the connection so only | ||
3296 | she knows which address was used for sure (Alice maybe behind NAT, so | ||
3297 | whatever address Bob sees may not be an address Alice knows she has). Bob | ||
3298 | checks that the address given in the PING is actually one of his addresses | ||
3299 | (does not belong to Mallory), and if it is, sends back a PONG (with a | ||
3300 | signature that says that Bob owns/uses the address from the PING). Alice | ||
3301 | checks the signature and is happy if it is valid and the address in the | ||
3302 | PONG is the address she used. This is similar to the 0.8.x protocol where | ||
3303 | the HELLO contained a signature from Bob for each address used by Bob. | ||
3304 | Here, the purpose code for the signature is | ||
3305 | @code{GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN}. After this, Alice will | ||
3306 | remember Bob's address and consider the address valid for a while (12h in | ||
3307 | the current implementation). Note that after this exchange, Alice only | ||
3308 | considers Bob's address to be valid, the connection itself is not | ||
3309 | considered 'established'. In particular, Alice may have many addresses | ||
3310 | for Bob that she considers valid. | ||
3311 | |||
3312 | The PONG message is protected with a nonce/challenge against replay | ||
3313 | attacks and uses an expiration time for the signature (but those are | ||
3314 | almost implementation details). | ||
3315 | |||
3316 | @node NAT library | ||
3317 | @section NAT library | ||
3318 | @c %**end of header | ||
3319 | |||
3320 | The goal of the GNUnet NAT library is to provide a general-purpose API for | ||
3321 | NAT traversal @strong{without} third-party support. So protocols that | ||
3322 | involve contacting a third peer to help establish a connection between | ||
3323 | two peers are outside of the scope of this API. That does not mean that | ||
3324 | GNUnet doesn't support involving a third peer (we can do this with the | ||
3325 | distance-vector transport or using application-level protocols), it just | ||
3326 | means that the NAT API is not concerned with this possibility. The API is | ||
3327 | written so that it will work for IPv6-NAT in the future as well as | ||
3328 | current IPv4-NAT. Furthermore, the NAT API is always used, even for peers | ||
3329 | that are not behind NAT --- in that case, the mapping provided is simply | ||
3330 | the identity. | ||
3331 | |||
3332 | NAT traversal is initiated by calling @code{GNUNET_NAT_register}. Given a | ||
3333 | set of addresses that the peer has locally bound to (TCP or UDP), the NAT | ||
3334 | library will return (via callback) a (possibly longer) list of addresses | ||
3335 | the peer @strong{might} be reachable under. Internally, depending on the | ||
3336 | configuration, the NAT library will try to punch a hole (using UPnP) or | ||
3337 | just "know" that the NAT was manually punched and generate the respective | ||
3338 | external IP address (the one that should be globally visible) based on | ||
3339 | the given information. | ||
3340 | |||
3341 | The NAT library also supports ICMP-based NAT traversal. Here, the other | ||
3342 | peer can request connection-reversal by this peer (in this special case, | ||
3343 | the peer is even allowed to configure a port number of zero). If the NAT | ||
3344 | library detects a connection-reversal request, it returns the respective | ||
3345 | target address to the client as well. It should be noted that | ||
3346 | connection-reversal is currently only intended for TCP, so other plugins | ||
3347 | @strong{must} pass @code{NULL} for the reversal callback. Naturally, the | ||
3348 | NAT library also supports requesting connection reversal from a remote | ||
3349 | peer (@code{GNUNET_NAT_run_client}). | ||
3350 | |||
3351 | Once initialized, the NAT handle can be used to test if a given address is | ||
3352 | possibly a valid address for this peer (@code{GNUNET_NAT_test_address}). | ||
3353 | This is used for validating our addresses when generating PONGs. | ||
3354 | |||
3355 | Finally, the NAT library contains an API to test if our NAT configuration | ||
3356 | is correct. Using @code{GNUNET_NAT_test_start} @strong{before} binding to | ||
3357 | the respective port, the NAT library can be used to test if the | ||
3358 | configuration works. The test function act as a local client, initialize | ||
3359 | the NAT traversal and then contact a @code{gnunet-nat-server} (running by | ||
3360 | default on @code{gnunet.org}) and ask for a connection to be established. | ||
3361 | This way, it is easy to test if the current NAT configuration is valid. | ||
3362 | |||
3363 | @node Distance-Vector plugin | ||
3364 | @section Distance-Vector plugin | ||
3365 | @c %**end of header | ||
3366 | |||
3367 | The Distance Vector (DV) transport is a transport mechanism that allows | ||
3368 | peers to act as relays for each other, thereby connecting peers that would | ||
3369 | otherwise be unable to connect. This gives a larger connection set to | ||
3370 | applications that may work better with more peers to choose from (for | ||
3371 | example, File Sharing and/or DHT). | ||
3372 | |||
3373 | The Distance Vector transport essentially has two functions. The first is | ||
3374 | "gossiping" connection information about more distant peers to directly | ||
3375 | connected peers. The second is taking messages intended for non-directly | ||
3376 | connected peers and encapsulating them in a DV wrapper that contains the | ||
3377 | required information for routing the message through forwarding peers. Via | ||
3378 | gossiping, optimal routes through the known DV neighborhood are discovered | ||
3379 | and utilized and the message encapsulation provides some benefits in | ||
3380 | addition to simply getting the message from the correct source to the | ||
3381 | proper destination. | ||
3382 | |||
3383 | The gossiping function of DV provides an up to date routing table of | ||
3384 | peers that are available up to some number of hops. We call this a | ||
3385 | fisheye view of the network (like a fish, nearby objects are known while | ||
3386 | more distant ones unknown). Gossip messages are sent only to directly | ||
3387 | connected peers, but they are sent about other knowns peers within the | ||
3388 | "fisheye distance". Whenever two peers connect, they immediately gossip | ||
3389 | to each other about their appropriate other neighbors. They also gossip | ||
3390 | about the newly connected peer to previously | ||
3391 | connected neighbors. In order to keep the routing tables up to date, | ||
3392 | disconnect notifications are propogated as gossip as well (because | ||
3393 | disconnects may not be sent/received, timeouts are also used remove | ||
3394 | stagnant routing table entries). | ||
3395 | |||
3396 | Routing of messages via DV is straightforward. When the DV transport is | ||
3397 | notified of a message destined for a non-direct neighbor, the appropriate | ||
3398 | forwarding peer is selected, and the base message is encapsulated in a DV | ||
3399 | message which contains information about the initial peer and the intended | ||
3400 | recipient. At each forwarding hop, the initial peer is validated (the | ||
3401 | forwarding peer ensures that it has the initial peer in its neighborhood, | ||
3402 | otherwise the message is dropped). Next the base message is | ||
3403 | re-encapsulated in a new DV message for the next hop in the forwarding | ||
3404 | chain (or delivered to the current peer, if it has arrived at the | ||
3405 | destination). | ||
3406 | |||
3407 | Assume a three peer network with peers Alice, Bob and Carol. Assume that | ||
3408 | Alice <-> Bob and Bob <-> Carol are direct (e.g. over TCP or UDP | ||
3409 | transports) connections, but that Alice cannot directly connect to Carol. | ||
3410 | This may be the case due to NAT or firewall restrictions, or perhaps | ||
3411 | based on one of the peers respective configurations. If the Distance | ||
3412 | Vector transport is enabled on all three peers, it will automatically | ||
3413 | discover (from the gossip protocol) that Alice and Carol can connect via | ||
3414 | Bob and provide a "virtual" Alice <-> Carol connection. Routing between | ||
3415 | Alice and Carol happens as follows; Alice creates a message destined for | ||
3416 | Carol and notifies the DV transport about it. The DV transport at Alice | ||
3417 | looks up Carol in the routing table and finds that the message must be | ||
3418 | sent through Bob for Carol. The message is encapsulated setting Alice as | ||
3419 | the initiator and Carol as the destination and sent to Bob. Bob receives | ||
3420 | the messages, verifies both Alice and Carol are known to Bob, and re-wraps | ||
3421 | the message in a new DV message for Carol. The DV transport at Carol | ||
3422 | receives this message, unwraps the original message, and delivers it to | ||
3423 | Carol as though it came directly from Alice. | ||
3424 | |||
3425 | @node SMTP plugin | ||
3426 | @section SMTP plugin | ||
3427 | @c %**end of header | ||
3428 | |||
3429 | This section describes the new SMTP transport plugin for GNUnet as it | ||
3430 | exists in the 0.7.x and 0.8.x branch. SMTP support is currently not | ||
3431 | available in GNUnet 0.9.x. This page also describes the transport layer | ||
3432 | abstraction (as it existed in 0.7.x and 0.8.x) in more detail and gives | ||
3433 | some benchmarking results. The performance results presented are quite | ||
3434 | old and maybe outdated at this point. | ||
3435 | |||
3436 | @itemize @bullet | ||
3437 | @item Why use SMTP for a peer-to-peer transport? | ||
3438 | @item SMTPHow does it work? | ||
3439 | @item How do I configure my peer? | ||
3440 | @item How do I test if it works? | ||
3441 | @item How fast is it? | ||
3442 | @item Is there any additional documentation? | ||
3443 | @end itemize | ||
3444 | |||
3445 | |||
3446 | @menu | ||
3447 | * Why use SMTP for a peer-to-peer transport?:: | ||
3448 | * How does it work?:: | ||
3449 | * How do I configure my peer?:: | ||
3450 | * How do I test if it works?:: | ||
3451 | * How fast is it?:: | ||
3452 | @end menu | ||
3453 | |||
3454 | @node Why use SMTP for a peer-to-peer transport? | ||
3455 | @subsection Why use SMTP for a peer-to-peer transport? | ||
3456 | @c %**end of header | ||
3457 | |||
3458 | There are many reasons why one would not want to use SMTP: | ||
3459 | |||
3460 | @itemize @bullet | ||
3461 | @item SMTP is using more bandwidth than TCP, UDP or HTTP | ||
3462 | @item SMTP has a much higher latency. | ||
3463 | @item SMTP requires significantly more computation (encoding and decoding | ||
3464 | time) for the peers. | ||
3465 | @item SMTP is significantly more complicated to configure. | ||
3466 | @item SMTP may be abused by tricking GNUnet into sending mail to@ | ||
3467 | non-participating third parties. | ||
3468 | @end itemize | ||
3469 | |||
3470 | So why would anybody want to use SMTP? | ||
3471 | @itemize @bullet | ||
3472 | @item SMTP can be used to contact peers behind NAT boxes (in virtual | ||
3473 | private networks). | ||
3474 | @item SMTP can be used to circumvent policies that limit or prohibit | ||
3475 | peer-to-peer traffic by masking as "legitimate" traffic. | ||
3476 | @item SMTP uses E-mail addresses which are independent of a specific IP, | ||
3477 | which can be useful to address peers that use dynamic IP addresses. | ||
3478 | @item SMTP can be used to initiate a connection (e.g. initial address | ||
3479 | exchange) and peers can then negotiate the use of a more efficient | ||
3480 | protocol (e.g. TCP) for the actual communication. | ||
3481 | @end itemize | ||
3482 | |||
3483 | In summary, SMTP can for example be used to send a message to a peer | ||
3484 | behind a NAT box that has a dynamic IP to tell the peer to establish a | ||
3485 | TCP connection to a peer outside of the private network. Even an | ||
3486 | extraordinary overhead for this first message would be irrelevant in this | ||
3487 | type of situation. | ||
3488 | |||
3489 | @node How does it work? | ||
3490 | @subsection How does it work? | ||
3491 | @c %**end of header | ||
3492 | |||
3493 | When a GNUnet peer needs to send a message to another GNUnet peer that has | ||
3494 | advertised (only) an SMTP transport address, GNUnet base64-encodes the | ||
3495 | message and sends it in an E-mail to the advertised address. The | ||
3496 | advertisement contains a filter which is placed in the E-mail header, | ||
3497 | such that the receiving host can filter the tagged E-mails and forward it | ||
3498 | to the GNUnet peer process. The filter can be specified individually by | ||
3499 | each peer and be changed over time. This makes it impossible to censor | ||
3500 | GNUnet E-mail messages by searching for a generic filter. | ||
3501 | |||
3502 | @node How do I configure my peer? | ||
3503 | @subsection How do I configure my peer? | ||
3504 | @c %**end of header | ||
3505 | |||
3506 | First, you need to configure @code{procmail} to filter your inbound E-mail | ||
3507 | for GNUnet traffic. The GNUnet messages must be delivered into a pipe, for | ||
3508 | example @code{/tmp/gnunet.smtp}. You also need to define a filter that is | ||
3509 | used by @command{procmail} to detect GNUnet messages. You are free to | ||
3510 | choose whichever filter you like, but you should make sure that it does | ||
3511 | not occur in your other E-mail. In our example, we will use | ||
3512 | @code{X-mailer: GNUnet}. The @code{~/.procmailrc} configuration file then | ||
3513 | looks like this: | ||
3514 | |||
3515 | @example | ||
3516 | :0: | ||
3517 | * ^X-mailer: GNUnet | ||
3518 | /tmp/gnunet.smtp | ||
3519 | # where do you want your other e-mail delivered to (default: /var/spool/mail/) | ||
3520 | :0: /var/spool/mail/ | ||
3521 | @end example | ||
3522 | |||
3523 | After adding this file, first make sure that your regular E-mail still | ||
3524 | works (e.g. by sending an E-mail to yourself). Then edit the GNUnet | ||
3525 | configuration. In the section @code{SMTP} you need to specify your E-mail | ||
3526 | address under @code{EMAIL}, your mail server (for outgoing mail) under | ||
3527 | @code{SERVER}, the filter (X-mailer: GNUnet in the example) under | ||
3528 | @code{FILTER} and the name of the pipe under @code{PIPE}.@ The completed | ||
3529 | section could then look like this: | ||
3530 | |||
3531 | @example | ||
3532 | EMAIL = me@@mail.gnu.org MTU = 65000 SERVER = mail.gnu.org:25 FILTER = | ||
3533 | "X-mailer: GNUnet" PIPE = /tmp/gnunet.smtp | ||
3534 | @end example | ||
3535 | |||
3536 | Finally, you need to add @code{smtp} to the list of @code{TRANSPORTS} in | ||
3537 | the @code{GNUNETD} section. GNUnet peers will use the E-mail address that | ||
3538 | you specified to contact your peer until the advertisement times out. | ||
3539 | Thus, if you are not sure if everything works properly or if you are not | ||
3540 | planning to be online for a long time, you may want to configure this | ||
3541 | timeout to be short, e.g. just one hour. For this, set | ||
3542 | @code{HELLOEXPIRES} to @code{1} in the @code{GNUNETD} section. | ||
3543 | |||
3544 | This should be it, but you may probably want to test it first. | ||
3545 | |||
3546 | @node How do I test if it works? | ||
3547 | @subsection How do I test if it works? | ||
3548 | @c %**end of header | ||
3549 | |||
3550 | Any transport can be subjected to some rudimentary tests using the | ||
3551 | @code{gnunet-transport-check} tool. The tool sends a message to the local | ||
3552 | node via the transport and checks that a valid message is received. While | ||
3553 | this test does not involve other peers and can not check if firewalls or | ||
3554 | other network obstacles prohibit proper operation, this is a great | ||
3555 | testcase for the SMTP transport since it tests pretty much nearly all of | ||
3556 | the functionality. | ||
3557 | |||
3558 | @code{gnunet-transport-check} should only be used without running | ||
3559 | @code{gnunetd} at the same time. By default, @code{gnunet-transport-check} | ||
3560 | tests all transports that are specified in the configuration file. But | ||
3561 | you can specifically test SMTP by giving the option | ||
3562 | @code{--transport=smtp}. | ||
3563 | |||
3564 | Note that this test always checks if a transport can receive and send. | ||
3565 | While you can configure most transports to only receive or only send | ||
3566 | messages, this test will only work if you have configured the transport | ||
3567 | to send and receive messages. | ||
3568 | |||
3569 | @node How fast is it? | ||
3570 | @subsection How fast is it? | ||
3571 | @c %**end of header | ||
3572 | |||
3573 | We have measured the performance of the UDP, TCP and SMTP transport layer | ||
3574 | directly and when used from an application using the GNUnet core. | ||
3575 | Measureing just the transport layer gives the better view of the actual | ||
3576 | overhead of the protocol, whereas evaluating the transport from the | ||
3577 | application puts the overhead into perspective from a practical point of | ||
3578 | view. | ||
3579 | |||
3580 | The loopback measurements of the SMTP transport were performed on three | ||
3581 | different machines spanning a range of modern SMTP configurations. We | ||
3582 | used a PIII-800 running RedHat 7.3 with the Purdue Computer Science | ||
3583 | configuration which includes filters for spam. We also used a Xenon 2 GHZ | ||
3584 | with a vanilla RedHat 8.0 sendmail configuration. Furthermore, we used | ||
3585 | qmail on a PIII-1000 running Sorcerer GNU Linux (SGL). The numbers for | ||
3586 | UDP and TCP are provided using the SGL configuration. The qmail benchmark | ||
3587 | uses qmail's internal filtering whereas the sendmail benchmarks relies on | ||
3588 | procmail to filter and deliver the mail. We used the transport layer to | ||
3589 | send a message of b bytes (excluding transport protocol headers) directly | ||
3590 | to the local machine. This way, network latency and packet loss on the | ||
3591 | wire have no impact on the timings. n messages were sent sequentially over | ||
3592 | the transport layer, sending message i+1 after the i-th message was | ||
3593 | received. All messages were sent over the same connection and the time to | ||
3594 | establish the connection was not taken into account since this overhead is | ||
3595 | miniscule in practice --- as long as a connection is used for a | ||
3596 | significant number of messages. | ||
3597 | |||
3598 | @multitable @columnfractions .20 .15 .15 .15 .15 .15 | ||
3599 | @headitem Transport @tab UDP @tab TCP @tab SMTP (Purdue sendmail) @tab SMTP (RH 8.0) @tab SMTP (SGL qmail) | ||
3600 | @item 11 bytes @tab 31 ms @tab 55 ms @tab 781 s @tab 77 s @tab 24 s | ||
3601 | @item 407 bytes @tab 37 ms @tab 62 ms @tab 789 s @tab 78 s @tab 25 s | ||
3602 | @item 1,221 bytes @tab 46 ms @tab 73 ms @tab 804 s @tab 78 s @tab 25 s | ||
3603 | @end multitable | ||
3604 | |||
3605 | The benchmarks show that UDP and TCP are, as expected, both significantly | ||
3606 | faster compared with any of the SMTP services. Among the SMTP | ||
3607 | implementations, there can be significant differences depending on the | ||
3608 | SMTP configuration. Filtering with an external tool like procmail that | ||
3609 | needs to re-parse its configuration for each mail can be very expensive. | ||
3610 | Applying spam filters can also significantly impact the performance of | ||
3611 | the underlying SMTP implementation. The microbenchmark shows that SMTP | ||
3612 | can be a viable solution for initiating peer-to-peer sessions: a couple of | ||
3613 | seconds to connect to a peer are probably not even going to be noticed by | ||
3614 | users. The next benchmark measures the possible throughput for a | ||
3615 | transport. Throughput can be measured by sending multiple messages in | ||
3616 | parallel and measuring packet loss. Note that not only UDP but also the | ||
3617 | TCP transport can actually loose messages since the TCP implementation | ||
3618 | drops messages if the @code{write} to the socket would block. While the | ||
3619 | SMTP protocol never drops messages itself, it is often so | ||
3620 | slow that only a fraction of the messages can be sent and received in the | ||
3621 | given time-bounds. For this benchmark we report the message loss after | ||
3622 | allowing t time for sending m messages. If messages were not sent (or | ||
3623 | received) after an overall timeout of t, they were considered lost. The | ||
3624 | benchmark was performed using two Xeon 2 GHZ machines running RedHat 8.0 | ||
3625 | with sendmail. The machines were connected with a direct 100 MBit ethernet | ||
3626 | connection.@ Figures udp1200, tcp1200 and smtp-MTUs show that the | ||
3627 | throughput for messages of size 1,200 octects is 2,343 kbps, 3,310 kbps | ||
3628 | and 6 kbps for UDP, TCP and SMTP respectively. The high per-message | ||
3629 | overhead of SMTP can be improved by increasing the MTU, for example, an | ||
3630 | MTU of 12,000 octets improves the throughput to 13 kbps as figure | ||
3631 | smtp-MTUs shows. Our research paper) has some more details on the | ||
3632 | benchmarking results. | ||
3633 | |||
3634 | @node Bluetooth plugin | ||
3635 | @section Bluetooth plugin | ||
3636 | @c %**end of header | ||
3637 | |||
3638 | This page describes the new Bluetooth transport plugin for GNUnet. The | ||
3639 | plugin is still in the testing stage so don't expect it to work | ||
3640 | perfectly. If you have any questions or problems just post them here or | ||
3641 | ask on the IRC channel. | ||
3642 | |||
3643 | @itemize @bullet | ||
3644 | @item What do I need to use the Bluetooth plugin transport? | ||
3645 | @item BluetoothHow does it work? | ||
3646 | @item What possible errors should I be aware of? | ||
3647 | @item How do I configure my peer? | ||
3648 | @item How can I test it? | ||
3649 | @end itemize | ||
3650 | |||
3651 | |||
3652 | |||
3653 | @menu | ||
3654 | * What do I need to use the Bluetooth plugin transport?:: | ||
3655 | * How does it work2?:: | ||
3656 | * What possible errors should I be aware of?:: | ||
3657 | * How do I configure my peer2?:: | ||
3658 | * How can I test it?:: | ||
3659 | * The implementation of the Bluetooth transport plugin:: | ||
3660 | @end menu | ||
3661 | |||
3662 | @node What do I need to use the Bluetooth plugin transport? | ||
3663 | @subsection What do I need to use the Bluetooth plugin transport? | ||
3664 | @c %**end of header | ||
3665 | |||
3666 | If you are a Linux user and you want to use the Bluetooth transport plugin | ||
3667 | you should install the BlueZ development libraries (if they aren't already | ||
3668 | installed). For instructions about how to install the libraries you should | ||
3669 | check out the BlueZ site | ||
3670 | (@uref{http://www.bluez.org/, http://www.bluez.org}). If you don't know if | ||
3671 | you have the necesarry libraries, don't worry, just run the GNUnet | ||
3672 | configure script and you will be able to see a notification at the end | ||
3673 | which will warn you if you don't have the necessary libraries. | ||
3674 | |||
3675 | If you are a Windows user you should have installed the | ||
3676 | @emph{MinGW}/@emph{MSys2} with the latest updates (especially the | ||
3677 | @emph{ws2bth} header). If this is your first build of GNUnet on Windows | ||
3678 | you should check out the SBuild repository. It will semi-automatically | ||
3679 | assembles a @emph{MinGW}/@emph{MSys2} installation with a lot of extra | ||
3680 | packages which are needed for the GNUnet build. So this will ease your | ||
3681 | work!@ Finally you just have to be sure that you have the correct drivers | ||
3682 | for your Bluetooth device installed and that your device is on and in a | ||
3683 | discoverable mode. The Windows Bluetooth Stack supports only the RFCOMM | ||
3684 | protocol so we cannot turn on your device programatically! | ||
3685 | |||
3686 | @c FIXME: Change to unique title | ||
3687 | @node How does it work2? | ||
3688 | @subsection How does it work2? | ||
3689 | @c %**end of header | ||
3690 | |||
3691 | The Bluetooth transport plugin uses virtually the same code as the WLAN | ||
3692 | plugin and only the helper binary is different. The helper takes a single | ||
3693 | argument, which represents the interface name and is specified in the | ||
3694 | configuration file. Here are the basic steps that are followed by the | ||
3695 | helper binary used on Linux: | ||
3696 | |||
3697 | @itemize @bullet | ||
3698 | @item it verifies if the name corresponds to a Bluetooth interface name | ||
3699 | @item it verifies if the iterface is up (if it is not, it tries to bring | ||
3700 | it up) | ||
3701 | @item it tries to enable the page and inquiry scan in order to make the | ||
3702 | device discoverable and to accept incoming connection requests | ||
3703 | @emph{The above operations require root access so you should start the | ||
3704 | transport plugin with root privileges.} | ||
3705 | @item it finds an available port number and registers a SDP service which | ||
3706 | will be used to find out on which port number is the server listening on | ||
3707 | and switch the socket in listening mode | ||
3708 | @item it sends a HELLO message with its address | ||
3709 | @item finally it forwards traffic from the reading sockets to the STDOUT | ||
3710 | and from the STDIN to the writing socket | ||
3711 | @end itemize | ||
3712 | |||
3713 | Once in a while the device will make an inquiry scan to discover the | ||
3714 | nearby devices and it will send them randomly HELLO messages for peer | ||
3715 | discovery. | ||
3716 | |||
3717 | @node What possible errors should I be aware of? | ||
3718 | @subsection What possible errors should I be aware of? | ||
3719 | @c %**end of header | ||
3720 | |||
3721 | @emph{This section is dedicated for Linux users} | ||
3722 | |||
3723 | Well there are many ways in which things could go wrong but I will try to | ||
3724 | present some tools that you could use to debug and some scenarios. | ||
3725 | |||
3726 | @itemize @bullet | ||
3727 | |||
3728 | @item @code{bluetoothd -n -d} : use this command to enable logging in the | ||
3729 | foreground and to print the logging messages | ||
3730 | |||
3731 | @item @code{hciconfig}: can be used to configure the Bluetooth devices. | ||
3732 | If you run it without any arguments it will print information about the | ||
3733 | state of the interfaces. So if you receive an error that the device | ||
3734 | couldn't be brought up you should try to bring it manually and to see if | ||
3735 | it works (use @code{hciconfig -a hciX up}). If you can't and the | ||
3736 | Bluetooth address has the form 00:00:00:00:00:00 it means that there is | ||
3737 | something wrong with the D-Bus daemon or with the Bluetooth daemon. Use | ||
3738 | @code{bluetoothd} tool to see the logs | ||
3739 | |||
3740 | @item @code{sdptool} can be used to control and interogate SDP servers. | ||
3741 | If you encounter problems regarding the SDP server (like the SDP server is | ||
3742 | down) you should check out if the D-Bus daemon is running correctly and to | ||
3743 | see if the Bluetooth daemon started correctly(use @code{bluetoothd} tool). | ||
3744 | Also, sometimes the SDP service could work but somehow the device couldn't | ||
3745 | register his service. Use @code{sdptool browse [dev-address]} to see if | ||
3746 | the service is registered. There should be a service with the name of the | ||
3747 | interface and GNUnet as provider. | ||
3748 | |||
3749 | @item @code{hcitool} : another useful tool which can be used to configure | ||
3750 | the device and to send some particular commands to it. | ||
3751 | |||
3752 | @item @code{hcidump} : could be used for low level debugging | ||
3753 | @end itemize | ||
3754 | |||
3755 | @c FIXME: A more unique name | ||
3756 | @node How do I configure my peer2? | ||
3757 | @subsection How do I configure my peer2? | ||
3758 | @c %**end of header | ||
3759 | |||
3760 | On Linux, you just have to be sure that the interface name corresponds to | ||
3761 | the one that you want to use. Use the @code{hciconfig} tool to check that. | ||
3762 | By default it is set to hci0 but you can change it. | ||
3763 | |||
3764 | A basic configuration looks like this: | ||
3765 | |||
3766 | @example | ||
3767 | [transport-bluetooth] | ||
3768 | # Name of the interface (typically hciX) | ||
3769 | INTERFACE = hci0 | ||
3770 | # Real hardware, no testing | ||
3771 | TESTMODE = 0 TESTING_IGNORE_KEYS = ACCEPT_FROM; | ||
3772 | @end example | ||
3773 | |||
3774 | In order to use the Bluetooth transport plugin when the transport service | ||
3775 | is started, you must add the plugin name to the default transport service | ||
3776 | plugins list. For example: | ||
3777 | |||
3778 | @example | ||
3779 | [transport] ... PLUGINS = dns bluetooth ... | ||
3780 | @end example | ||
3781 | |||
3782 | If you want to use only the Bluetooth plugin set | ||
3783 | @emph{PLUGINS = bluetooth} | ||
3784 | |||
3785 | On Windows, you cannot specify which device to use. The only thing that | ||
3786 | you should do is to add @emph{bluetooth} on the plugins list of the | ||
3787 | transport service. | ||
3788 | |||
3789 | @node How can I test it? | ||
3790 | @subsection How can I test it? | ||
3791 | @c %**end of header | ||
3792 | |||
3793 | If you have two Bluetooth devices on the same machine which use Linux you | ||
3794 | must: | ||
3795 | |||
3796 | @itemize @bullet | ||
3797 | |||
3798 | @item create two different file configuration (one which will use the | ||
3799 | first interface (@emph{hci0}) and the other which will use the second | ||
3800 | interface (@emph{hci1})). Let's name them @emph{peer1.conf} and | ||
3801 | @emph{peer2.conf}. | ||
3802 | |||
3803 | @item run @emph{gnunet-peerinfo -c peerX.conf -s} in order to generate the | ||
3804 | peers private keys. The @strong{X} must be replace with 1 or 2. | ||
3805 | |||
3806 | @item run @emph{gnunet-arm -c peerX.conf -s -i=transport} in order to | ||
3807 | start the transport service. (Make sure that you have "bluetooth" on the | ||
3808 | transport plugins list if the Bluetooth transport service doesn't start.) | ||
3809 | |||
3810 | @item run @emph{gnunet-peerinfo -c peer1.conf -s} to get the first peer's | ||
3811 | ID. If you already know your peer ID (you saved it from the first | ||
3812 | command), this can be skipped. | ||
3813 | |||
3814 | @item run @emph{gnunet-transport -c peer2.conf -p=PEER1_ID -s} to start | ||
3815 | sending data for benchmarking to the other peer. | ||
3816 | |||
3817 | @end itemize | ||
3818 | |||
3819 | |||
3820 | This scenario will try to connect the second peer to the first one and | ||
3821 | then start sending data for benchmarking. | ||
3822 | |||
3823 | On Windows you cannot test the plugin functionality using two Bluetooth | ||
3824 | devices from the same machine because after you install the drivers there | ||
3825 | will occur some conflicts between the Bluetooth stacks. (At least that is | ||
3826 | what happend on my machine : I wasn't able to use the Bluesoleil stack and | ||
3827 | the WINDCOMM one in the same time). | ||
3828 | |||
3829 | If you have two different machines and your configuration files are good | ||
3830 | you can use the same scenario presented on the begining of this section. | ||
3831 | |||
3832 | Another way to test the plugin functionality is to create your own | ||
3833 | application which will use the GNUnet framework with the Bluetooth | ||
3834 | transport service. | ||
3835 | |||
3836 | @node The implementation of the Bluetooth transport plugin | ||
3837 | @subsection The implementation of the Bluetooth transport plugin | ||
3838 | @c %**end of header | ||
3839 | |||
3840 | This page describes the implementation of the Bluetooth transport plugin. | ||
3841 | |||
3842 | First I want to remind you that the Bluetooth transport plugin uses | ||
3843 | virtually the same code as the WLAN plugin and only the helper binary is | ||
3844 | different. Also the scope of the helper binary from the Bluetooth | ||
3845 | transport plugin is the same as the one used for the wlan transport | ||
3846 | plugin: it acceses the interface and then it forwards traffic in both | ||
3847 | directions between the Bluetooth interface and stdin/stdout of the | ||
3848 | process involved. | ||
3849 | |||
3850 | The Bluetooth plugin transport could be used both on Linux and Windows | ||
3851 | platforms. | ||
3852 | |||
3853 | @itemize @bullet | ||
3854 | @item Linux functionality | ||
3855 | @item Windows functionality | ||
3856 | @item Pending Features | ||
3857 | @end itemize | ||
3858 | |||
3859 | |||
3860 | |||
3861 | @menu | ||
3862 | * Linux functionality:: | ||
3863 | * THE INITIALIZATION:: | ||
3864 | * THE LOOP:: | ||
3865 | * Details about the broadcast implementation:: | ||
3866 | * Windows functionality:: | ||
3867 | * Pending features:: | ||
3868 | @end menu | ||
3869 | |||
3870 | @node Linux functionality | ||
3871 | @subsubsection Linux functionality | ||
3872 | @c %**end of header | ||
3873 | |||
3874 | In order to implement the plugin functionality on Linux I used the BlueZ | ||
3875 | stack. For the communication with the other devices I used the RFCOMM | ||
3876 | protocol. Also I used the HCI protocol to gain some control over the | ||
3877 | device. The helper binary takes a single argument (the name of the | ||
3878 | Bluetooth interface) and is separated in two stages: | ||
3879 | |||
3880 | @c %** 'THE INITIALIZATION' should be in bigger letters or stand out, not | ||
3881 | @c %** starting a new section? | ||
3882 | @node THE INITIALIZATION | ||
3883 | @subsubsection THE INITIALIZATION | ||
3884 | |||
3885 | @itemize @bullet | ||
3886 | @item first, it checks if we have root privilegies | ||
3887 | (@emph{Remember that we need to have root privilegies in order to be able | ||
3888 | to bring the interface up if it is down or to change its state.}). | ||
3889 | |||
3890 | @item second, it verifies if the interface with the given name exists. | ||
3891 | |||
3892 | @strong{If the interface with that name exists and it is a Bluetooth | ||
3893 | interface:} | ||
3894 | |||
3895 | @item it creates a RFCOMM socket which will be used for listening and call | ||
3896 | the @emph{open_device} method | ||
3897 | |||
3898 | On the @emph{open_device} method: | ||
3899 | @itemize @bullet | ||
3900 | @item creates a HCI socket used to send control events to the the device | ||
3901 | @item searches for the device ID using the interface name | ||
3902 | @item saves the device MAC address | ||
3903 | @item checks if the interface is down and tries to bring it UP | ||
3904 | @item checks if the interface is in discoverable mode and tries to make it | ||
3905 | discoverable | ||
3906 | @item closes the HCI socket and binds the RFCOMM one | ||
3907 | @item switches the RFCOMM socket in listening mode | ||
3908 | @item registers the SDP service (the service will be used by the other | ||
3909 | devices to get the port on which this device is listening on) | ||
3910 | @end itemize | ||
3911 | |||
3912 | @item drops the root privilegies | ||
3913 | |||
3914 | @strong{If the interface is not a Bluetooth interface the helper exits | ||
3915 | with a suitable error} | ||
3916 | @end itemize | ||
3917 | |||
3918 | @c %** Same as for @node entry above | ||
3919 | @node THE LOOP | ||
3920 | @subsubsection THE LOOP | ||
3921 | |||
3922 | The helper binary uses a list where it saves all the connected neighbour | ||
3923 | devices (@emph{neighbours.devices}) and two buffers (@emph{write_pout} and | ||
3924 | @emph{write_std}). The first message which is send is a control message | ||
3925 | with the device's MAC address in order to announce the peer presence to | ||
3926 | the neighbours. Here are a short description of what happens in the main | ||
3927 | loop: | ||
3928 | |||
3929 | @itemize @bullet | ||
3930 | @item Every time when it receives something from the STDIN it processes | ||
3931 | the data and saves the message in the first buffer (@emph{write_pout}). | ||
3932 | When it has something in the buffer, it gets the destination address from | ||
3933 | the buffer, searches the destination address in the list (if there is no | ||
3934 | connection with that device, it creates a new one and saves it to the | ||
3935 | list) and sends the message. | ||
3936 | @item Every time when it receives something on the listening socket it | ||
3937 | accepts the connection and saves the socket on a list with the reading | ||
3938 | sockets. @item Every time when it receives something from a reading | ||
3939 | socket it parses the message, verifies the CRC and saves it in the | ||
3940 | @emph{write_std} buffer in order to be sent later to the STDOUT. | ||
3941 | @end itemize | ||
3942 | |||
3943 | So in the main loop we use the select function to wait until one of the | ||
3944 | file descriptor saved in one of the two file descriptors sets used is | ||
3945 | ready to use. The first set (@emph{rfds}) represents the reading set and | ||
3946 | it could contain the list with the reading sockets, the STDIN file | ||
3947 | descriptor or the listening socket. The second set (@emph{wfds}) is the | ||
3948 | writing set and it could contain the sending socket or the STDOUT file | ||
3949 | descriptor. After the select function returns, we check which file | ||
3950 | descriptor is ready to use and we do what is supposed to do on that kind | ||
3951 | of event. @emph{For example:} if it is the listening socket then we | ||
3952 | accept a new connection and save the socket in the reading list; if it is | ||
3953 | the STDOUT file descriptor, then we write to STDOUT the message from the | ||
3954 | @emph{write_std} buffer. | ||
3955 | |||
3956 | To find out on which port a device is listening on we connect to the local | ||
3957 | SDP server and searche the registered service for that device. | ||
3958 | |||
3959 | @emph{You should be aware of the fact that if the device fails to connect | ||
3960 | to another one when trying to send a message it will attempt one more | ||
3961 | time. If it fails again, then it skips the message.} | ||
3962 | @emph{Also you should know that the transport Bluetooth plugin has | ||
3963 | support for @strong{broadcast messages}.} | ||
3964 | |||
3965 | @node Details about the broadcast implementation | ||
3966 | @subsubsection Details about the broadcast implementation | ||
3967 | @c %**end of header | ||
3968 | |||
3969 | First I want to point out that the broadcast functionality for the CONTROL | ||
3970 | messages is not implemented in a conventional way. Since the inquiry scan | ||
3971 | time is too big and it will take some time to send a message to all the | ||
3972 | discoverable devices I decided to tackle the problem in a different way. | ||
3973 | Here is how I did it: | ||
3974 | |||
3975 | @itemize @bullet | ||
3976 | @item If it is the first time when I have to broadcast a message I make an | ||
3977 | inquiry scan and save all the devices' addresses to a vector. | ||
3978 | @item After the inquiry scan ends I take the first address from the list | ||
3979 | and I try to connect to it. If it fails, I try to connect to the next one. | ||
3980 | If it succeeds, I save the socket to a list and send the message to the | ||
3981 | device. | ||
3982 | @item When I have to broadcast another message, first I search on the list | ||
3983 | for a new device which I'm not connected to. If there is no new device on | ||
3984 | the list I go to the beginning of the list and send the message to the | ||
3985 | old devices. After 5 cycles I make a new inquiry scan to check out if | ||
3986 | there are new discoverable devices and save them to the list. If there | ||
3987 | are no new discoverable devices I reset the cycling counter and go again | ||
3988 | through the old list and send messages to the devices saved in it. | ||
3989 | @end itemize | ||
3990 | |||
3991 | @strong{Therefore}: | ||
3992 | |||
3993 | @itemize @bullet | ||
3994 | @item every time when I have a broadcast message I look up on the list | ||
3995 | for a new device and send the message to it | ||
3996 | @item if I reached the end of the list for 5 times and I'm connected to | ||
3997 | all the devices from the list I make a new inquiry scan. | ||
3998 | @emph{The number of the list's cycles after an inquiry scan could be | ||
3999 | increased by redefining the MAX_LOOPS variable} | ||
4000 | @item when there are no new devices I send messages to the old ones. | ||
4001 | @end itemize | ||
4002 | |||
4003 | Doing so, the broadcast control messages will reach the devices but with | ||
4004 | delay. | ||
4005 | |||
4006 | @emph{NOTICE:} When I have to send a message to a certain device first I | ||
4007 | check on the broadcast list to see if we are connected to that device. If | ||
4008 | not we try to connect to it and in case of success we save the address and | ||
4009 | the socket on the list. If we are already connected to that device we | ||
4010 | simply use the socket. | ||
4011 | |||
4012 | @node Windows functionality | ||
4013 | @subsubsection Windows functionality | ||
4014 | @c %**end of header | ||
4015 | |||
4016 | For Windows I decided to use the Microsoft Bluetooth stack which has the | ||
4017 | advantage of coming standard from Windows XP SP2. The main disadvantage is | ||
4018 | that it only supports the RFCOMM protocol so we will not be able to have | ||
4019 | a low level control over the Bluetooth device. Therefore it is the user | ||
4020 | responsability to check if the device is up and in the discoverable mode. | ||
4021 | Also there are no tools which could be used for debugging in order to read | ||
4022 | the data coming from and going to a Bluetooth device, which obviously | ||
4023 | hindered my work. Another thing that slowed down the implementation of the | ||
4024 | plugin (besides that I wasn't too accomodated with the win32 API) was that | ||
4025 | there were some bugs on MinGW regarding the Bluetooth. Now they are solved | ||
4026 | but you should keep in mind that you should have the latest updates | ||
4027 | (especially the @emph{ws2bth} header). | ||
4028 | |||
4029 | Besides the fact that it uses the Windows Sockets, the Windows | ||
4030 | implemenation follows the same principles as the Linux one: | ||
4031 | |||
4032 | @itemize @bullet | ||
4033 | @item It has a initalization part where it initializes the | ||
4034 | Windows Sockets, creates a RFCOMM socket which will be binded and switched | ||
4035 | to the listening mode and registers a SDP service. In the Microsoft | ||
4036 | Bluetooth API there are two ways to work with the SDP: | ||
4037 | @itemize @bullet | ||
4038 | @item an easy way which works with very simple service records | ||
4039 | @item a hard way which is useful when you need to update or to delete the | ||
4040 | record | ||
4041 | @end itemize | ||
4042 | @end itemize | ||
4043 | |||
4044 | Since I only needed the SDP service to find out on which port the device | ||
4045 | is listening on and that did not change, I decided to use the easy way. | ||
4046 | In order to register the service I used the @emph{WSASetService} function | ||
4047 | and I generated the @emph{Universally Unique Identifier} with the | ||
4048 | @emph{guidgen.exe} Windows's tool. | ||
4049 | |||
4050 | In the loop section the only difference from the Linux implementation is | ||
4051 | that I used the GNUNET_NETWORK library for functions like @emph{accept}, | ||
4052 | @emph{bind}, @emph{connect} or @emph{select}. I decided to use the | ||
4053 | GNUNET_NETWORK library because I also needed to interact with the STDIN | ||
4054 | and STDOUT handles and on Windows the select function is only defined for | ||
4055 | sockets, and it will not work for arbitrary file handles. | ||
4056 | |||
4057 | Another difference between Linux and Windows implementation is that in | ||
4058 | Linux, the Bluetooth address is represented in 48 bits while in Windows is | ||
4059 | represented in 64 bits. Therefore I had to do some changes on | ||
4060 | @emph{plugin_transport_wlan} header. | ||
4061 | |||
4062 | Also, currently on Windows the Bluetooth plugin doesn't have support for | ||
4063 | broadcast messages. When it receives a broadcast message it will skip it. | ||
4064 | |||
4065 | @node Pending features | ||
4066 | @subsubsection Pending features | ||
4067 | @c %**end of header | ||
4068 | |||
4069 | @itemize @bullet | ||
4070 | @item Implement the broadcast functionality on Windows @emph{(currently | ||
4071 | working on)} | ||
4072 | @item Implement a testcase for the helper :@ @emph{The testcase | ||
4073 | consists of a program which emaluates the plugin and uses the helper. It | ||
4074 | will simulate connections, disconnections and data transfers.} | ||
4075 | @end itemize | ||
4076 | |||
4077 | If you have a new idea about a feature of the plugin or suggestions about | ||
4078 | how I could improve the implementation you are welcome to comment or to | ||
4079 | contact me. | ||
4080 | |||
4081 | @node WLAN plugin | ||
4082 | @section WLAN plugin | ||
4083 | @c %**end of header | ||
4084 | |||
4085 | This section documents how the wlan transport plugin works. Parts which | ||
4086 | are not implemented yet or could be better implemented are described at | ||
4087 | the end. | ||
4088 | |||
4089 | @cindex ats subsystem | ||
4090 | @node The ATS Subsystem | ||
4091 | @section The ATS Subsystem | ||
4092 | @c %**end of header | ||
4093 | |||
4094 | ATS stands for "automatic transport selection", and the function of ATS in | ||
4095 | GNUnet is to decide on which address (and thus transport plugin) should | ||
4096 | be used for two peers to communicate, and what bandwidth limits should be | ||
4097 | imposed on such an individual connection. To help ATS make an informed | ||
4098 | decision, higher-level services inform the ATS service about their | ||
4099 | requirements and the quality of the service rendered. The ATS service | ||
4100 | also interacts with the transport service to be appraised of working | ||
4101 | addresses and to communicate its resource allocation decisions. Finally, | ||
4102 | the ATS service's operation can be observed using a monitoring API. | ||
4103 | |||
4104 | The main logic of the ATS service only collects the available addresses, | ||
4105 | their performance characteristics and the applications requirements, but | ||
4106 | does not make the actual allocation decision. This last critical step is | ||
4107 | left to an ATS plugin, as we have implemented (currently three) different | ||
4108 | allocation strategies which differ significantly in their performance and | ||
4109 | maturity, and it is still unclear if any particular plugin is generally | ||
4110 | superior. | ||
4111 | |||
4112 | @cindex core subsystem | ||
4113 | @cindex CORE subsystem | ||
4114 | @node GNUnet's CORE Subsystem | ||
4115 | @section GNUnet's CORE Subsystem | ||
4116 | @c %**end of header | ||
4117 | |||
4118 | The CORE subsystem in GNUnet is responsible for securing link-layer | ||
4119 | communications between nodes in the GNUnet overlay network. CORE builds | ||
4120 | on the TRANSPORT subsystem which provides for the actual, insecure, | ||
4121 | unreliable link-layer communication (for example, via UDP or WLAN), and | ||
4122 | then adds fundamental security to the connections: | ||
4123 | |||
4124 | @itemize @bullet | ||
4125 | @item confidentiality with so-called perfect forward secrecy; we use | ||
4126 | ECDHE@footnote{@uref{http://en.wikipedia.org/wiki/Elliptic_curve_ | ||
4127 | Diffie%E2%80%93Hellman, Elliptic-curve Diffie---Hellman}} | ||
4128 | powered by Curve25519 | ||
4129 | @footnote{@uref{http://cr.yp.to/ecdh.html, Curve25519}} for the key | ||
4130 | exchange and then use symmetric encryption, encrypting with both AES-256 | ||
4131 | @footnote{@uref{http://en.wikipedia.org/wiki/Rijndael, AES-256}} and | ||
4132 | Twofish @footnote{@uref{http://en.wikipedia.org/wiki/Twofish, Twofish}} | ||
4133 | @item @uref{http://en.wikipedia.org/wiki/Authentication, authentication} | ||
4134 | is achieved by signing the ephemeral keys using Ed25519 | ||
4135 | @footnote{@uref{http://ed25519.cr.yp.to/, Ed25519}}, a deterministic | ||
4136 | variant of ECDSA | ||
4137 | @footnote{@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}} | ||
4138 | @item integrity protection (using SHA-512 | ||
4139 | @footnote{@uref{http://en.wikipedia.org/wiki/SHA-2, SHA-512}} to do | ||
4140 | encrypt-then-MAC | ||
4141 | @footnote{@uref{http://en.wikipedia.org/wiki/Authenticated_encryption, | ||
4142 | encrypt-then-MAC}}) | ||
4143 | @item Replay | ||
4144 | @footnote{@uref{http://en.wikipedia.org/wiki/Replay_attack, replay}} | ||
4145 | protection (using nonces, timestamps, challenge-response, | ||
4146 | message counters and ephemeral keys) | ||
4147 | @item liveness (keep-alive messages, timeout) | ||
4148 | @end itemize | ||
4149 | |||
4150 | @menu | ||
4151 | * Limitations:: | ||
4152 | * When is a peer "connected"?:: | ||
4153 | * libgnunetcore:: | ||
4154 | * The CORE Client-Service Protocol:: | ||
4155 | * The CORE Peer-to-Peer Protocol:: | ||
4156 | @end menu | ||
4157 | |||
4158 | @cindex core subsystem limitations | ||
4159 | @node Limitations | ||
4160 | @subsection Limitations | ||
4161 | @c %**end of header | ||
4162 | |||
4163 | CORE does not perform | ||
4164 | @uref{http://en.wikipedia.org/wiki/Routing, routing}; using CORE it is | ||
4165 | only possible to communicate with peers that happen to already be | ||
4166 | "directly" connected with each other. CORE also does not have an | ||
4167 | API to allow applications to establish such "direct" connections --- for | ||
4168 | this, applications can ask TRANSPORT, but TRANSPORT might not be able to | ||
4169 | establish a "direct" connection. The TOPOLOGY subsystem is responsible for | ||
4170 | trying to keep a few "direct" connections open at all times. Applications | ||
4171 | that need to talk to particular peers should use the CADET subsystem, as | ||
4172 | it can establish arbitrary "indirect" connections. | ||
4173 | |||
4174 | Because CORE does not perform routing, CORE must only be used directly by | ||
4175 | applications that either perform their own routing logic (such as | ||
4176 | anonymous file-sharing) or that do not require routing, for example | ||
4177 | because they are based on flooding the network. CORE communication is | ||
4178 | unreliable and delivery is possibly out-of-order. Applications that | ||
4179 | require reliable communication should use the CADET service. Each | ||
4180 | application can only queue one message per target peer with the CORE | ||
4181 | service at any time; messages cannot be larger than approximately | ||
4182 | 63 kilobytes. If messages are small, CORE may group multiple messages | ||
4183 | (possibly from different applications) prior to encryption. If permitted | ||
4184 | by the application (using the @uref{http://baus.net/on-tcp_cork/, cork} | ||
4185 | option), CORE may delay transmissions to facilitate grouping of multiple | ||
4186 | small messages. If cork is not enabled, CORE will transmit the message as | ||
4187 | soon as TRANSPORT allows it (TRANSPORT is responsible for limiting | ||
4188 | bandwidth and congestion control). CORE does not allow flow control; | ||
4189 | applications are expected to process messages at line-speed. If flow | ||
4190 | control is needed, applications should use the CADET service. | ||
4191 | |||
4192 | @cindex when is a peer connected | ||
4193 | @node When is a peer "connected"? | ||
4194 | @subsection When is a peer "connected"? | ||
4195 | @c %**end of header | ||
4196 | |||
4197 | In addition to the security features mentioned above, CORE also provides | ||
4198 | one additional key feature to applications using it, and that is a | ||
4199 | limited form of protocol-compatibility checking. CORE distinguishes | ||
4200 | between TRANSPORT-level connections (which enable communication with other | ||
4201 | peers) and application-level connections. Applications using the CORE API | ||
4202 | will (typically) learn about application-level connections from CORE, and | ||
4203 | not about TRANSPORT-level connections. When a typical application uses | ||
4204 | CORE, it will specify a set of message types | ||
4205 | (from @code{gnunet_protocols.h}) that it understands. CORE will then | ||
4206 | notify the application about connections it has with other peers if and | ||
4207 | only if those applications registered an intersecting set of message | ||
4208 | types with their CORE service. Thus, it is quite possible that CORE only | ||
4209 | exposes a subset of the established direct connections to a particular | ||
4210 | application --- and different applications running above CORE might see | ||
4211 | different sets of connections at the same time. | ||
4212 | |||
4213 | A special case are applications that do not register a handler for any | ||
4214 | message type. | ||
4215 | CORE assumes that these applications merely want to monitor connections | ||
4216 | (or "all" messages via other callbacks) and will notify those applications | ||
4217 | about all connections. This is used, for example, by the | ||
4218 | @code{gnunet-core} command-line tool to display the active connections. | ||
4219 | Note that it is also possible that the TRANSPORT service has more active | ||
4220 | connections than the CORE service, as the CORE service first has to | ||
4221 | perform a key exchange with connecting peers before exchanging information | ||
4222 | about supported message types and notifying applications about the new | ||
4223 | connection. | ||
4224 | |||
4225 | @cindex libgnunetcore | ||
4226 | @node libgnunetcore | ||
4227 | @subsection libgnunetcore | ||
4228 | @c %**end of header | ||
4229 | |||
4230 | The CORE API (defined in @file{gnunet_core_service.h}) is the basic | ||
4231 | messaging API used by P2P applications built using GNUnet. It provides | ||
4232 | applications the ability to send and receive encrypted messages to the | ||
4233 | peer's "directly" connected neighbours. | ||
4234 | |||
4235 | As CORE connections are generally "direct" connections,@ applications must | ||
4236 | not assume that they can connect to arbitrary peers this way, as "direct" | ||
4237 | connections may not always be possible. Applications using CORE are | ||
4238 | notified about which peers are connected. Creating new "direct" | ||
4239 | connections must be done using the TRANSPORT API. | ||
4240 | |||
4241 | The CORE API provides unreliable, out-of-order delivery. While the | ||
4242 | implementation tries to ensure timely, in-order delivery, both message | ||
4243 | losses and reordering are not detected and must be tolerated by the | ||
4244 | application. Most important, the core will NOT perform retransmission if | ||
4245 | messages could not be delivered. | ||
4246 | |||
4247 | Note that CORE allows applications to queue one message per connected | ||
4248 | peer. The rate at which each connection operates is influenced by the | ||
4249 | preferences expressed by local application as well as restrictions | ||
4250 | imposed by the other peer. Local applications can express their | ||
4251 | preferences for particular connections using the "performance" API of the | ||
4252 | ATS service. | ||
4253 | |||
4254 | Applications that require more sophisticated transmission capabilities | ||
4255 | such as TCP-like behavior, or if you intend to send messages to arbitrary | ||
4256 | remote peers, should use the CADET API. | ||
4257 | |||
4258 | The typical use of the CORE API is to connect to the CORE service using | ||
4259 | @code{GNUNET_CORE_connect}, process events from the CORE service (such as | ||
4260 | peers connecting, peers disconnecting and incoming messages) and send | ||
4261 | messages to connected peers using | ||
4262 | @code{GNUNET_CORE_notify_transmit_ready}. Note that applications must | ||
4263 | cancel pending transmission requests if they receive a disconnect event | ||
4264 | for a peer that had a transmission pending; furthermore, queueing more | ||
4265 | than one transmission request per peer per application using the | ||
4266 | service is not permitted. | ||
4267 | |||
4268 | The CORE API also allows applications to monitor all communications of the | ||
4269 | peer prior to encryption (for outgoing messages) or after decryption (for | ||
4270 | incoming messages). This can be useful for debugging, diagnostics or to | ||
4271 | establish the presence of cover traffic (for anonymity). As monitoring | ||
4272 | applications are often not interested in the payload, the monitoring | ||
4273 | callbacks can be configured to only provide the message headers (including | ||
4274 | the message type and size) instead of copying the full data stream to the | ||
4275 | monitoring client. | ||
4276 | |||
4277 | The init callback of the @code{GNUNET_CORE_connect} function is called | ||
4278 | with the hash of the public key of the peer. This public key is used to | ||
4279 | identify the peer globally in the GNUnet network. Applications are | ||
4280 | encouraged to check that the provided hash matches the hash that they are | ||
4281 | using (as theoretically the application may be using a different | ||
4282 | configuration file with a different private key, which would result in | ||
4283 | hard to find bugs). | ||
4284 | |||
4285 | As with most service APIs, the CORE API isolates applications from crashes | ||
4286 | of the CORE service. If the CORE service crashes, the application will see | ||
4287 | disconnect events for all existing connections. Once the connections are | ||
4288 | re-established, the applications will be receive matching connect events. | ||
4289 | |||
4290 | @cindex core clinet-service protocol | ||
4291 | @node The CORE Client-Service Protocol | ||
4292 | @subsection The CORE Client-Service Protocol | ||
4293 | @c %**end of header | ||
4294 | |||
4295 | This section describes the protocol between an application using the CORE | ||
4296 | service (the client) and the CORE service process itself. | ||
4297 | |||
4298 | |||
4299 | @menu | ||
4300 | * Setup2:: | ||
4301 | * Notifications:: | ||
4302 | * Sending:: | ||
4303 | @end menu | ||
4304 | |||
4305 | @node Setup2 | ||
4306 | @subsubsection Setup2 | ||
4307 | @c %**end of header | ||
4308 | |||
4309 | When a client connects to the CORE service, it first sends a | ||
4310 | @code{InitMessage} which specifies options for the connection and a set of | ||
4311 | message type values which are supported by the application. The options | ||
4312 | bitmask specifies which events the client would like to be notified about. | ||
4313 | The options include: | ||
4314 | |||
4315 | @table @asis | ||
4316 | @item GNUNET_CORE_OPTION_NOTHING No notifications | ||
4317 | @item GNUNET_CORE_OPTION_STATUS_CHANGE Peers connecting and disconnecting | ||
4318 | @item GNUNET_CORE_OPTION_FULL_INBOUND All inbound messages (after | ||
4319 | decryption) with full payload | ||
4320 | @item GNUNET_CORE_OPTION_HDR_INBOUND Just the @code{MessageHeader} | ||
4321 | of all inbound messages | ||
4322 | @item GNUNET_CORE_OPTION_FULL_OUTBOUND All outbound | ||
4323 | messages (prior to encryption) with full payload | ||
4324 | @item GNUNET_CORE_OPTION_HDR_OUTBOUND Just the @code{MessageHeader} of all | ||
4325 | outbound messages | ||
4326 | @end table | ||
4327 | |||
4328 | Typical applications will only monitor for connection status changes. | ||
4329 | |||
4330 | The CORE service responds to the @code{InitMessage} with an | ||
4331 | @code{InitReplyMessage} which contains the peer's identity. Afterwards, | ||
4332 | both CORE and the client can send messages. | ||
4333 | |||
4334 | @node Notifications | ||
4335 | @subsubsection Notifications | ||
4336 | @c %**end of header | ||
4337 | |||
4338 | The CORE will send @code{ConnectNotifyMessage}s and | ||
4339 | @code{DisconnectNotifyMessage}s whenever peers connect or disconnect from | ||
4340 | the CORE (assuming their type maps overlap with the message types | ||
4341 | registered by the client). When the CORE receives a message that matches | ||
4342 | the set of message types specified during the @code{InitMessage} (or if | ||
4343 | monitoring is enabled in for inbound messages in the options), it sends a | ||
4344 | @code{NotifyTrafficMessage} with the peer identity of the sender and the | ||
4345 | decrypted payload. The same message format (except with | ||
4346 | @code{GNUNET_MESSAGE_TYPE_CORE_NOTIFY_OUTBOUND} for the message type) is | ||
4347 | used to notify clients monitoring outbound messages; here, the peer | ||
4348 | identity given is that of the receiver. | ||
4349 | |||
4350 | @node Sending | ||
4351 | @subsubsection Sending | ||
4352 | @c %**end of header | ||
4353 | |||
4354 | When a client wants to transmit a message, it first requests a | ||
4355 | transmission slot by sending a @code{SendMessageRequest} which specifies | ||
4356 | the priority, deadline and size of the message. Note that these values | ||
4357 | may be ignored by CORE. When CORE is ready for the message, it answers | ||
4358 | with a @code{SendMessageReady} response. The client can then transmit the | ||
4359 | payload with a @code{SendMessage} message. Note that the actual message | ||
4360 | size in the @code{SendMessage} is allowed to be smaller than the size in | ||
4361 | the original request. A client may at any time send a fresh | ||
4362 | @code{SendMessageRequest}, which then superceeds the previous | ||
4363 | @code{SendMessageRequest}, which is then no longer valid. The client can | ||
4364 | tell which @code{SendMessageRequest} the CORE service's | ||
4365 | @code{SendMessageReady} message is for as all of these messages contain a | ||
4366 | "unique" request ID (based on a counter incremented by the client | ||
4367 | for each request). | ||
4368 | |||
4369 | @node The CORE Peer-to-Peer Protocol | ||
4370 | @subsection The CORE Peer-to-Peer Protocol | ||
4371 | @c %**end of header | ||
4372 | |||
4373 | |||
4374 | @menu | ||
4375 | * Creating the EphemeralKeyMessage:: | ||
4376 | * Establishing a connection:: | ||
4377 | * Encryption and Decryption:: | ||
4378 | * Type maps:: | ||
4379 | @end menu | ||
4380 | |||
4381 | @cindex EphemeralKeyMessage creation | ||
4382 | @node Creating the EphemeralKeyMessage | ||
4383 | @subsubsection Creating the EphemeralKeyMessage | ||
4384 | @c %**end of header | ||
4385 | |||
4386 | When the CORE service starts, each peer creates a fresh ephemeral (ECC) | ||
4387 | public-private key pair and signs the corresponding | ||
4388 | @code{EphemeralKeyMessage} with its long-term key (which we usually call | ||
4389 | the peer's identity; the hash of the public long term key is what results | ||
4390 | in a @code{struct GNUNET_PeerIdentity} in all GNUnet APIs. The ephemeral | ||
4391 | key is ONLY used for an ECDHE@footnote{@uref{http://en.wikipedia.org/wiki/ | ||
4392 | Elliptic_curve_Diffie%E2%80%93Hellman, Elliptic-curve Diffie---Hellman}} | ||
4393 | exchange by the CORE service to establish symmetric session keys. A peer | ||
4394 | will use the same @code{EphemeralKeyMessage} for all peers for | ||
4395 | @code{REKEY_FREQUENCY}, which is usually 12 hours. After that time, it | ||
4396 | will create a fresh ephemeral key (forgetting the old one) and broadcast | ||
4397 | the new @code{EphemeralKeyMessage} to all connected peers, resulting in | ||
4398 | fresh symmetric session keys. Note that peers independently decide on | ||
4399 | when to discard ephemeral keys; it is not a protocol violation to discard | ||
4400 | keys more often. Ephemeral keys are also never stored to disk; restarting | ||
4401 | a peer will thus always create a fresh ephemeral key. The use of ephemeral | ||
4402 | keys is what provides @uref{http://en.wikipedia.org/wiki/Forward_secrecy, | ||
4403 | forward secrecy}. | ||
4404 | |||
4405 | Just before transmission, the @code{EphemeralKeyMessage} is patched to | ||
4406 | reflect the current sender_status, which specifies the current state of | ||
4407 | the connection from the point of view of the sender. The possible values | ||
4408 | are: | ||
4409 | |||
4410 | @itemize @bullet | ||
4411 | @item @code{KX_STATE_DOWN} Initial value, never used on the network | ||
4412 | @item @code{KX_STATE_KEY_SENT} We sent our ephemeral key, do not know the | ||
4413 | key of the other peer | ||
4414 | @item @code{KX_STATE_KEY_RECEIVED} This peer has received a valid | ||
4415 | ephemeral key of the other peer, but we are waiting for the other peer to | ||
4416 | confirm it's authenticity (ability to decode) via challenge-response. | ||
4417 | @item @code{KX_STATE_UP} The connection is fully up from the point of | ||
4418 | view of the sender (now performing keep-alives) | ||
4419 | @item @code{KX_STATE_REKEY_SENT} The sender has initiated a rekeying | ||
4420 | operation; the other peer has so far failed to confirm a working | ||
4421 | connection using the new ephemeral key | ||
4422 | @end itemize | ||
4423 | |||
4424 | @node Establishing a connection | ||
4425 | @subsubsection Establishing a connection | ||
4426 | @c %**end of header | ||
4427 | |||
4428 | Peers begin their interaction by sending a @code{EphemeralKeyMessage} to | ||
4429 | the other peer once the TRANSPORT service notifies the CORE service about | ||
4430 | the connection. | ||
4431 | A peer receiving an @code{EphemeralKeyMessage} with a status | ||
4432 | indicating that the sender does not have the receiver's ephemeral key, the | ||
4433 | receiver's @code{EphemeralKeyMessage} is sent in response. | ||
4434 | Additionally, if the receiver has not yet confirmed the authenticity of | ||
4435 | the sender, it also sends an (encrypted)@code{PingMessage} with a | ||
4436 | challenge (and the identity of the target) to the other peer. Peers | ||
4437 | receiving a @code{PingMessage} respond with an (encrypted) | ||
4438 | @code{PongMessage} which includes the challenge. Peers receiving a | ||
4439 | @code{PongMessage} check the challenge, and if it matches set the | ||
4440 | connection to @code{KX_STATE_UP}. | ||
4441 | |||
4442 | @node Encryption and Decryption | ||
4443 | @subsubsection Encryption and Decryption | ||
4444 | @c %**end of header | ||
4445 | |||
4446 | All functions related to the key exchange and encryption/decryption of | ||
4447 | messages can be found in @file{gnunet-service-core_kx.c} (except for the | ||
4448 | cryptographic primitives, which are in @file{util/crypto*.c}). | ||
4449 | Given the key material from ECDHE, a Key derivation function | ||
4450 | @footnote{@uref{https://en.wikipedia.org/wiki/Key_derivation_function, Key | ||
4451 | derivation function}} is used to derive two pairs of encryption and | ||
4452 | decryption keys for AES-256 and TwoFish, as well as initialization vectors | ||
4453 | and authentication keys (for HMAC@footnote{@uref{https://en.wikipedia.org/ | ||
4454 | wiki/HMAC, HMAC}}). The HMAC is computed over the encrypted payload. | ||
4455 | Encrypted messages include an iv_seed and the HMAC in the header. | ||
4456 | |||
4457 | Each encrypted message in the CORE service includes a sequence number and | ||
4458 | a timestamp in the encrypted payload. The CORE service remembers the | ||
4459 | largest observed sequence number and a bit-mask which represents which of | ||
4460 | the previous 32 sequence numbers were already used. | ||
4461 | Messages with sequence numbers lower than the largest observed sequence | ||
4462 | number minus 32 are discarded. Messages with a timestamp that is less | ||
4463 | than @code{REKEY_TOLERANCE} off (5 minutes) are also discarded. This of | ||
4464 | course means that system clocks need to be reasonably synchronized for | ||
4465 | peers to be able to communicate. Additionally, as the ephemeral key | ||
4466 | changes every 12 hours, a peer would not even be able to decrypt messages | ||
4467 | older than 12 hours. | ||
4468 | |||
4469 | @node Type maps | ||
4470 | @subsubsection Type maps | ||
4471 | @c %**end of header | ||
4472 | |||
4473 | Once an encrypted connection has been established, peers begin to exchange | ||
4474 | type maps. Type maps are used to allow the CORE service to determine which | ||
4475 | (encrypted) connections should be shown to which applications. A type map | ||
4476 | is an array of 65536 bits representing the different types of messages | ||
4477 | understood by applications using the CORE service. Each CORE service | ||
4478 | maintains this map, simply by setting the respective bit for each message | ||
4479 | type supported by any of the applications using the CORE service. Note | ||
4480 | that bits for message types embedded in higher-level protocols (such as | ||
4481 | MESH) will not be included in these type maps. | ||
4482 | |||
4483 | Typically, the type map of a peer will be sparse. Thus, the CORE service | ||
4484 | attempts to compress its type map using @code{gzip}-style compression | ||
4485 | ("deflate") prior to transmission. However, if the compression fails to | ||
4486 | compact the map, the map may also be transmitted without compression | ||
4487 | (resulting in @code{GNUNET_MESSAGE_TYPE_CORE_COMPRESSED_TYPE_MAP} or | ||
4488 | @code{GNUNET_MESSAGE_TYPE_CORE_BINARY_TYPE_MAP} messages respectively). | ||
4489 | Upon receiving a type map, the respective CORE service notifies | ||
4490 | applications about the connection to the other peer if they support any | ||
4491 | message type indicated in the type map (or no message type at all). | ||
4492 | If the CORE service experience a connect or disconnect event from an | ||
4493 | application, it updates its type map (setting or unsetting the respective | ||
4494 | bits) and notifies its neighbours about the change. | ||
4495 | The CORE services of the neighbours then in turn generate connect and | ||
4496 | disconnect events for the peer that sent the type map for their respective | ||
4497 | applications. As CORE messages may be lost, the CORE service confirms | ||
4498 | receiving a type map by sending back a | ||
4499 | @code{GNUNET_MESSAGE_TYPE_CORE_CONFIRM_TYPE_MAP}. If such a confirmation | ||
4500 | (with the correct hash of the type map) is not received, the sender will | ||
4501 | retransmit the type map (with exponential back-off). | ||
4502 | |||
4503 | @cindex cadet subsystem | ||
4504 | @cindex CADET | ||
4505 | @node GNUnet's CADET subsystem | ||
4506 | @section GNUnet's CADET subsystem | ||
4507 | |||
4508 | The CADET subsystem in GNUnet is responsible for secure end-to-end | ||
4509 | communications between nodes in the GNUnet overlay network. CADET builds | ||
4510 | on the CORE subsystem which provides for the link-layer communication and | ||
4511 | then adds routing, forwarding and additional security to the connections. | ||
4512 | CADET offers the same cryptographic services as CORE, but on an | ||
4513 | end-to-end level. This is done so peers retransmitting traffic on behalf | ||
4514 | of other peers cannot access the payload data. | ||
4515 | |||
4516 | @itemize @bullet | ||
4517 | @item CADET provides confidentiality with so-called perfect forward | ||
4518 | secrecy; we use ECDHE powered by Curve25519 for the key exchange and then | ||
4519 | use symmetric encryption, encrypting with both AES-256 and Twofish | ||
4520 | @item authentication is achieved by signing the ephemeral keys using | ||
4521 | Ed25519, a deterministic variant of ECDSA | ||
4522 | @item integrity protection (using SHA-512 to do encrypt-then-MAC, although | ||
4523 | only 256 bits are sent to reduce overhead) | ||
4524 | @item replay protection (using nonces, timestamps, challenge-response, | ||
4525 | message counters and ephemeral keys) | ||
4526 | @item liveness (keep-alive messages, timeout) | ||
4527 | @end itemize | ||
4528 | |||
4529 | Additional to the CORE-like security benefits, CADET offers other | ||
4530 | properties that make it a more universal service than CORE. | ||
4531 | |||
4532 | @itemize @bullet | ||
4533 | @item CADET can establish channels to arbitrary peers in GNUnet. If a | ||
4534 | peer is not immediately reachable, CADET will find a path through the | ||
4535 | network and ask other peers to retransmit the traffic on its behalf. | ||
4536 | @item CADET offers (optional) reliability mechanisms. In a reliable | ||
4537 | channel traffic is guaranteed to arrive complete, unchanged and in-order. | ||
4538 | @item CADET takes care of flow and congestion control mechanisms, not | ||
4539 | allowing the sender to send more traffic than the receiver or the network | ||
4540 | are able to process. | ||
4541 | @end itemize | ||
4542 | |||
4543 | @menu | ||
4544 | * libgnunetcadet:: | ||
4545 | @end menu | ||
4546 | |||
4547 | @cindex libgnunetcadet | ||
4548 | @node libgnunetcadet | ||
4549 | @subsection libgnunetcadet | ||
4550 | |||
4551 | |||
4552 | The CADET API (defined in @file{gnunet_cadet_service.h}) is the | ||
4553 | messaging API used by P2P applications built using GNUnet. | ||
4554 | It provides applications the ability to send and receive encrypted | ||
4555 | messages to any peer participating in GNUnet. | ||
4556 | The API is heavily base on the CORE API. | ||
4557 | |||
4558 | CADET delivers messages to other peers in "channels". | ||
4559 | A channel is a permanent connection defined by a destination peer | ||
4560 | (identified by its public key) and a port number. | ||
4561 | Internally, CADET tunnels all channels towards a destiantion peer | ||
4562 | using one session key and relays the data on multiple "connections", | ||
4563 | independent from the channels. | ||
4564 | |||
4565 | Each channel has optional paramenters, the most important being the | ||
4566 | reliability flag. | ||
4567 | Should a message get lost on TRANSPORT/CORE level, if a channel is | ||
4568 | created with as reliable, CADET will retransmit the lost message and | ||
4569 | deliver it in order to the destination application. | ||
4570 | |||
4571 | To communicate with other peers using CADET, it is necessary to first | ||
4572 | connect to the service using @code{GNUNET_CADET_connect}. | ||
4573 | This function takes several parameters in form of callbacks, to allow the | ||
4574 | client to react to various events, like incoming channels or channels that | ||
4575 | terminate, as well as specify a list of ports the client wishes to listen | ||
4576 | to (at the moment it is not possible to start listening on further ports | ||
4577 | once connected, but nothing prevents a client to connect several times to | ||
4578 | CADET, even do one connection per listening port). | ||
4579 | The function returns a handle which has to be used for any further | ||
4580 | interaction with the service. | ||
4581 | |||
4582 | To connect to a remote peer a client has to call the | ||
4583 | @code{GNUNET_CADET_channel_create} function. The most important parameters | ||
4584 | given are the remote peer's identity (it public key) and a port, which | ||
4585 | specifies which application on the remote peer to connect to, similar to | ||
4586 | TCP/UDP ports. CADET will then find the peer in the GNUnet network and | ||
4587 | establish the proper low-level connections and do the necessary key | ||
4588 | exchanges to assure and authenticated, secure and verified communication. | ||
4589 | Similar to @code{GNUNET_CADET_connect},@code{GNUNET_CADET_create_channel} | ||
4590 | returns a handle to interact with the created channel. | ||
4591 | |||
4592 | For every message the client wants to send to the remote application, | ||
4593 | @code{GNUNET_CADET_notify_transmit_ready} must be called, indicating the | ||
4594 | channel on which the message should be sent and the size of the message | ||
4595 | (but not the message itself!). Once CADET is ready to send the message, | ||
4596 | the provided callback will fire, and the message contents are provided to | ||
4597 | this callback. | ||
4598 | |||
4599 | Please note the CADET does not provide an explicit notification of when a | ||
4600 | channel is connected. In loosely connected networks, like big wireless | ||
4601 | mesh networks, this can take several seconds, even minutes in the worst | ||
4602 | case. To be alerted when a channel is online, a client can call | ||
4603 | @code{GNUNET_CADET_notify_transmit_ready} immediately after | ||
4604 | @code{GNUNET_CADET_create_channel}. When the callback is activated, it | ||
4605 | means that the channel is online. The callback can give 0 bytes to CADET | ||
4606 | if no message is to be sent, this is ok. | ||
4607 | |||
4608 | If a transmission was requested but before the callback fires it is no | ||
4609 | longer needed, it can be cancelled with | ||
4610 | @code{GNUNET_CADET_notify_transmit_ready_cancel}, which uses the handle | ||
4611 | given back by @code{GNUNET_CADET_notify_transmit_ready}. | ||
4612 | As in the case of CORE, only one message can be requested at a time: a | ||
4613 | client must not call @code{GNUNET_CADET_notify_transmit_ready} again until | ||
4614 | the callback is called or the request is cancelled. | ||
4615 | |||
4616 | When a channel is no longer needed, a client can call | ||
4617 | @code{GNUNET_CADET_channel_destroy} to get rid of it. | ||
4618 | Note that CADET will try to transmit all pending traffic before notifying | ||
4619 | the remote peer of the destruction of the channel, including | ||
4620 | retransmitting lost messages if the channel was reliable. | ||
4621 | |||
4622 | Incoming channels, channels being closed by the remote peer, and traffic | ||
4623 | on any incoming or outgoing channels are given to the client when CADET | ||
4624 | executes the callbacks given to it at the time of | ||
4625 | @code{GNUNET_CADET_connect}. | ||
4626 | |||
4627 | Finally, when an application no longer wants to use CADET, it should call | ||
4628 | @code{GNUNET_CADET_disconnect}, but first all channels and pending | ||
4629 | transmissions must be closed (otherwise CADET will complain). | ||
4630 | |||
4631 | @cindex nse subsystem | ||
4632 | @cindex NSE | ||
4633 | @node GNUnet's NSE subsystem | ||
4634 | @section GNUnet's NSE subsystem | ||
4635 | |||
4636 | |||
4637 | NSE stands for @dfn{Network Size Estimation}. The NSE subsystem provides | ||
4638 | other subsystems and users with a rough estimate of the number of peers | ||
4639 | currently participating in the GNUnet overlay. | ||
4640 | The computed value is not a precise number as producing a precise number | ||
4641 | in a decentralized, efficient and secure way is impossible. | ||
4642 | While NSE's estimate is inherently imprecise, NSE also gives the expected | ||
4643 | range. For a peer that has been running in a stable network for a | ||
4644 | while, the real network size will typically (99.7% of the time) be in the | ||
4645 | range of [2/3 estimate, 3/2 estimate]. We will now give an overview of the | ||
4646 | algorithm used to calculate the estimate; | ||
4647 | all of the details can be found in this technical report. | ||
4648 | |||
4649 | @c FIXME: link to the report. | ||
4650 | |||
4651 | @menu | ||
4652 | * Motivation:: | ||
4653 | * Principle:: | ||
4654 | * libgnunetnse:: | ||
4655 | * The NSE Client-Service Protocol:: | ||
4656 | * The NSE Peer-to-Peer Protocol:: | ||
4657 | @end menu | ||
4658 | |||
4659 | @node Motivation | ||
4660 | @subsection Motivation | ||
4661 | |||
4662 | |||
4663 | Some subsytems, like DHT, need to know the size of the GNUnet network to | ||
4664 | optimize some parameters of their own protocol. The decentralized nature | ||
4665 | of GNUnet makes efficient and securely counting the exact number of peers | ||
4666 | infeasable. Although there are several decentralized algorithms to count | ||
4667 | the number of peers in a system, so far there is none to do so securely. | ||
4668 | Other protocols may allow any malicious peer to manipulate the final | ||
4669 | result or to take advantage of the system to perform | ||
4670 | @dfn{Denial of Service} (DoS) attacks against the network. | ||
4671 | GNUnet's NSE protocol avoids these drawbacks. | ||
4672 | |||
4673 | |||
4674 | |||
4675 | @menu | ||
4676 | * Security:: | ||
4677 | @end menu | ||
4678 | |||
4679 | @cindex NSE security | ||
4680 | @cindex nse security | ||
4681 | @node Security | ||
4682 | @subsubsection Security | ||
4683 | |||
4684 | |||
4685 | The NSE subsystem is designed to be resilient against these attacks. | ||
4686 | It uses @uref{http://en.wikipedia.org/wiki/Proof-of-work_system, proofs | ||
4687 | of work} to prevent one peer from impersonating a large number of | ||
4688 | participants, which would otherwise allow an adversary to artifically | ||
4689 | inflate the estimate. | ||
4690 | The DoS protection comes from the time-based nature of the protocol: | ||
4691 | the estimates are calculated periodically and out-of-time traffic is | ||
4692 | either ignored or stored for later retransmission by benign peers. | ||
4693 | In particular, peers cannot trigger global network communication at will. | ||
4694 | |||
4695 | @cindex NSE principle | ||
4696 | @cindex nse principle | ||
4697 | @node Principle | ||
4698 | @subsection Principle | ||
4699 | |||
4700 | |||
4701 | The algorithm calculates the estimate by finding the globally closest | ||
4702 | peer ID to a random, time-based value. | ||
4703 | |||
4704 | The idea is that the closer the ID is to the random value, the more | ||
4705 | "densely packed" the ID space is, and therefore, more peers are in the | ||
4706 | network. | ||
4707 | |||
4708 | |||
4709 | |||
4710 | @menu | ||
4711 | * Example:: | ||
4712 | * Algorithm:: | ||
4713 | * Target value:: | ||
4714 | * Timing:: | ||
4715 | * Controlled Flooding:: | ||
4716 | * Calculating the estimate:: | ||
4717 | @end menu | ||
4718 | |||
4719 | @node Example | ||
4720 | @subsubsection Example | ||
4721 | |||
4722 | |||
4723 | Suppose all peers have IDs between 0 and 100 (our ID space), and the | ||
4724 | random value is 42. | ||
4725 | If the closest peer has the ID 70 we can imagine that the average | ||
4726 | "distance" between peers is around 30 and therefore the are around 3 | ||
4727 | peers in the whole ID space. On the other hand, if the closest peer has | ||
4728 | the ID 44, we can imagine that the space is rather packed with peers, | ||
4729 | maybe as much as 50 of them. | ||
4730 | Naturally, we could have been rather unlucky, and there is only one peer | ||
4731 | and happens to have the ID 44. Thus, the current estimate is calculated | ||
4732 | as the average over multiple rounds, and not just a single sample. | ||
4733 | |||
4734 | @node Algorithm | ||
4735 | @subsubsection Algorithm | ||
4736 | |||
4737 | |||
4738 | Given that example, one can imagine that the job of the subsystem is to | ||
4739 | efficiently communicate the ID of the closest peer to the target value | ||
4740 | to all the other peers, who will calculate the estimate from it. | ||
4741 | |||
4742 | @node Target value | ||
4743 | @subsubsection Target value | ||
4744 | |||
4745 | @c %**end of header | ||
4746 | |||
4747 | The target value itself is generated by hashing the current time, rounded | ||
4748 | down to an agreed value. If the rounding amount is 1h (default) and the | ||
4749 | time is 12:34:56, the time to hash would be 12:00:00. The process is | ||
4750 | repeated each rouning amount (in this example would be every hour). | ||
4751 | Every repetition is called a round. | ||
4752 | |||
4753 | @node Timing | ||
4754 | @subsubsection Timing | ||
4755 | @c %**end of header | ||
4756 | |||
4757 | The NSE subsystem has some timing control to avoid everybody broadcasting | ||
4758 | its ID all at one. Once each peer has the target random value, it | ||
4759 | compares its own ID to the target and calculates the hypothetical size of | ||
4760 | the network if that peer were to be the closest. | ||
4761 | Then it compares the hypothetical size with the estimate from the previous | ||
4762 | rounds. For each value there is an assiciated point in the period, | ||
4763 | let's call it "broadcast time". If its own hypothetical estimate | ||
4764 | is the same as the previous global estimate, its "broadcast time" will be | ||
4765 | in the middle of the round. If its bigger it will be earlier and if its | ||
4766 | smaller (the most likely case) it will be later. This ensures that the | ||
4767 | peers closests to the target value start broadcasting their ID the first. | ||
4768 | |||
4769 | @node Controlled Flooding | ||
4770 | @subsubsection Controlled Flooding | ||
4771 | |||
4772 | @c %**end of header | ||
4773 | |||
4774 | When a peer receives a value, first it verifies that it is closer than the | ||
4775 | closest value it had so far, otherwise it answers the incoming message | ||
4776 | with a message containing the better value. Then it checks a proof of | ||
4777 | work that must be included in the incoming message, to ensure that the | ||
4778 | other peer's ID is not made up (otherwise a malicious peer could claim to | ||
4779 | have an ID of exactly the target value every round). Once validated, it | ||
4780 | compares the brodcast time of the received value with the current time | ||
4781 | and if it's not too early, sends the received value to its neighbors. | ||
4782 | Otherwise it stores the value until the correct broadcast time comes. | ||
4783 | This prevents unnecessary traffic of sub-optimal values, since a better | ||
4784 | value can come before the broadcast time, rendering the previous one | ||
4785 | obsolete and saving the traffic that would have been used to broadcast it | ||
4786 | to the neighbors. | ||
4787 | |||
4788 | @node Calculating the estimate | ||
4789 | @subsubsection Calculating the estimate | ||
4790 | |||
4791 | @c %**end of header | ||
4792 | |||
4793 | Once the closest ID has been spread across the network each peer gets the | ||
4794 | exact distance betweed this ID and the target value of the round and | ||
4795 | calculates the estimate with a mathematical formula described in the tech | ||
4796 | report. The estimate generated with this method for a single round is not | ||
4797 | very precise. Remember the case of the example, where the only peer is the | ||
4798 | ID 44 and we happen to generate the target value 42, thinking there are | ||
4799 | 50 peers in the network. Therefore, the NSE subsystem remembers the last | ||
4800 | 64 estimates and calculates an average over them, giving a result of which | ||
4801 | usually has one bit of uncertainty (the real size could be half of the | ||
4802 | estimate or twice as much). Note that the actual network size is | ||
4803 | calculated in powers of two of the raw input, thus one bit of uncertainty | ||
4804 | means a factor of two in the size estimate. | ||
4805 | |||
4806 | @cindex libgnunetnse | ||
4807 | @node libgnunetnse | ||
4808 | @subsection libgnunetnse | ||
4809 | |||
4810 | @c %**end of header | ||
4811 | |||
4812 | The NSE subsystem has the simplest API of all services, with only two | ||
4813 | calls: @code{GNUNET_NSE_connect} and @code{GNUNET_NSE_disconnect}. | ||
4814 | |||
4815 | The connect call gets a callback function as a parameter and this function | ||
4816 | is called each time the network agrees on an estimate. This usually is | ||
4817 | once per round, with some exceptions: if the closest peer has a late | ||
4818 | local clock and starts spreading his ID after everyone else agreed on a | ||
4819 | value, the callback might be activated twice in a round, the second value | ||
4820 | being always bigger than the first. The default round time is set to | ||
4821 | 1 hour. | ||
4822 | |||
4823 | The disconnect call disconnects from the NSE subsystem and the callback | ||
4824 | is no longer called with new estimates. | ||
4825 | |||
4826 | |||
4827 | |||
4828 | @menu | ||
4829 | * Results:: | ||
4830 | * Examples2:: | ||
4831 | @end menu | ||
4832 | |||
4833 | @node Results | ||
4834 | @subsubsection Results | ||
4835 | |||
4836 | @c %**end of header | ||
4837 | |||
4838 | The callback provides two values: the average and the | ||
4839 | @uref{http://en.wikipedia.org/wiki/Standard_deviation, standard deviation} | ||
4840 | of the last 64 rounds. The values provided by the callback function are | ||
4841 | logarithmic, this means that the real estimate numbers can be obtained by | ||
4842 | calculating 2 to the power of the given value (2average). From a | ||
4843 | statistics point of view this means that: | ||
4844 | |||
4845 | @itemize @bullet | ||
4846 | @item 68% of the time the real size is included in the interval | ||
4847 | [(2average-stddev), 2] | ||
4848 | @item 95% of the time the real size is included in the interval | ||
4849 | [(2average-2*stddev, 2^average+2*stddev] | ||
4850 | @item 99.7% of the time the real size is included in the interval | ||
4851 | [(2average-3*stddev, 2average+3*stddev] | ||
4852 | @end itemize | ||
4853 | |||
4854 | The expected standard variation for 64 rounds in a network of stable size | ||
4855 | is 0.2. Thus, we can say that normally: | ||
4856 | |||
4857 | @itemize @bullet | ||
4858 | @item 68% of the time the real size is in the range [-13%, +15%] | ||
4859 | @item 95% of the time the real size is in the range [-24%, +32%] | ||
4860 | @item 99.7% of the time the real size is in the range [-34%, +52%] | ||
4861 | @end itemize | ||
4862 | |||
4863 | As said in the introduction, we can be quite sure that usually the real | ||
4864 | size is between one third and three times the estimate. This can of | ||
4865 | course vary with network conditions. | ||
4866 | Thus, applications may want to also consider the provided standard | ||
4867 | deviation value, not only the average (in particular, if the standard | ||
4868 | veriation is very high, the average maybe meaningless: the network size is | ||
4869 | changing rapidly). | ||
4870 | |||
4871 | @node Examples2 | ||
4872 | @subsubsection Examples2 | ||
4873 | |||
4874 | @c %**end of header | ||
4875 | |||
4876 | Let's close with a couple examples. | ||
4877 | |||
4878 | @table @asis | ||
4879 | |||
4880 | @item Average: 10, std dev: 1 Here the estimate would be | ||
4881 | 2^10 = 1024 peers. @footnote{The range in which we can be 95% sure is: | ||
4882 | [2^8, 2^12] = [256, 4096]. We can be very (>99.7%) sure that the network | ||
4883 | is not a hundred peers and absolutely sure that it is not a million peers, | ||
4884 | but somewhere around a thousand.} | ||
4885 | |||
4886 | @item Average 22, std dev: 0.2 Here the estimate would be | ||
4887 | 2^22 = 4 Million peers. @footnote{The range in which we can be 99.7% sure | ||
4888 | is: [2^21.4, 2^22.6] = [2.8M, 6.3M]. We can be sure that the network size | ||
4889 | is around four million, with absolutely way of it being 1 million.} | ||
4890 | |||
4891 | @end table | ||
4892 | |||
4893 | To put this in perspective, if someone remembers the LHC Higgs boson | ||
4894 | results, were announced with "5 sigma" and "6 sigma" certainties. In this | ||
4895 | case a 5 sigma minimum would be 2 million and a 6 sigma minimum, | ||
4896 | 1.8 million. | ||
4897 | |||
4898 | @node The NSE Client-Service Protocol | ||
4899 | @subsection The NSE Client-Service Protocol | ||
4900 | |||
4901 | @c %**end of header | ||
4902 | |||
4903 | As with the API, the client-service protocol is very simple, only has 2 | ||
4904 | different messages, defined in @code{src/nse/nse.h}: | ||
4905 | |||
4906 | @itemize @bullet | ||
4907 | @item @code{GNUNET_MESSAGE_TYPE_NSE_START}@ This message has no parameters | ||
4908 | and is sent from the client to the service upon connection. | ||
4909 | @item @code{GNUNET_MESSAGE_TYPE_NSE_ESTIMATE}@ This message is sent from | ||
4910 | the service to the client for every new estimate and upon connection. | ||
4911 | Contains a timestamp for the estimate, the average and the standard | ||
4912 | deviation for the respective round. | ||
4913 | @end itemize | ||
4914 | |||
4915 | When the @code{GNUNET_NSE_disconnect} API call is executed, the client | ||
4916 | simply disconnects from the service, with no message involved. | ||
4917 | |||
4918 | @node The NSE Peer-to-Peer Protocol | ||
4919 | @subsection The NSE Peer-to-Peer Protocol | ||
4920 | |||
4921 | @c %**end of header | ||
4922 | |||
4923 | The NSE subsystem only has one message in the P2P protocol, the | ||
4924 | @code{GNUNET_MESSAGE_TYPE_NSE_P2P_FLOOD} message. | ||
4925 | |||
4926 | This message key contents are the timestamp to identify the round | ||
4927 | (differences in system clocks may cause some peers to send messages way | ||
4928 | too early or way too late, so the timestamp allows other peers to | ||
4929 | identify such messages easily), the | ||
4930 | @uref{http://en.wikipedia.org/wiki/Proof-of-work_system, proof of work} | ||
4931 | used to make it difficult to mount a | ||
4932 | @uref{http://en.wikipedia.org/wiki/Sybil_attack, Sybil attack}, and the | ||
4933 | public key, which is used to verify the signature on the message. | ||
4934 | |||
4935 | Every peer stores a message for the previous, current and next round. The | ||
4936 | messages for the previous and current round are given to peers that | ||
4937 | connect to us. The message for the next round is simply stored until our | ||
4938 | system clock advances to the next round. The message for the current round | ||
4939 | is what we are flooding the network with right now. | ||
4940 | At the beginning of each round the peer does the following: | ||
4941 | |||
4942 | @itemize @bullet | ||
4943 | @item calculates his own distance to the target value | ||
4944 | @item creates, signs and stores the message for the current round (unless | ||
4945 | it has a better message in the "next round" slot which came early in the | ||
4946 | previous round) | ||
4947 | @item calculates, based on the stored round message (own or received) when | ||
4948 | to stard flooding it to its neighbors | ||
4949 | @end itemize | ||
4950 | |||
4951 | Upon receiving a message the peer checks the validity of the message | ||
4952 | (round, proof of work, signature). The next action depends on the | ||
4953 | contents of the incoming message: | ||
4954 | |||
4955 | @itemize @bullet | ||
4956 | @item if the message is worse than the current stored message, the peer | ||
4957 | sends the current message back immediately, to stop the other peer from | ||
4958 | spreading suboptimal results | ||
4959 | @item if the message is better than the current stored message, the peer | ||
4960 | stores the new message and calculates the new target time to start | ||
4961 | spreading it to its neighbors (excluding the one the message came from) | ||
4962 | @item if the message is for the previous round, it is compared to the | ||
4963 | message stored in the "previous round slot", which may then be updated | ||
4964 | @item if the message is for the next round, it is compared to the message | ||
4965 | stored in the "next round slot", which again may then be updated | ||
4966 | @end itemize | ||
4967 | |||
4968 | Finally, when it comes to send the stored message for the current round to | ||
4969 | the neighbors there is a random delay added for each neighbor, to avoid | ||
4970 | traffic spikes and minimize cross-messages. | ||
4971 | |||
4972 | @cindex HOSTLIST subsystem | ||
4973 | @cindex hostlist subsystem | ||
4974 | @node GNUnet's HOSTLIST subsystem | ||
4975 | @section GNUnet's HOSTLIST subsystem | ||
4976 | |||
4977 | @c %**end of header | ||
4978 | |||
4979 | Peers in the GNUnet overlay network need address information so that they | ||
4980 | can connect with other peers. GNUnet uses so called HELLO messages to | ||
4981 | store and exchange peer addresses. | ||
4982 | GNUnet provides several methods for peers to obtain this information: | ||
4983 | |||
4984 | @itemize @bullet | ||
4985 | @item out-of-band exchange of HELLO messages (manually, using for example | ||
4986 | gnunet-peerinfo) | ||
4987 | @item HELLO messages shipped with GNUnet (automatic with distribution) | ||
4988 | @item UDP neighbor discovery in LAN (IPv4 broadcast, IPv6 multicast) | ||
4989 | @item topology gossiping (learning from other peers we already connected | ||
4990 | to), and | ||
4991 | @item the HOSTLIST daemon covered in this section, which is particularly | ||
4992 | relevant for bootstrapping new peers. | ||
4993 | @end itemize | ||
4994 | |||
4995 | New peers have no existing connections (and thus cannot learn from gossip | ||
4996 | among peers), may not have other peers in their LAN and might be started | ||
4997 | with an outdated set of HELLO messages from the distribution. | ||
4998 | In this case, getting new peers to connect to the network requires either | ||
4999 | manual effort or the use of a HOSTLIST to obtain HELLOs. | ||
5000 | |||
5001 | @menu | ||
5002 | * HELLOs:: | ||
5003 | * Overview for the HOSTLIST subsystem:: | ||
5004 | * Interacting with the HOSTLIST daemon:: | ||
5005 | * Hostlist security address validation:: | ||
5006 | * The HOSTLIST daemon:: | ||
5007 | * The HOSTLIST server:: | ||
5008 | * The HOSTLIST client:: | ||
5009 | * Usage:: | ||
5010 | @end menu | ||
5011 | |||
5012 | @node HELLOs | ||
5013 | @subsection HELLOs | ||
5014 | |||
5015 | @c %**end of header | ||
5016 | |||
5017 | The basic information peers require to connect to other peers are | ||
5018 | contained in so called HELLO messages you can think of as a business card. | ||
5019 | Besides the identity of the peer (based on the cryptographic public key) a | ||
5020 | HELLO message may contain address information that specifies ways to | ||
5021 | contact a peer. By obtaining HELLO messages, a peer can learn how to | ||
5022 | contact other peers. | ||
5023 | |||
5024 | @node Overview for the HOSTLIST subsystem | ||
5025 | @subsection Overview for the HOSTLIST subsystem | ||
5026 | |||
5027 | @c %**end of header | ||
5028 | |||
5029 | The HOSTLIST subsystem provides a way to distribute and obtain contact | ||
5030 | information to connect to other peers using a simple HTTP GET request. | ||
5031 | It's implementation is split in three parts, the main file for the daemon | ||
5032 | itself (@file{gnunet-daemon-hostlist.c}), the HTTP client used to download | ||
5033 | peer information (@file{hostlist-client.c}) and the server component used | ||
5034 | to provide this information to other peers (@file{hostlist-server.c}). | ||
5035 | The server is basically a small HTTP web server (based on GNU | ||
5036 | libmicrohttpd) which provides a list of HELLOs known to the local peer for | ||
5037 | download. The client component is basically a HTTP client | ||
5038 | (based on libcurl) which can download hostlists from one or more websites. | ||
5039 | The hostlist format is a binary blob containing a sequence of HELLO | ||
5040 | messages. Note that any HTTP server can theoretically serve a hostlist, | ||
5041 | the build-in hostlist server makes it simply convenient to offer this | ||
5042 | service. | ||
5043 | |||
5044 | |||
5045 | @menu | ||
5046 | * Features:: | ||
5047 | * Limitations2:: | ||
5048 | @end menu | ||
5049 | |||
5050 | @node Features | ||
5051 | @subsubsection Features | ||
5052 | |||
5053 | @c %**end of header | ||
5054 | |||
5055 | The HOSTLIST daemon can: | ||
5056 | |||
5057 | @itemize @bullet | ||
5058 | @item provide HELLO messages with validated addresses obtained from | ||
5059 | PEERINFO to download for other peers | ||
5060 | @item download HELLO messages and forward these message to the TRANSPORT | ||
5061 | subsystem for validation | ||
5062 | @item advertises the URL of this peer's hostlist address to other peers | ||
5063 | via gossip | ||
5064 | @item automatically learn about hostlist servers from the gossip of other | ||
5065 | peers | ||
5066 | @end itemize | ||
5067 | |||
5068 | @node Limitations2 | ||
5069 | @subsubsection Limitations2 | ||
5070 | |||
5071 | @c %**end of header | ||
5072 | |||
5073 | The HOSTLIST daemon does not: | ||
5074 | |||
5075 | @itemize @bullet | ||
5076 | @item verify the cryptographic information in the HELLO messages | ||
5077 | @item verify the address information in the HELLO messages | ||
5078 | @end itemize | ||
5079 | |||
5080 | @node Interacting with the HOSTLIST daemon | ||
5081 | @subsection Interacting with the HOSTLIST daemon | ||
5082 | |||
5083 | @c %**end of header | ||
5084 | |||
5085 | The HOSTLIST subsystem is currently implemented as a daemon, so there is | ||
5086 | no need for the user to interact with it and therefore there is no | ||
5087 | command line tool and no API to communicate with the daemon. In the | ||
5088 | future, we can envision changing this to allow users to manually trigger | ||
5089 | the download of a hostlist. | ||
5090 | |||
5091 | Since there is no command line interface to interact with HOSTLIST, the | ||
5092 | only way to interact with the hostlist is to use STATISTICS to obtain or | ||
5093 | modify information about the status of HOSTLIST: | ||
5094 | |||
5095 | @example | ||
5096 | $ gnunet-statistics -s hostlist | ||
5097 | @end example | ||
5098 | |||
5099 | @noindent | ||
5100 | In particular, HOSTLIST includes a @strong{persistent} value in statistics | ||
5101 | that specifies when the hostlist server might be queried next. As this | ||
5102 | value is exponentially increasing during runtime, developers may want to | ||
5103 | reset or manually adjust it. Note that HOSTLIST (but not STATISTICS) needs | ||
5104 | to be shutdown if changes to this value are to have any effect on the | ||
5105 | daemon (as HOSTLIST does not monitor STATISTICS for changes to the | ||
5106 | download frequency). | ||
5107 | |||
5108 | @node Hostlist security address validation | ||
5109 | @subsection Hostlist security address validation | ||
5110 | |||
5111 | @c %**end of header | ||
5112 | |||
5113 | Since information obtained from other parties cannot be trusted without | ||
5114 | validation, we have to distinguish between @emph{validated} and | ||
5115 | @emph{not validated} addresses. Before using (and so trusting) | ||
5116 | information from other parties, this information has to be double-checked | ||
5117 | (validated). Address validation is not done by HOSTLIST but by the | ||
5118 | TRANSPORT service. | ||
5119 | |||
5120 | The HOSTLIST component is functionally located between the PEERINFO and | ||
5121 | the TRANSPORT subsystem. When acting as a server, the daemon obtains valid | ||
5122 | (@emph{validated}) peer information (HELLO messages) from the PEERINFO | ||
5123 | service and provides it to other peers. When acting as a client, it | ||
5124 | contacts the HOSTLIST servers specified in the configuration, downloads | ||
5125 | the (unvalidated) list of HELLO messages and forwards these information | ||
5126 | to the TRANSPORT server to validate the addresses. | ||
5127 | |||
5128 | @node The HOSTLIST daemon | ||
5129 | @subsection The HOSTLIST daemon | ||
5130 | |||
5131 | @c %**end of header | ||
5132 | |||
5133 | The hostlist daemon is the main component of the HOSTLIST subsystem. It is | ||
5134 | started by the ARM service and (if configured) starts the HOSTLIST client | ||
5135 | and server components. | ||
5136 | |||
5137 | If the daemon provides a hostlist itself it can advertise it's own | ||
5138 | hostlist to other peers. To do so it sends a | ||
5139 | @code{GNUNET_MESSAGE_TYPE_HOSTLIST_ADVERTISEMENT} message to other peers | ||
5140 | when they connect to this peer on the CORE level. This hostlist | ||
5141 | advertisement message contains the URL to access the HOSTLIST HTTP | ||
5142 | server of the sender. The daemon may also subscribe to this type of | ||
5143 | message from CORE service, and then forward these kind of message to the | ||
5144 | HOSTLIST client. The client then uses all available URLs to download peer | ||
5145 | information when necessary. | ||
5146 | |||
5147 | When starting, the HOSTLIST daemon first connects to the CORE subsystem | ||
5148 | and if hostlist learning is enabled, registers a CORE handler to receive | ||
5149 | this kind of messages. Next it starts (if configured) the client and | ||
5150 | server. It passes pointers to CORE connect and disconnect and receive | ||
5151 | handlers where the client and server store their functions, so the daemon | ||
5152 | can notify them about CORE events. | ||
5153 | |||
5154 | To clean up on shutdown, the daemon has a cleaning task, shutting down all | ||
5155 | subsystems and disconnecting from CORE. | ||
5156 | |||
5157 | @node The HOSTLIST server | ||
5158 | @subsection The HOSTLIST server | ||
5159 | |||
5160 | @c %**end of header | ||
5161 | |||
5162 | The server provides a way for other peers to obtain HELLOs. Basically it | ||
5163 | is a small web server other peers can connect to and download a list of | ||
5164 | HELLOs using standard HTTP; it may also advertise the URL of the hostlist | ||
5165 | to other peers connecting on CORE level. | ||
5166 | |||
5167 | |||
5168 | @menu | ||
5169 | * The HTTP Server:: | ||
5170 | * Advertising the URL:: | ||
5171 | @end menu | ||
5172 | |||
5173 | @node The HTTP Server | ||
5174 | @subsubsection The HTTP Server | ||
5175 | |||
5176 | @c %**end of header | ||
5177 | |||
5178 | During startup, the server starts a web server listening on the port | ||
5179 | specified with the HTTPPORT value (default 8080). In addition it connects | ||
5180 | to the PEERINFO service to obtain peer information. The HOSTLIST server | ||
5181 | uses the GNUNET_PEERINFO_iterate function to request HELLO information for | ||
5182 | all peers and adds their information to a new hostlist if they are | ||
5183 | suitable (expired addresses and HELLOs without addresses are both not | ||
5184 | suitable) and the maximum size for a hostlist is not exceeded | ||
5185 | (MAX_BYTES_PER_HOSTLISTS = 500000). | ||
5186 | When PEERINFO finishes (with a last NULL callback), the server destroys | ||
5187 | the previous hostlist response available for download on the web server | ||
5188 | and replaces it with the updated hostlist. The hostlist format is | ||
5189 | basically a sequence of HELLO messages (as obtained from PEERINFO) without | ||
5190 | any special tokenization. Since each HELLO message contains a size field, | ||
5191 | the response can easily be split into separate HELLO messages by the | ||
5192 | client. | ||
5193 | |||
5194 | A HOSTLIST client connecting to the HOSTLIST server will receive the | ||
5195 | hostlist as a HTTP response and the the server will terminate the | ||
5196 | connection with the result code @code{HTTP 200 OK}. | ||
5197 | The connection will be closed immediately if no hostlist is available. | ||
5198 | |||
5199 | @node Advertising the URL | ||
5200 | @subsubsection Advertising the URL | ||
5201 | |||
5202 | @c %**end of header | ||
5203 | |||
5204 | The server also advertises the URL to download the hostlist to other peers | ||
5205 | if hostlist advertisement is enabled. | ||
5206 | When a new peer connects and has hostlist learning enabled, the server | ||
5207 | sends a @code{GNUNET_MESSAGE_TYPE_HOSTLIST_ADVERTISEMENT} message to this | ||
5208 | peer using the CORE service. | ||
5209 | |||
5210 | @node The HOSTLIST client | ||
5211 | @subsection The HOSTLIST client | ||
5212 | |||
5213 | @c %**end of header | ||
5214 | |||
5215 | The client provides the functionality to download the list of HELLOs from | ||
5216 | a set of URLs. | ||
5217 | It performs a standard HTTP request to the URLs configured and learned | ||
5218 | from advertisement messages received from other peers. When a HELLO is | ||
5219 | downloaded, the HOSTLIST client forwards the HELLO to the TRANSPORT | ||
5220 | service for validation. | ||
5221 | |||
5222 | The client supports two modes of operation: | ||
5223 | |||
5224 | @itemize @bullet | ||
5225 | @item download of HELLOs (bootstrapping) | ||
5226 | @item learning of URLs | ||
5227 | @end itemize | ||
5228 | |||
5229 | @menu | ||
5230 | * Bootstrapping:: | ||
5231 | * Learning:: | ||
5232 | @end menu | ||
5233 | |||
5234 | @node Bootstrapping | ||
5235 | @subsubsection Bootstrapping | ||
5236 | |||
5237 | @c %**end of header | ||
5238 | |||
5239 | For bootstrapping, it schedules a task to download the hostlist from the | ||
5240 | set of known URLs. | ||
5241 | The downloads are only performed if the number of current | ||
5242 | connections is smaller than a minimum number of connections | ||
5243 | (at the moment 4). | ||
5244 | The interval between downloads increases exponentially; however, the | ||
5245 | exponential growth is limited if it becomes longer than an hour. | ||
5246 | At that point, the frequency growth is capped at | ||
5247 | (#number of connections * 1h). | ||
5248 | |||
5249 | Once the decision has been taken to download HELLOs, the daemon chooses a | ||
5250 | random URL from the list of known URLs. URLs can be configured in the | ||
5251 | configuration or be learned from advertisement messages. | ||
5252 | The client uses a HTTP client library (libcurl) to initiate the download | ||
5253 | using the libcurl multi interface. | ||
5254 | Libcurl passes the data to the callback_download function which | ||
5255 | stores the data in a buffer if space is available and the maximum size for | ||
5256 | a hostlist download is not exceeded (MAX_BYTES_PER_HOSTLISTS = 500000). | ||
5257 | When a full HELLO was downloaded, the HOSTLIST client offers this | ||
5258 | HELLO message to the TRANSPORT service for validation. | ||
5259 | When the download is finished or failed, statistical information about the | ||
5260 | quality of this URL is updated. | ||
5261 | |||
5262 | @cindex HOSTLIST learning | ||
5263 | @node Learning | ||
5264 | @subsubsection Learning | ||
5265 | |||
5266 | @c %**end of header | ||
5267 | |||
5268 | The client also manages hostlist advertisements from other peers. The | ||
5269 | HOSTLIST daemon forwards @code{GNUNET_MESSAGE_TYPE_HOSTLIST_ADVERTISEMENT} | ||
5270 | messages to the client subsystem, which extracts the URL from the message. | ||
5271 | Next, a test of the newly obtained URL is performed by triggering a | ||
5272 | download from the new URL. If the URL works correctly, it is added to the | ||
5273 | list of working URLs. | ||
5274 | |||
5275 | The size of the list of URLs is restricted, so if an additional server is | ||
5276 | added and the list is full, the URL with the worst quality ranking | ||
5277 | (determined through successful downloads and number of HELLOs e.g.) is | ||
5278 | discarded. During shutdown the list of URLs is saved to a file for | ||
5279 | persistance and loaded on startup. URLs from the configuration file are | ||
5280 | never discarded. | ||
5281 | |||
5282 | @node Usage | ||
5283 | @subsection Usage | ||
5284 | |||
5285 | @c %**end of header | ||
5286 | |||
5287 | To start HOSTLIST by default, it has to be added to the DEFAULTSERVICES | ||
5288 | section for the ARM services. This is done in the default configuration. | ||
5289 | |||
5290 | For more information on how to configure the HOSTLIST subsystem see the | ||
5291 | installation handbook:@ | ||
5292 | Configuring the hostlist to bootstrap@ | ||
5293 | Configuring your peer to provide a hostlist | ||
5294 | |||
5295 | @cindex IDENTITY | ||
5296 | @cindex identity subsystem | ||
5297 | @node GNUnet's IDENTITY subsystem | ||
5298 | @section GNUnet's IDENTITY subsystem | ||
5299 | |||
5300 | @c %**end of header | ||
5301 | |||
5302 | Identities of "users" in GNUnet are called egos. | ||
5303 | Egos can be used as pseudonyms ("fake names") or be tied to an | ||
5304 | organization (for example, "GNU") or even the actual identity of a human. | ||
5305 | GNUnet users are expected to have many egos. They might have one tied to | ||
5306 | their real identity, some for organizations they manage, and more for | ||
5307 | different domains where they want to operate under a pseudonym. | ||
5308 | |||
5309 | The IDENTITY service allows users to manage their egos. The identity | ||
5310 | service manages the private keys egos of the local user; it does not | ||
5311 | manage identities of other users (public keys). Public keys for other | ||
5312 | users need names to become manageable. GNUnet uses the | ||
5313 | @dfn{GNU Name System} (GNS) to give names to other users and manage their | ||
5314 | public keys securely. This chapter is about the IDENTITY service, | ||
5315 | which is about the management of private keys. | ||
5316 | |||
5317 | On the network, an ego corresponds to an ECDSA key (over Curve25519, | ||
5318 | using RFC 6979, as required by GNS). Thus, users can perform actions | ||
5319 | under a particular ego by using (signing with) a particular private key. | ||
5320 | Other users can then confirm that the action was really performed by that | ||
5321 | ego by checking the signature against the respective public key. | ||
5322 | |||
5323 | The IDENTITY service allows users to associate a human-readable name with | ||
5324 | each ego. This way, users can use names that will remind them of the | ||
5325 | purpose of a particular ego. | ||
5326 | The IDENTITY service will store the respective private keys and | ||
5327 | allows applications to access key information by name. | ||
5328 | Users can change the name that is locally (!) associated with an ego. | ||
5329 | Egos can also be deleted, which means that the private key will be removed | ||
5330 | and it thus will not be possible to perform actions with that ego in the | ||
5331 | future. | ||
5332 | |||
5333 | Additionally, the IDENTITY subsystem can associate service functions with | ||
5334 | egos. | ||
5335 | For example, GNS requires the ego that should be used for the shorten | ||
5336 | zone. GNS will ask IDENTITY for an ego for the "gns-short" service. | ||
5337 | The IDENTITY service has a mapping of such service strings to the name of | ||
5338 | the ego that the user wants to use for this service, for example | ||
5339 | "my-short-zone-ego". | ||
5340 | |||
5341 | Finally, the IDENTITY API provides access to a special ego, the | ||
5342 | anonymous ego. The anonymous ego is special in that its private key is not | ||
5343 | really private, but fixed and known to everyone. | ||
5344 | Thus, anyone can perform actions as anonymous. This can be useful as with | ||
5345 | this trick, code does not have to contain a special case to distinguish | ||
5346 | between anonymous and pseudonymous egos. | ||
5347 | |||
5348 | @menu | ||
5349 | * libgnunetidentity:: | ||
5350 | * The IDENTITY Client-Service Protocol:: | ||
5351 | @end menu | ||
5352 | |||
5353 | @cindex libgnunetidentity | ||
5354 | @node libgnunetidentity | ||
5355 | @subsection libgnunetidentity | ||
5356 | @c %**end of header | ||
5357 | |||
5358 | |||
5359 | @menu | ||
5360 | * Connecting to the service:: | ||
5361 | * Operations on Egos:: | ||
5362 | * The anonymous Ego:: | ||
5363 | * Convenience API to lookup a single ego:: | ||
5364 | * Associating egos with service functions:: | ||
5365 | @end menu | ||
5366 | |||
5367 | @node Connecting to the service | ||
5368 | @subsubsection Connecting to the service | ||
5369 | |||
5370 | @c %**end of header | ||
5371 | |||
5372 | First, typical clients connect to the identity service using | ||
5373 | @code{GNUNET_IDENTITY_connect}. This function takes a callback as a | ||
5374 | parameter. | ||
5375 | If the given callback parameter is non-null, it will be invoked to notify | ||
5376 | the application about the current state of the identities in the system. | ||
5377 | |||
5378 | @itemize @bullet | ||
5379 | @item First, it will be invoked on all known egos at the time of the | ||
5380 | connection. For each ego, a handle to the ego and the user's name for the | ||
5381 | ego will be passed to the callback. Furthermore, a @code{void **} context | ||
5382 | argument will be provided which gives the client the opportunity to | ||
5383 | associate some state with the ego. | ||
5384 | @item Second, the callback will be invoked with NULL for the ego, the name | ||
5385 | and the context. This signals that the (initial) iteration over all egos | ||
5386 | has completed. | ||
5387 | @item Then, the callback will be invoked whenever something changes about | ||
5388 | an ego. | ||
5389 | If an ego is renamed, the callback is invoked with the ego handle of the | ||
5390 | ego that was renamed, and the new name. If an ego is deleted, the callback | ||
5391 | is invoked with the ego handle and a name of NULL. In the deletion case, | ||
5392 | the application should also release resources stored in the context. | ||
5393 | @item When the application destroys the connection to the identity service | ||
5394 | using @code{GNUNET_IDENTITY_disconnect}, the callback is again invoked | ||
5395 | with the ego and a name of NULL (equivalent to deletion of the egos). | ||
5396 | This should again be used to clean up the per-ego context. | ||
5397 | @end itemize | ||
5398 | |||
5399 | The ego handle passed to the callback remains valid until the callback is | ||
5400 | invoked with a name of NULL, so it is safe to store a reference to the | ||
5401 | ego's handle. | ||
5402 | |||
5403 | @node Operations on Egos | ||
5404 | @subsubsection Operations on Egos | ||
5405 | |||
5406 | @c %**end of header | ||
5407 | |||
5408 | Given an ego handle, the main operations are to get its associated private | ||
5409 | key using @code{GNUNET_IDENTITY_ego_get_private_key} or its associated | ||
5410 | public key using @code{GNUNET_IDENTITY_ego_get_public_key}. | ||
5411 | |||
5412 | The other operations on egos are pretty straightforward. | ||
5413 | Using @code{GNUNET_IDENTITY_create}, an application can request the | ||
5414 | creation of an ego by specifying the desired name. | ||
5415 | The operation will fail if that name is | ||
5416 | already in use. Using @code{GNUNET_IDENTITY_rename} the name of an | ||
5417 | existing ego can be changed. Finally, egos can be deleted using | ||
5418 | @code{GNUNET_IDENTITY_delete}. All of these operations will trigger | ||
5419 | updates to the callback given to the @code{GNUNET_IDENTITY_connect} | ||
5420 | function of all applications that are connected with the identity service | ||
5421 | at the time. @code{GNUNET_IDENTITY_cancel} can be used to cancel the | ||
5422 | operations before the respective continuations would be called. | ||
5423 | It is not guaranteed that the operation will not be completed anyway, | ||
5424 | only the continuation will no longer be called. | ||
5425 | |||
5426 | @node The anonymous Ego | ||
5427 | @subsubsection The anonymous Ego | ||
5428 | |||
5429 | @c %**end of header | ||
5430 | |||
5431 | A special way to obtain an ego handle is to call | ||
5432 | @code{GNUNET_IDENTITY_ego_get_anonymous}, which returns an ego for the | ||
5433 | "anonymous" user --- anyone knows and can get the private key for this | ||
5434 | user, so it is suitable for operations that are supposed to be anonymous | ||
5435 | but require signatures (for example, to avoid a special path in the code). | ||
5436 | The anonymous ego is always valid and accessing it does not require a | ||
5437 | connection to the identity service. | ||
5438 | |||
5439 | @node Convenience API to lookup a single ego | ||
5440 | @subsubsection Convenience API to lookup a single ego | ||
5441 | |||
5442 | |||
5443 | As applications commonly simply have to lookup a single ego, there is a | ||
5444 | convenience API to do just that. Use @code{GNUNET_IDENTITY_ego_lookup} to | ||
5445 | lookup a single ego by name. Note that this is the user's name for the | ||
5446 | ego, not the service function. The resulting ego will be returned via a | ||
5447 | callback and will only be valid during that callback. The operation can | ||
5448 | be cancelled via @code{GNUNET_IDENTITY_ego_lookup_cancel} | ||
5449 | (cancellation is only legal before the callback is invoked). | ||
5450 | |||
5451 | @node Associating egos with service functions | ||
5452 | @subsubsection Associating egos with service functions | ||
5453 | |||
5454 | |||
5455 | The @code{GNUNET_IDENTITY_set} function is used to associate a particular | ||
5456 | ego with a service function. The name used by the service and the ego are | ||
5457 | given as arguments. | ||
5458 | Afterwards, the service can use its name to lookup the associated ego | ||
5459 | using @code{GNUNET_IDENTITY_get}. | ||
5460 | |||
5461 | @node The IDENTITY Client-Service Protocol | ||
5462 | @subsection The IDENTITY Client-Service Protocol | ||
5463 | |||
5464 | @c %**end of header | ||
5465 | |||
5466 | A client connecting to the identity service first sends a message with | ||
5467 | type | ||
5468 | @code{GNUNET_MESSAGE_TYPE_IDENTITY_START} to the service. After that, the | ||
5469 | client will receive information about changes to the egos by receiving | ||
5470 | messages of type @code{GNUNET_MESSAGE_TYPE_IDENTITY_UPDATE}. | ||
5471 | Those messages contain the private key of the ego and the user's name of | ||
5472 | the ego (or zero bytes for the name to indicate that the ego was deleted). | ||
5473 | A special bit @code{end_of_list} is used to indicate the end of the | ||
5474 | initial iteration over the identity service's egos. | ||
5475 | |||
5476 | The client can trigger changes to the egos by sending @code{CREATE}, | ||
5477 | @code{RENAME} or @code{DELETE} messages. | ||
5478 | The CREATE message contains the private key and the desired name.@ | ||
5479 | The RENAME message contains the old name and the new name.@ | ||
5480 | The DELETE message only needs to include the name of the ego to delete.@ | ||
5481 | The service responds to each of these messages with a @code{RESULT_CODE} | ||
5482 | message which indicates success or error of the operation, and possibly | ||
5483 | a human-readable error message. | ||
5484 | |||
5485 | Finally, the client can bind the name of a service function to an ego by | ||
5486 | sending a @code{SET_DEFAULT} message with the name of the service function | ||
5487 | and the private key of the ego. | ||
5488 | Such bindings can then be resolved using a @code{GET_DEFAULT} message, | ||
5489 | which includes the name of the service function. The identity service | ||
5490 | will respond to a GET_DEFAULT request with a SET_DEFAULT message | ||
5491 | containing the respective information, or with a RESULT_CODE to | ||
5492 | indicate an error. | ||
5493 | |||
5494 | @cindex NAMESTORE | ||
5495 | @cindex namestore subsystem | ||
5496 | @node GNUnet's NAMESTORE Subsystem | ||
5497 | @section GNUnet's NAMESTORE Subsystem | ||
5498 | |||
5499 | The NAMESTORE subsystem provides persistent storage for local GNS zone | ||
5500 | information. All local GNS zone information are managed by NAMESTORE. It | ||
5501 | provides both the functionality to administer local GNS information (e.g. | ||
5502 | delete and add records) as well as to retrieve GNS information (e.g to | ||
5503 | list name information in a client). | ||
5504 | NAMESTORE does only manage the persistent storage of zone information | ||
5505 | belonging to the user running the service: GNS information from other | ||
5506 | users obtained from the DHT are stored by the NAMECACHE subsystem. | ||
5507 | |||
5508 | NAMESTORE uses a plugin-based database backend to store GNS information | ||
5509 | with good performance. Here sqlite, MySQL and PostgreSQL are supported | ||
5510 | database backends. | ||
5511 | NAMESTORE clients interact with the IDENTITY subsystem to obtain | ||
5512 | cryptographic information about zones based on egos as described with the | ||
5513 | IDENTITY subsystem, but internally NAMESTORE refers to zones using the | ||
5514 | ECDSA private key. | ||
5515 | In addition, it collaborates with the NAMECACHE subsystem and | ||
5516 | stores zone information when local information are modified in the | ||
5517 | GNS cache to increase look-up performance for local information. | ||
5518 | |||
5519 | NAMESTORE provides functionality to look-up and store records, to iterate | ||
5520 | over a specific or all zones and to monitor zones for changes. NAMESTORE | ||
5521 | functionality can be accessed using the NAMESTORE api or the NAMESTORE | ||
5522 | command line tool. | ||
5523 | |||
5524 | @menu | ||
5525 | * libgnunetnamestore:: | ||
5526 | @end menu | ||
5527 | |||
5528 | @cindex libgnunetnamestore | ||
5529 | @node libgnunetnamestore | ||
5530 | @subsection libgnunetnamestore | ||
5531 | |||
5532 | To interact with NAMESTORE clients first connect to the NAMESTORE service | ||
5533 | using the @code{GNUNET_NAMESTORE_connect} passing a configuration handle. | ||
5534 | As a result they obtain a NAMESTORE handle, they can use for operations, | ||
5535 | or NULL is returned if the connection failed. | ||
5536 | |||
5537 | To disconnect from NAMESTORE, clients use | ||
5538 | @code{GNUNET_NAMESTORE_disconnect} and specify the handle to disconnect. | ||
5539 | |||
5540 | NAMESTORE internally uses the ECDSA private key to refer to zones. These | ||
5541 | private keys can be obtained from the IDENTITY subsytem. | ||
5542 | Here @emph{egos} @emph{can be used to refer to zones or the default ego | ||
5543 | assigned to the GNS subsystem can be used to obtained the master zone's | ||
5544 | private key.} | ||
5545 | |||
5546 | |||
5547 | @menu | ||
5548 | * Editing Zone Information:: | ||
5549 | * Iterating Zone Information:: | ||
5550 | * Monitoring Zone Information:: | ||
5551 | @end menu | ||
5552 | |||
5553 | @node Editing Zone Information | ||
5554 | @subsubsection Editing Zone Information | ||
5555 | |||
5556 | @c %**end of header | ||
5557 | |||
5558 | NAMESTORE provides functions to lookup records stored under a label in a | ||
5559 | zone and to store records under a label in a zone. | ||
5560 | |||
5561 | To store (and delete) records, the client uses the | ||
5562 | @code{GNUNET_NAMESTORE_records_store} function and has to provide | ||
5563 | namestore handle to use, the private key of the zone, the label to store | ||
5564 | the records under, the records and number of records plus an callback | ||
5565 | function. | ||
5566 | After the operation is performed NAMESTORE will call the provided | ||
5567 | callback function with the result GNUNET_SYSERR on failure | ||
5568 | (including timeout/queue drop/failure to validate), GNUNET_NO if content | ||
5569 | was already there or not found GNUNET_YES (or other positive value) on | ||
5570 | success plus an additional error message. | ||
5571 | |||
5572 | Records are deleted by using the store command with 0 records to store. | ||
5573 | It is important to note, that records are not merged when records exist | ||
5574 | with the label. | ||
5575 | So a client has first to retrieve records, merge with existing records | ||
5576 | and then store the result. | ||
5577 | |||
5578 | To perform a lookup operation, the client uses the | ||
5579 | @code{GNUNET_NAMESTORE_records_store} function. Here he has to pass the | ||
5580 | namestore handle, the private key of the zone and the label. He also has | ||
5581 | to provide a callback function which will be called with the result of | ||
5582 | the lookup operation: | ||
5583 | the zone for the records, the label, and the records including the | ||
5584 | number of records included. | ||
5585 | |||
5586 | A special operation is used to set the preferred nickname for a zone. | ||
5587 | This nickname is stored with the zone and is automatically merged with | ||
5588 | all labels and records stored in a zone. Here the client uses the | ||
5589 | @code{GNUNET_NAMESTORE_set_nick} function and passes the private key of | ||
5590 | the zone, the nickname as string plus a the callback with the result of | ||
5591 | the operation. | ||
5592 | |||
5593 | @node Iterating Zone Information | ||
5594 | @subsubsection Iterating Zone Information | ||
5595 | |||
5596 | @c %**end of header | ||
5597 | |||
5598 | A client can iterate over all information in a zone or all zones managed | ||
5599 | by NAMESTORE. | ||
5600 | Here a client uses the @code{GNUNET_NAMESTORE_zone_iteration_start} | ||
5601 | function and passes the namestore handle, the zone to iterate over and a | ||
5602 | callback function to call with the result. | ||
5603 | If the client wants to iterate over all the, he passes NULL for the zone. | ||
5604 | A @code{GNUNET_NAMESTORE_ZoneIterator} handle is returned to be used to | ||
5605 | continue iteration. | ||
5606 | |||
5607 | NAMESTORE calls the callback for every result and expects the client to | ||
5608 | call @code{GNUNET_NAMESTORE_zone_iterator_next} to continue to iterate or | ||
5609 | @code{GNUNET_NAMESTORE_zone_iterator_stop} to interrupt the iteration. | ||
5610 | When NAMESTORE reached the last item it will call the callback with a | ||
5611 | NULL value to indicate. | ||
5612 | |||
5613 | @node Monitoring Zone Information | ||
5614 | @subsubsection Monitoring Zone Information | ||
5615 | |||
5616 | @c %**end of header | ||
5617 | |||
5618 | Clients can also monitor zones to be notified about changes. Here the | ||
5619 | clients uses the @code{GNUNET_NAMESTORE_zone_monitor_start} function and | ||
5620 | passes the private key of the zone and and a callback function to call | ||
5621 | with updates for a zone. | ||
5622 | The client can specify to obtain zone information first by iterating over | ||
5623 | the zone and specify a synchronization callback to be called when the | ||
5624 | client and the namestore are synced. | ||
5625 | |||
5626 | On an update, NAMESTORE will call the callback with the private key of the | ||
5627 | zone, the label and the records and their number. | ||
5628 | |||
5629 | To stop monitoring, the client calls | ||
5630 | @code{GNUNET_NAMESTORE_zone_monitor_stop} and passes the handle obtained | ||
5631 | from the function to start the monitoring. | ||
5632 | |||
5633 | @cindex PEERINFO | ||
5634 | @cindex peerinfo subsystem | ||
5635 | @node GNUnet's PEERINFO subsystem | ||
5636 | @section GNUnet's PEERINFO subsystem | ||
5637 | |||
5638 | @c %**end of header | ||
5639 | |||
5640 | The PEERINFO subsystem is used to store verified (validated) information | ||
5641 | about known peers in a persistent way. It obtains these addresses for | ||
5642 | example from TRANSPORT service which is in charge of address validation. | ||
5643 | Validation means that the information in the HELLO message are checked by | ||
5644 | connecting to the addresses and performing a cryptographic handshake to | ||
5645 | authenticate the peer instance stating to be reachable with these | ||
5646 | addresses. | ||
5647 | Peerinfo does not validate the HELLO messages itself but only stores them | ||
5648 | and gives them to interested clients. | ||
5649 | |||
5650 | As future work, we think about moving from storing just HELLO messages to | ||
5651 | providing a generic persistent per-peer information store. | ||
5652 | More and more subsystems tend to need to store per-peer information in | ||
5653 | persistent way. | ||
5654 | To not duplicate this functionality we plan to provide a PEERSTORE | ||
5655 | service providing this functionality. | ||
5656 | |||
5657 | @menu | ||
5658 | * Features2:: | ||
5659 | * Limitations3:: | ||
5660 | * DeveloperPeer Information:: | ||
5661 | * Startup:: | ||
5662 | * Managing Information:: | ||
5663 | * Obtaining Information:: | ||
5664 | * The PEERINFO Client-Service Protocol:: | ||
5665 | * libgnunetpeerinfo:: | ||
5666 | @end menu | ||
5667 | |||
5668 | @node Features2 | ||
5669 | @subsection Features2 | ||
5670 | |||
5671 | @c %**end of header | ||
5672 | |||
5673 | @itemize @bullet | ||
5674 | @item Persistent storage | ||
5675 | @item Client notification mechanism on update | ||
5676 | @item Periodic clean up for expired information | ||
5677 | @item Differentiation between public and friend-only HELLO | ||
5678 | @end itemize | ||
5679 | |||
5680 | @node Limitations3 | ||
5681 | @subsection Limitations3 | ||
5682 | |||
5683 | |||
5684 | @itemize @bullet | ||
5685 | @item Does not perform HELLO validation | ||
5686 | @end itemize | ||
5687 | |||
5688 | @node DeveloperPeer Information | ||
5689 | @subsection DeveloperPeer Information | ||
5690 | |||
5691 | @c %**end of header | ||
5692 | |||
5693 | The PEERINFO subsystem stores these information in the form of HELLO messages | ||
5694 | you can think of as business cards. These HELLO messages contain the public key | ||
5695 | of a peer and the addresses a peer can be reached under. The addresses include | ||
5696 | an expiration date describing how long they are valid. This information is | ||
5697 | updated regularly by the TRANSPORT service by revalidating the address. If an | ||
5698 | address is expired and not renewed, it can be removed from the HELLO message. | ||
5699 | |||
5700 | Some peer do not want to have their HELLO messages distributed to other peers , | ||
5701 | especially when GNUnet's friend-to-friend modus is enabled. To prevent this | ||
5702 | undesired distribution. PEERINFO distinguishes between @emph{public} and | ||
5703 | @emph{friend-only} HELLO messages. Public HELLO messages can be freely | ||
5704 | distributed to other (possibly unknown) peers (for example using the hostlist, | ||
5705 | gossiping, broadcasting), whereas friend-only HELLO messages may not be | ||
5706 | distributed to other peers. Friend-only HELLO messages have an additional flag | ||
5707 | @code{friend_only} set internally. For public HELLO message this flag is not | ||
5708 | set. PEERINFO does and cannot not check if a client is allowed to obtain a | ||
5709 | specific HELLO type. | ||
5710 | |||
5711 | The HELLO messages can be managed using the GNUnet HELLO library. Other GNUnet | ||
5712 | systems can obtain these information from PEERINFO and use it for their | ||
5713 | purposes. Clients are for example the HOSTLIST component providing these | ||
5714 | information to other peers in form of a hostlist or the TRANSPORT subsystem | ||
5715 | using these information to maintain connections to other peers. | ||
5716 | |||
5717 | @node Startup | ||
5718 | @subsection Startup | ||
5719 | |||
5720 | @c %**end of header | ||
5721 | |||
5722 | During startup the PEERINFO services loads persistent HELLOs from disk. First | ||
5723 | PEERINFO parses the directory configured in the HOSTS value of the | ||
5724 | @code{PEERINFO} configuration section to store PEERINFO information.@ For all | ||
5725 | files found in this directory valid HELLO messages are extracted. In addition | ||
5726 | it loads HELLO messages shipped with the GNUnet distribution. These HELLOs are | ||
5727 | used to simplify network bootstrapping by providing valid peer information with | ||
5728 | the distribution. The use of these HELLOs can be prevented by setting the | ||
5729 | @code{USE_INCLUDED_HELLOS} in the @code{PEERINFO} configuration section to | ||
5730 | @code{NO}. Files containing invalid information are removed. | ||
5731 | |||
5732 | @node Managing Information | ||
5733 | @subsection Managing Information | ||
5734 | |||
5735 | @c %**end of header | ||
5736 | |||
5737 | The PEERINFO services stores information about known PEERS and a single HELLO | ||
5738 | message for every peer. A peer does not need to have a HELLO if no information | ||
5739 | are available. HELLO information from different sources, for example a HELLO | ||
5740 | obtained from a remote HOSTLIST and a second HELLO stored on disk, are combined | ||
5741 | and merged into one single HELLO message per peer which will be given to | ||
5742 | clients. During this merge process the HELLO is immediately written to disk to | ||
5743 | ensure persistence. | ||
5744 | |||
5745 | PEERINFO in addition periodically scans the directory where information are | ||
5746 | stored for empty HELLO messages with expired TRANSPORT addresses.@ This | ||
5747 | periodic task scans all files in the directory and recreates the HELLO messages | ||
5748 | it finds. Expired TRANSPORT addresses are removed from the HELLO and if the | ||
5749 | HELLO does not contain any valid addresses, it is discarded and removed from | ||
5750 | disk. | ||
5751 | |||
5752 | @node Obtaining Information | ||
5753 | @subsection Obtaining Information | ||
5754 | |||
5755 | @c %**end of header | ||
5756 | |||
5757 | When a client requests information from PEERINFO, PEERINFO performs a lookup | ||
5758 | for the respective peer or all peers if desired and transmits this information | ||
5759 | to the client. The client can specify if friend-only HELLOs have to be included | ||
5760 | or not and PEERINFO filters the respective HELLO messages before transmitting | ||
5761 | information. | ||
5762 | |||
5763 | To notify clients about changes to PEERINFO information, PEERINFO maintains a | ||
5764 | list of clients interested in this notifications. Such a notification occurs if | ||
5765 | a HELLO for a peer was updated (due to a merge for example) or a new peer was | ||
5766 | added. | ||
5767 | |||
5768 | @node The PEERINFO Client-Service Protocol | ||
5769 | @subsection The PEERINFO Client-Service Protocol | ||
5770 | |||
5771 | @c %**end of header | ||
5772 | |||
5773 | To connect and disconnect to and from the PEERINFO Service PEERINFO utilizes | ||
5774 | the util client/server infrastructure, so no special messages types are used | ||
5775 | here. | ||
5776 | |||
5777 | To add information for a peer, the plain HELLO message is transmitted to the | ||
5778 | service without any wrapping. Alle information required are stored within the | ||
5779 | HELLO message. The PEERINFO service provides a message handler accepting and | ||
5780 | processing these HELLO messages. | ||
5781 | |||
5782 | When obtaining PEERINFO information using the iterate functionality specific | ||
5783 | messages are used. To obtain information for all peers, a @code{struct | ||
5784 | ListAllPeersMessage} with message type | ||
5785 | @code{GNUNET_MESSAGE_TYPE_PEERINFO_GET_ALL} and a flag include_friend_only to | ||
5786 | indicate if friend-only HELLO messages should be included are transmitted. If | ||
5787 | information for a specific peer is required a @code{struct ListAllPeersMessage} | ||
5788 | with @code{GNUNET_MESSAGE_TYPE_PEERINFO_GET} containing the peer identity is | ||
5789 | used. | ||
5790 | |||
5791 | For both variants the PEERINFO service replies for each HELLO message he wants | ||
5792 | to transmit with a @code{struct ListAllPeersMessage} with type | ||
5793 | @code{GNUNET_MESSAGE_TYPE_PEERINFO_INFO} containing the plain HELLO. The final | ||
5794 | message is @code{struct GNUNET_MessageHeader} with type | ||
5795 | @code{GNUNET_MESSAGE_TYPE_PEERINFO_INFO}. If the client receives this message, | ||
5796 | he can proceed with the next request if any is pending | ||
5797 | |||
5798 | @node libgnunetpeerinfo | ||
5799 | @subsection libgnunetpeerinfo | ||
5800 | |||
5801 | @c %**end of header | ||
5802 | |||
5803 | The PEERINFO API consists mainly of three different functionalities: | ||
5804 | maintaining a connection to the service, adding new information and retrieving | ||
5805 | information form the PEERINFO service. | ||
5806 | |||
5807 | |||
5808 | @menu | ||
5809 | * Connecting to the Service:: | ||
5810 | * Adding Information:: | ||
5811 | * Obtaining Information2:: | ||
5812 | @end menu | ||
5813 | |||
5814 | @node Connecting to the Service | ||
5815 | @subsubsection Connecting to the Service | ||
5816 | |||
5817 | @c %**end of header | ||
5818 | |||
5819 | To connect to the PEERINFO service the function @code{GNUNET_PEERINFO_connect} | ||
5820 | is used, taking a configuration handle as an argument, and to disconnect from | ||
5821 | PEERINFO the function @code{GNUNET_PEERINFO_disconnect}, taking the PEERINFO | ||
5822 | handle returned from the connect function has to be called. | ||
5823 | |||
5824 | @node Adding Information | ||
5825 | @subsubsection Adding Information | ||
5826 | |||
5827 | @c %**end of header | ||
5828 | |||
5829 | @code{GNUNET_PEERINFO_add_peer} adds a new peer to the PEERINFO subsystem | ||
5830 | storage. This function takes the PEERINFO handle as an argument, the HELLO | ||
5831 | message to store and a continuation with a closure to be called with the result | ||
5832 | of the operation. The @code{GNUNET_PEERINFO_add_peer} returns a handle to this | ||
5833 | operation allowing to cancel the operation with the respective cancel function | ||
5834 | @code{GNUNET_PEERINFO_add_peer_cancel}. To retrieve information from PEERINFO | ||
5835 | you can iterate over all information stored with PEERINFO or you can tell | ||
5836 | PEERINFO to notify if new peer information are available. | ||
5837 | |||
5838 | @node Obtaining Information2 | ||
5839 | @subsubsection Obtaining Information2 | ||
5840 | |||
5841 | @c %**end of header | ||
5842 | |||
5843 | To iterate over information in PEERINFO you use @code{GNUNET_PEERINFO_iterate}. | ||
5844 | This function expects the PEERINFO handle, a flag if HELLO messages intended | ||
5845 | for friend only mode should be included, a timeout how long the operation | ||
5846 | should take and a callback with a callback closure to be called for the | ||
5847 | results. If you want to obtain information for a specific peer, you can specify | ||
5848 | the peer identity, if this identity is NULL, information for all peers are | ||
5849 | returned. The function returns a handle to allow to cancel the operation using | ||
5850 | @code{GNUNET_PEERINFO_iterate_cancel}. | ||
5851 | |||
5852 | To get notified when peer information changes, you can use | ||
5853 | @code{GNUNET_PEERINFO_notify}. This function expects a configuration handle and | ||
5854 | a flag if friend-only HELLO messages should be included. The PEERINFO service | ||
5855 | will notify you about every change and the callback function will be called to | ||
5856 | notify you about changes. The function returns a handle to cancel notifications | ||
5857 | with @code{GNUNET_PEERINFO_notify_cancel}. | ||
5858 | |||
5859 | |||
5860 | @node GNUnet's PEERSTORE subsystem | ||
5861 | @section GNUnet's PEERSTORE subsystem | ||
5862 | |||
5863 | @c %**end of header | ||
5864 | |||
5865 | GNUnet's PEERSTORE subsystem offers persistent per-peer storage for other | ||
5866 | GNUnet subsystems. GNUnet subsystems can use PEERSTORE to persistently store | ||
5867 | and retrieve arbitrary data. Each data record stored with PEERSTORE contains | ||
5868 | the following fields: | ||
5869 | |||
5870 | @itemize @bullet | ||
5871 | @item subsystem: Name of the subsystem responsible for the record. | ||
5872 | @item peerid: Identity of the peer this record is related to. | ||
5873 | @item key: a key string identifying the record. | ||
5874 | @item value: binary record value. | ||
5875 | @item expiry: record expiry date. | ||
5876 | @end itemize | ||
5877 | |||
5878 | @menu | ||
5879 | * Functionality:: | ||
5880 | * Architecture:: | ||
5881 | * libgnunetpeerstore:: | ||
5882 | @end menu | ||
5883 | |||
5884 | @node Functionality | ||
5885 | @subsection Functionality | ||
5886 | |||
5887 | @c %**end of header | ||
5888 | |||
5889 | Subsystems can store any type of value under a (subsystem, peerid, key) | ||
5890 | combination. A "replace" flag set during store operations forces the PEERSTORE | ||
5891 | to replace any old values stored under the same (subsystem, peerid, key) | ||
5892 | combination with the new value. Additionally, an expiry date is set after which | ||
5893 | the record is *possibly* deleted by PEERSTORE. | ||
5894 | |||
5895 | Subsystems can iterate over all values stored under any of the following | ||
5896 | combination of fields: | ||
5897 | |||
5898 | @itemize @bullet | ||
5899 | @item (subsystem) | ||
5900 | @item (subsystem, peerid) | ||
5901 | @item (subsystem, key) | ||
5902 | @item (subsystem, peerid, key) | ||
5903 | @end itemize | ||
5904 | |||
5905 | Subsystems can also request to be notified about any new values stored under a | ||
5906 | (subsystem, peerid, key) combination by sending a "watch" request to | ||
5907 | PEERSTORE. | ||
5908 | |||
5909 | @node Architecture | ||
5910 | @subsection Architecture | ||
5911 | |||
5912 | @c %**end of header | ||
5913 | |||
5914 | PEERSTORE implements the following components: | ||
5915 | |||
5916 | @itemize @bullet | ||
5917 | @item PEERSTORE service: Handles store, iterate and watch operations. | ||
5918 | @item PEERSTORE API: API to be used by other subsystems to communicate and | ||
5919 | issue commands to the PEERSTORE service. | ||
5920 | @item PEERSTORE plugins: Handles the persistent storage. At the moment, only an | ||
5921 | "sqlite" plugin is implemented. | ||
5922 | @end itemize | ||
5923 | |||
5924 | @node libgnunetpeerstore | ||
5925 | @subsection libgnunetpeerstore | ||
5926 | |||
5927 | @c %**end of header | ||
5928 | |||
5929 | libgnunetpeerstore is the library containing the PEERSTORE API. Subsystems | ||
5930 | wishing to communicate with the PEERSTORE service use this API to open a | ||
5931 | connection to PEERSTORE. This is done by calling | ||
5932 | @code{GNUNET_PEERSTORE_connect} which returns a handle to the newly created | ||
5933 | connection. This handle has to be used with any further calls to the API. | ||
5934 | |||
5935 | To store a new record, the function @code{GNUNET_PEERSTORE_store} is to be used | ||
5936 | which requires the record fields and a continuation function that will be | ||
5937 | called by the API after the STORE request is sent to the PEERSTORE service. | ||
5938 | Note that calling the continuation function does not mean that the record is | ||
5939 | successfully stored, only that the STORE request has been successfully sent to | ||
5940 | the PEERSTORE service. @code{GNUNET_PEERSTORE_store_cancel} can be called to | ||
5941 | cancel the STORE request only before the continuation function has been called. | ||
5942 | |||
5943 | To iterate over stored records, the function @code{GNUNET_PEERSTORE_iterate} is | ||
5944 | to be used. @emph{peerid} and @emph{key} can be set to NULL. An iterator | ||
5945 | callback function will be called with each matching record found and a NULL | ||
5946 | record at the end to signal the end of result set. | ||
5947 | @code{GNUNET_PEERSTORE_iterate_cancel} can be used to cancel the ITERATE | ||
5948 | request before the iterator callback is called with a NULL record. | ||
5949 | |||
5950 | To be notified with new values stored under a (subsystem, peerid, key) | ||
5951 | combination, the function @code{GNUNET_PEERSTORE_watch} is to be used. This | ||
5952 | will register the watcher with the PEERSTORE service, any new records matching | ||
5953 | the given combination will trigger the callback function passed to | ||
5954 | @code{GNUNET_PEERSTORE_watch}. This continues until | ||
5955 | @code{GNUNET_PEERSTORE_watch_cancel} is called or the connection to the service | ||
5956 | is destroyed. | ||
5957 | |||
5958 | After the connection is no longer needed, the function | ||
5959 | @code{GNUNET_PEERSTORE_disconnect} can be called to disconnect from the | ||
5960 | PEERSTORE service. Any pending ITERATE or WATCH requests will be destroyed. If | ||
5961 | the @code{sync_first} flag is set to @code{GNUNET_YES}, the API will delay the | ||
5962 | disconnection until all pending STORE requests are sent to the PEERSTORE | ||
5963 | service, otherwise, the pending STORE requests will be destroyed as well. | ||
5964 | |||
5965 | @node GNUnet's SET Subsystem | ||
5966 | @section GNUnet's SET Subsystem | ||
5967 | |||
5968 | @c %**end of header | ||
5969 | |||
5970 | The SET service implements efficient set operations between two peers over a | ||
5971 | mesh tunnel. Currently, set union and set intersection are the only supported | ||
5972 | operations. Elements of a set consist of an @emph{element type} and arbitrary | ||
5973 | binary @emph{data}. The size of an element's data is limited to around 62 | ||
5974 | KB. | ||
5975 | |||
5976 | @menu | ||
5977 | * Local Sets:: | ||
5978 | * Set Modifications:: | ||
5979 | * Set Operations:: | ||
5980 | * Result Elements:: | ||
5981 | * libgnunetset:: | ||
5982 | * The SET Client-Service Protocol:: | ||
5983 | * The SET Intersection Peer-to-Peer Protocol:: | ||
5984 | * The SET Union Peer-to-Peer Protocol:: | ||
5985 | @end menu | ||
5986 | |||
5987 | @node Local Sets | ||
5988 | @subsection Local Sets | ||
5989 | |||
5990 | @c %**end of header | ||
5991 | |||
5992 | Sets created by a local client can be modified and reused for multiple | ||
5993 | operations. As each set operation requires potentially expensive special | ||
5994 | auxilliary data to be computed for each element of a set, a set can only | ||
5995 | participate in one type of set operation (i.e. union or intersection). The type | ||
5996 | of a set is determined upon its creation. If a the elements of a set are needed | ||
5997 | for an operation of a different type, all of the set's element must be copied | ||
5998 | to a new set of appropriate type. | ||
5999 | |||
6000 | @node Set Modifications | ||
6001 | @subsection Set Modifications | ||
6002 | |||
6003 | @c %**end of header | ||
6004 | |||
6005 | Even when set operations are active, one can add to and remove elements from a | ||
6006 | set. However, these changes will only be visible to operations that have been | ||
6007 | created after the changes have taken place. That is, every set operation only | ||
6008 | sees a snapshot of the set from the time the operation was started. This | ||
6009 | mechanism is @emph{not} implemented by copying the whole set, but by attaching | ||
6010 | @emph{generation information} to each element and operation. | ||
6011 | |||
6012 | @node Set Operations | ||
6013 | @subsection Set Operations | ||
6014 | |||
6015 | @c %**end of header | ||
6016 | |||
6017 | Set operations can be started in two ways: Either by accepting an operation | ||
6018 | request from a remote peer, or by requesting a set operation from a remote | ||
6019 | peer. Set operations are uniquely identified by the involved @emph{peers}, an | ||
6020 | @emph{application id} and the @emph{operation type}. | ||
6021 | |||
6022 | The client is notified of incoming set operations by @emph{set listeners}. A | ||
6023 | set listener listens for incoming operations of a specific operation type and | ||
6024 | application id. Once notified of an incoming set request, the client can | ||
6025 | accept the set request (providing a local set for the operation) or reject | ||
6026 | it. | ||
6027 | |||
6028 | @node Result Elements | ||
6029 | @subsection Result Elements | ||
6030 | |||
6031 | @c %**end of header | ||
6032 | |||
6033 | The SET service has three @emph{result modes} that determine how an operation's | ||
6034 | result set is delivered to the client: | ||
6035 | |||
6036 | @itemize @bullet | ||
6037 | @item @strong{Full Result Set.} All elements of set resulting from the set | ||
6038 | operation are returned to the client. | ||
6039 | @item @strong{Added Elements.} Only elements that result from the operation and | ||
6040 | are not already in the local peer's set are returned. Note that for some | ||
6041 | operations (like set intersection) this result mode will never return any | ||
6042 | elements. This can be useful if only the remove peer is actually interested in | ||
6043 | the result of the set operation. | ||
6044 | @item @strong{Removed Elements.} Only elements that are in the local peer's | ||
6045 | initial set but not in the operation's result set are returned. Note that for | ||
6046 | some operations (like set union) this result mode will never return any | ||
6047 | elements. This can be useful if only the remove peer is actually interested in | ||
6048 | the result of the set operation. | ||
6049 | @end itemize | ||
6050 | |||
6051 | @node libgnunetset | ||
6052 | @subsection libgnunetset | ||
6053 | |||
6054 | @c %**end of header | ||
6055 | |||
6056 | @menu | ||
6057 | * Sets:: | ||
6058 | * Listeners:: | ||
6059 | * Operations:: | ||
6060 | * Supplying a Set:: | ||
6061 | * The Result Callback:: | ||
6062 | @end menu | ||
6063 | |||
6064 | @node Sets | ||
6065 | @subsubsection Sets | ||
6066 | |||
6067 | @c %**end of header | ||
6068 | |||
6069 | New sets are created with @code{GNUNET_SET_create}. Both the local peer's | ||
6070 | configuration (as each set has its own client connection) and the operation | ||
6071 | type must be specified. The set exists until either the client calls | ||
6072 | @code{GNUNET_SET_destroy} or the client's connection to the service is | ||
6073 | disrupted. In the latter case, the client is notified by the return value of | ||
6074 | functions dealing with sets. This return value must always be checked. | ||
6075 | |||
6076 | Elements are added and removed with @code{GNUNET_SET_add_element} and | ||
6077 | @code{GNUNET_SET_remove_element}. | ||
6078 | |||
6079 | @node Listeners | ||
6080 | @subsubsection Listeners | ||
6081 | |||
6082 | @c %**end of header | ||
6083 | |||
6084 | Listeners are created with @code{GNUNET_SET_listen}. Each time time a remote | ||
6085 | peer suggests a set operation with an application id and operation type | ||
6086 | matching a listener, the listener's callack is invoked. The client then must | ||
6087 | synchronously call either @code{GNUNET_SET_accept} or @code{GNUNET_SET_reject}. | ||
6088 | Note that the operation will not be started until the client calls | ||
6089 | @code{GNUNET_SET_commit} (see Section "Supplying a Set"). | ||
6090 | |||
6091 | @node Operations | ||
6092 | @subsubsection Operations | ||
6093 | |||
6094 | @c %**end of header | ||
6095 | |||
6096 | Operations to be initiated by the local peer are created with | ||
6097 | @code{GNUNET_SET_prepare}. Note that the operation will not be started until | ||
6098 | the client calls @code{GNUNET_SET_commit} (see Section "Supplying a | ||
6099 | Set"). | ||
6100 | |||
6101 | @node Supplying a Set | ||
6102 | @subsubsection Supplying a Set | ||
6103 | |||
6104 | @c %**end of header | ||
6105 | |||
6106 | To create symmetry between the two ways of starting a set operation (accepting | ||
6107 | and nitiating it), the operation handles returned by @code{GNUNET_SET_accept} | ||
6108 | and @code{GNUNET_SET_prepare} do not yet have a set to operate on, thus they | ||
6109 | can not do any work yet. | ||
6110 | |||
6111 | The client must call @code{GNUNET_SET_commit} to specify a set to use for an | ||
6112 | operation. @code{GNUNET_SET_commit} may only be called once per set | ||
6113 | operation. | ||
6114 | |||
6115 | @node The Result Callback | ||
6116 | @subsubsection The Result Callback | ||
6117 | |||
6118 | @c %**end of header | ||
6119 | |||
6120 | Clients must specify both a result mode and a result callback with | ||
6121 | @code{GNUNET_SET_accept} and @code{GNUNET_SET_prepare}. The result callback | ||
6122 | with a status indicating either that an element was received, or the operation | ||
6123 | failed or succeeded. The interpretation of the received element depends on the | ||
6124 | result mode. The callback needs to know which result mode it is used in, as the | ||
6125 | arguments do not indicate if an element is part of the full result set, or if | ||
6126 | it is in the difference between the original set and the final set. | ||
6127 | |||
6128 | @node The SET Client-Service Protocol | ||
6129 | @subsection The SET Client-Service Protocol | ||
6130 | |||
6131 | @c %**end of header | ||
6132 | |||
6133 | @menu | ||
6134 | * Creating Sets:: | ||
6135 | * Listeners2:: | ||
6136 | * Initiating Operations:: | ||
6137 | * Modifying Sets:: | ||
6138 | * Results and Operation Status:: | ||
6139 | * Iterating Sets:: | ||
6140 | @end menu | ||
6141 | |||
6142 | @node Creating Sets | ||
6143 | @subsubsection Creating Sets | ||
6144 | |||
6145 | @c %**end of header | ||
6146 | |||
6147 | For each set of a client, there exists a client connection to the service. Sets | ||
6148 | are created by sending the @code{GNUNET_SERVICE_SET_CREATE} message over a new | ||
6149 | client connection. Multiple operations for one set are multiplexed over one | ||
6150 | client connection, using a request id supplied by the client. | ||
6151 | |||
6152 | @node Listeners2 | ||
6153 | @subsubsection Listeners2 | ||
6154 | |||
6155 | @c %**end of header | ||
6156 | |||
6157 | Each listener also requires a seperate client connection. By sending the | ||
6158 | @code{GNUNET_SERVICE_SET_LISTEN} message, the client notifies the service of | ||
6159 | the application id and operation type it is interested in. A client rejects an | ||
6160 | incoming request by sending @code{GNUNET_SERVICE_SET_REJECT} on the listener's | ||
6161 | client connection. In contrast, when accepting an incoming request, a a | ||
6162 | @code{GNUNET_SERVICE_SET_ACCEPT} message must be sent over the@ set that is | ||
6163 | supplied for the set operation. | ||
6164 | |||
6165 | @node Initiating Operations | ||
6166 | @subsubsection Initiating Operations | ||
6167 | |||
6168 | @c %**end of header | ||
6169 | |||
6170 | Operations with remote peers are initiated by sending a | ||
6171 | @code{GNUNET_SERVICE_SET_EVALUATE} message to the service. The@ client | ||
6172 | connection that this message is sent by determines the set to use. | ||
6173 | |||
6174 | @node Modifying Sets | ||
6175 | @subsubsection Modifying Sets | ||
6176 | |||
6177 | @c %**end of header | ||
6178 | |||
6179 | Sets are modified with the @code{GNUNET_SERVICE_SET_ADD} and | ||
6180 | @code{GNUNET_SERVICE_SET_REMOVE} messages. | ||
6181 | |||
6182 | |||
6183 | @c %@menu | ||
6184 | @c %* Results and Operation Status:: | ||
6185 | @c %* Iterating Sets:: | ||
6186 | @c %@end menu | ||
6187 | |||
6188 | @node Results and Operation Status | ||
6189 | @subsubsection Results and Operation Status | ||
6190 | @c %**end of header | ||
6191 | |||
6192 | The service notifies the client of result elements and success/failure of a set | ||
6193 | operation with the @code{GNUNET_SERVICE_SET_RESULT} message. | ||
6194 | |||
6195 | @node Iterating Sets | ||
6196 | @subsubsection Iterating Sets | ||
6197 | |||
6198 | @c %**end of header | ||
6199 | |||
6200 | All elements of a set can be requested by sending | ||
6201 | @code{GNUNET_SERVICE_SET_ITER_REQUEST}. The server responds with | ||
6202 | @code{GNUNET_SERVICE_SET_ITER_ELEMENT} and eventually terminates the iteration | ||
6203 | with @code{GNUNET_SERVICE_SET_ITER_DONE}. After each received element, the | ||
6204 | client@ must send @code{GNUNET_SERVICE_SET_ITER_ACK}. Note that only one set | ||
6205 | iteration may be active for a set at any given time. | ||
6206 | |||
6207 | @node The SET Intersection Peer-to-Peer Protocol | ||
6208 | @subsection The SET Intersection Peer-to-Peer Protocol | ||
6209 | |||
6210 | @c %**end of header | ||
6211 | |||
6212 | The intersection protocol operates over CADET and starts with a | ||
6213 | GNUNET_MESSAGE_TYPE_SET_P2P_OPERATION_REQUEST being sent by the peer initiating | ||
6214 | the operation to the peer listening for inbound requests. It includes the | ||
6215 | number of elements of the initiating peer, which is used to decide which side | ||
6216 | will send a Bloom filter first. | ||
6217 | |||
6218 | The listening peer checks if the operation type and application identifier are | ||
6219 | acceptable for its current state. If not, it responds with a | ||
6220 | GNUNET_MESSAGE_TYPE_SET_RESULT and a status of GNUNET_SET_STATUS_FAILURE (and | ||
6221 | terminates the CADET channel). | ||
6222 | |||
6223 | If the application accepts the request, the listener sends back a@ | ||
6224 | GNUNET_MESSAGE_TYPE_SET_INTERSECTION_P2P_ELEMENT_INFO if it has more elements | ||
6225 | in the set than the client. Otherwise, it immediately starts with the Bloom | ||
6226 | filter exchange. If the initiator receives a | ||
6227 | GNUNET_MESSAGE_TYPE_SET_INTERSECTION_P2P_ELEMENT_INFO response, it beings the | ||
6228 | Bloom filter exchange, unless the set size is indicated to be zero, in which | ||
6229 | case the intersection is considered finished after just the initial | ||
6230 | handshake. | ||
6231 | |||
6232 | |||
6233 | @menu | ||
6234 | * The Bloom filter exchange:: | ||
6235 | * Salt:: | ||
6236 | @end menu | ||
6237 | |||
6238 | @node The Bloom filter exchange | ||
6239 | @subsubsection The Bloom filter exchange | ||
6240 | |||
6241 | @c %**end of header | ||
6242 | |||
6243 | In this phase, each peer transmits a Bloom filter over the remaining keys of | ||
6244 | the local set to the other peer using a | ||
6245 | GNUNET_MESSAGE_TYPE_SET_INTERSECTION_P2P_BF message. This message additionally | ||
6246 | includes the number of elements left in the sender's set, as well as the XOR | ||
6247 | over all of the keys in that set. | ||
6248 | |||
6249 | The number of bits 'k' set per element in the Bloom filter is calculated based | ||
6250 | on the relative size of the two sets. Furthermore, the size of the Bloom filter | ||
6251 | is calculated based on 'k' and the number of elements in the set to maximize | ||
6252 | the amount of data filtered per byte transmitted on the wire (while avoiding an | ||
6253 | excessively high number of iterations). | ||
6254 | |||
6255 | The receiver of the message removes all elements from its local set that do not | ||
6256 | pass the Bloom filter test. It then checks if the set size of the sender and | ||
6257 | the XOR over the keys match what is left of his own set. If they do, he sends | ||
6258 | a@ GNUNET_MESSAGE_TYPE_SET_INTERSECTION_P2P_DONE back to indicate that the | ||
6259 | latest set is the final result. Otherwise, the receiver starts another Bloom | ||
6260 | fitler exchange, except this time as the sender. | ||
6261 | |||
6262 | @node Salt | ||
6263 | @subsubsection Salt | ||
6264 | |||
6265 | @c %**end of header | ||
6266 | |||
6267 | Bloomfilter operations are probablistic: With some non-zero probability the | ||
6268 | test may incorrectly say an element is in the set, even though it is not. | ||
6269 | |||
6270 | To mitigate this problem, the intersection protocol iterates exchanging Bloom | ||
6271 | filters using a different random 32-bit salt in each iteration (the salt is | ||
6272 | also included in the message). With different salts, set operations may fail | ||
6273 | for different elements. Merging the results from the executions, the | ||
6274 | probability of failure drops to zero. | ||
6275 | |||
6276 | The iterations terminate once both peers have established that they have sets | ||
6277 | of the same size, and where the XOR over all keys computes the same 512-bit | ||
6278 | value (leaving a failure probability of 2-511). | ||
6279 | |||
6280 | @node The SET Union Peer-to-Peer Protocol | ||
6281 | @subsection The SET Union Peer-to-Peer Protocol | ||
6282 | |||
6283 | @c %**end of header | ||
6284 | |||
6285 | The SET union protocol is based on Eppstein's efficient set reconciliation | ||
6286 | without prior context. You should read this paper first if you want to | ||
6287 | understand the protocol. | ||
6288 | |||
6289 | The union protocol operates over CADET and starts with a | ||
6290 | GNUNET_MESSAGE_TYPE_SET_P2P_OPERATION_REQUEST being sent by the peer initiating | ||
6291 | the operation to the peer listening for inbound requests. It includes the | ||
6292 | number of elements of the initiating peer, which is currently not used. | ||
6293 | |||
6294 | The listening peer checks if the operation type and application identifier are | ||
6295 | acceptable for its current state. If not, it responds with a | ||
6296 | GNUNET_MESSAGE_TYPE_SET_RESULT and a status of GNUNET_SET_STATUS_FAILURE (and | ||
6297 | terminates the CADET channel). | ||
6298 | |||
6299 | If the application accepts the request, it sends back a strata estimator using | ||
6300 | a message of type GNUNET_MESSAGE_TYPE_SET_UNION_P2P_SE. The initiator evaluates | ||
6301 | the strata estimator and initiates the exchange of invertible Bloom filters, | ||
6302 | sending a GNUNET_MESSAGE_TYPE_SET_UNION_P2P_IBF. | ||
6303 | |||
6304 | During the IBF exchange, if the receiver cannot invert the Bloom filter or | ||
6305 | detects a cycle, it sends a larger IBF in response (up to a defined maximum | ||
6306 | limit; if that limit is reached, the operation fails). Elements decoded while | ||
6307 | processing the IBF are transmitted to the other peer using | ||
6308 | GNUNET_MESSAGE_TYPE_SET_P2P_ELEMENTS, or requested from the other peer using | ||
6309 | GNUNET_MESSAGE_TYPE_SET_P2P_ELEMENT_REQUESTS messages, depending on the sign | ||
6310 | observed during decoding of the IBF. Peers respond to a | ||
6311 | GNUNET_MESSAGE_TYPE_SET_P2P_ELEMENT_REQUESTS message with the respective | ||
6312 | element in a GNUNET_MESSAGE_TYPE_SET_P2P_ELEMENTS message. If the IBF fully | ||
6313 | decodes, the peer responds with a GNUNET_MESSAGE_TYPE_SET_UNION_P2P_DONE | ||
6314 | message instead of another GNUNET_MESSAGE_TYPE_SET_UNION_P2P_IBF. | ||
6315 | |||
6316 | All Bloom filter operations use a salt to mingle keys before hasing them into | ||
6317 | buckets, such that future iterations have a fresh chance of succeeding if they | ||
6318 | failed due to collisions before. | ||
6319 | |||
6320 | @node GNUnet's STATISTICS subsystem | ||
6321 | @section GNUnet's STATISTICS subsystem | ||
6322 | |||
6323 | @c %**end of header | ||
6324 | |||
6325 | In GNUnet, the STATISTICS subsystem offers a central place for all subsystems | ||
6326 | to publish unsigned 64-bit integer run-time statistics. Keeping this | ||
6327 | information centrally means that there is a unified way for the user to obtain | ||
6328 | data on all subsystems, and individual subsystems do not have to always include | ||
6329 | a custom data export method for performance metrics and other statistics. For | ||
6330 | example, the TRANSPORT system uses STATISTICS to update information about the | ||
6331 | number of directly connected peers and the bandwidth that has been consumed by | ||
6332 | the various plugins. This information is valuable for diagnosing connectivity | ||
6333 | and performance issues. | ||
6334 | |||
6335 | Following the GNUnet service architecture, the STATISTICS subsystem is divided | ||
6336 | into an API which is exposed through the header | ||
6337 | @strong{gnunet_statistics_service.h} and the STATISTICS service | ||
6338 | @strong{gnunet-service-statistics}. The @strong{gnunet-statistics} command-line | ||
6339 | tool can be used to obtain (and change) information about the values stored by | ||
6340 | the STATISTICS service. The STATISTICS service does not communicate with other | ||
6341 | peers. | ||
6342 | |||
6343 | Data is stored in the STATISTICS service in the form of tuples | ||
6344 | @strong{(subsystem, name, value, persistence)}. The subsystem determines to | ||
6345 | which other GNUnet's subsystem the data belongs. name is the name through which | ||
6346 | value is associated. It uniquely identifies the record from among other records | ||
6347 | belonging to the same subsystem. In some parts of the code, the pair | ||
6348 | @strong{(subsystem, name)} is called a @strong{statistic} as it identifies the | ||
6349 | values stored in the STATISTCS service.The persistence flag determines if the | ||
6350 | record has to be preserved across service restarts. A record is said to be | ||
6351 | persistent if this flag is set for it; if not, the record is treated as a | ||
6352 | non-persistent record and it is lost after service restart. Persistent records | ||
6353 | are written to and read from the file @strong{statistics.data} before shutdown | ||
6354 | and upon startup. The file is located in the HOME directory of the peer. | ||
6355 | |||
6356 | An anomaly of the STATISTICS service is that it does not terminate immediately | ||
6357 | upon receiving a shutdown signal if it has any clients connected to it. It | ||
6358 | waits for all the clients that are not monitors to close their connections | ||
6359 | before terminating itself. This is to prevent the loss of data during peer | ||
6360 | shutdown --- delaying the STATISTICS service shutdown helps other services to | ||
6361 | store important data to STATISTICS during shutdown. | ||
6362 | |||
6363 | @menu | ||
6364 | * libgnunetstatistics:: | ||
6365 | * The STATISTICS Client-Service Protocol:: | ||
6366 | @end menu | ||
6367 | |||
6368 | @node libgnunetstatistics | ||
6369 | @subsection libgnunetstatistics | ||
6370 | |||
6371 | @c %**end of header | ||
6372 | |||
6373 | @strong{libgnunetstatistics} is the library containing the API for the | ||
6374 | STATISTICS subsystem. Any process requiring to use STATISTICS should use this | ||
6375 | API by to open a connection to the STATISTICS service. This is done by calling | ||
6376 | the function @code{GNUNET_STATISTICS_create()}. This function takes the | ||
6377 | subsystem's name which is trying to use STATISTICS and a configuration. All | ||
6378 | values written to STATISTICS with this connection will be placed in the section | ||
6379 | corresponding to the given subsystem's name. The connection to STATISTICS can | ||
6380 | be destroyed with the function GNUNET_STATISTICS_destroy(). This function | ||
6381 | allows for the connection to be destroyed immediately or upon transferring all | ||
6382 | pending write requests to the service. | ||
6383 | |||
6384 | Note: STATISTICS subsystem can be disabled by setting @code{DISABLE = YES} | ||
6385 | under the @code{[STATISTICS]} section in the configuration. With such a | ||
6386 | configuration all calls to @code{GNUNET_STATISTICS_create()} return @code{NULL} | ||
6387 | as the STATISTICS subsystem is unavailable and no other functions from the API | ||
6388 | can be used. | ||
6389 | |||
6390 | |||
6391 | @menu | ||
6392 | * Statistics retrieval:: | ||
6393 | * Setting statistics and updating them:: | ||
6394 | * Watches:: | ||
6395 | @end menu | ||
6396 | |||
6397 | @node Statistics retrieval | ||
6398 | @subsubsection Statistics retrieval | ||
6399 | |||
6400 | @c %**end of header | ||
6401 | |||
6402 | Once a connection to the statistics service is obtained, information about any | ||
6403 | other system which uses statistics can be retrieved with the function | ||
6404 | GNUNET_STATISTICS_get(). This function takes the connection handle, the name of | ||
6405 | the subsystem whose information we are interested in (a @code{NULL} value will | ||
6406 | retrieve information of all available subsystems using STATISTICS), the name of | ||
6407 | the statistic we are interested in (a @code{NULL} value will retrieve all | ||
6408 | available statistics), a continuation callback which is called when all of | ||
6409 | requested information is retrieved, an iterator callback which is called for | ||
6410 | each parameter in the retrieved information and a closure for the | ||
6411 | aforementioned callbacks. The library then invokes the iterator callback for | ||
6412 | each value matching the request. | ||
6413 | |||
6414 | Call to @code{GNUNET_STATISTICS_get()} is asynchronous and can be canceled with | ||
6415 | the function @code{GNUNET_STATISTICS_get_cancel()}. This is helpful when | ||
6416 | retrieving statistics takes too long and especially when we want to shutdown | ||
6417 | and cleanup everything. | ||
6418 | |||
6419 | @node Setting statistics and updating them | ||
6420 | @subsubsection Setting statistics and updating them | ||
6421 | |||
6422 | @c %**end of header | ||
6423 | |||
6424 | So far we have seen how to retrieve statistics, here we will learn how we can | ||
6425 | set statistics and update them so that other subsystems can retrieve them. | ||
6426 | |||
6427 | A new statistic can be set using the function @code{GNUNET_STATISTICS_set()}. | ||
6428 | This function takes the name of the statistic and its value and a flag to make | ||
6429 | the statistic persistent. The value of the statistic should be of the type | ||
6430 | @code{uint64_t}. The function does not take the name of the subsystem; it is | ||
6431 | determined from the previous @code{GNUNET_STATISTICS_create()} invocation. If | ||
6432 | the given statistic is already present, its value is overwritten. | ||
6433 | |||
6434 | An existing statistics can be updated, i.e its value can be increased or | ||
6435 | decreased by an amount with the function @code{GNUNET_STATISTICS_update()}. The | ||
6436 | parameters to this function are similar to @code{GNUNET_STATISTICS_set()}, | ||
6437 | except that it takes the amount to be changed as a type @code{int64_t} instead | ||
6438 | of the value. | ||
6439 | |||
6440 | The library will combine multiple set or update operations into one message if | ||
6441 | the client performs requests at a rate that is faster than the available IPC | ||
6442 | with the STATISTICS service. Thus, the client does not have to worry about | ||
6443 | sending requests too quickly. | ||
6444 | |||
6445 | @node Watches | ||
6446 | @subsubsection Watches | ||
6447 | |||
6448 | @c %**end of header | ||
6449 | |||
6450 | As interesting feature of STATISTICS lies in serving notifications whenever a | ||
6451 | statistic of our interest is modified. This is achieved by registering a watch | ||
6452 | through the function @code{GNUNET_STATISTICS_watch()}. The parameters of this | ||
6453 | function are similar to those of @code{GNUNET_STATISTICS_get()}. Changes to the | ||
6454 | respective statistic's value will then cause the given iterator callback to be | ||
6455 | called. Note: A watch can only be registered for a specific statistic. Hence | ||
6456 | the subsystem name and the parameter name cannot be @code{NULL} in a call to | ||
6457 | @code{GNUNET_STATISTICS_watch()}. | ||
6458 | |||
6459 | A registered watch will keep notifying any value changes until | ||
6460 | @code{GNUNET_STATISTICS_watch_cancel()} is called with the same parameters that | ||
6461 | are used for registering the watch. | ||
6462 | |||
6463 | @node The STATISTICS Client-Service Protocol | ||
6464 | @subsection The STATISTICS Client-Service Protocol | ||
6465 | @c %**end of header | ||
6466 | |||
6467 | |||
6468 | @menu | ||
6469 | * Statistics retrieval2:: | ||
6470 | * Setting and updating statistics:: | ||
6471 | * Watching for updates:: | ||
6472 | @end menu | ||
6473 | |||
6474 | @node Statistics retrieval2 | ||
6475 | @subsubsection Statistics retrieval2 | ||
6476 | |||
6477 | @c %**end of header | ||
6478 | |||
6479 | To retrieve statistics, the client transmits a message of type | ||
6480 | @code{GNUNET_MESSAGE_TYPE_STATISTICS_GET} containing the given subsystem name | ||
6481 | and statistic parameter to the STATISTICS service. The service responds with a | ||
6482 | message of type @code{GNUNET_MESSAGE_TYPE_STATISTICS_VALUE} for each of the | ||
6483 | statistics parameters that match the client request for the client. The end of | ||
6484 | information retrieved is signaled by the service by sending a message of type | ||
6485 | @code{GNUNET_MESSAGE_TYPE_STATISTICS_END}. | ||
6486 | |||
6487 | @node Setting and updating statistics | ||
6488 | @subsubsection Setting and updating statistics | ||
6489 | |||
6490 | @c %**end of header | ||
6491 | |||
6492 | The subsystem name, parameter name, its value and the persistence flag are | ||
6493 | communicated to the service through the message | ||
6494 | @code{GNUNET_MESSAGE_TYPE_STATISTICS_SET}. | ||
6495 | |||
6496 | When the service receives a message of type | ||
6497 | @code{GNUNET_MESSAGE_TYPE_STATISTICS_SET}, it retrieves the subsystem name and | ||
6498 | checks for a statistic parameter with matching the name given in the message. | ||
6499 | If a statistic parameter is found, the value is overwritten by the new value | ||
6500 | from the message; if not found then a new statistic parameter is created with | ||
6501 | the given name and value. | ||
6502 | |||
6503 | In addition to just setting an absolute value, it is possible to perform a | ||
6504 | relative update by sending a message of type | ||
6505 | @code{GNUNET_MESSAGE_TYPE_STATISTICS_SET} with an update flag | ||
6506 | (@code{GNUNET_STATISTICS_SETFLAG_RELATIVE}) signifying that the value in the | ||
6507 | message should be treated as an update value. | ||
6508 | |||
6509 | @node Watching for updates | ||
6510 | @subsubsection Watching for updates | ||
6511 | |||
6512 | @c %**end of header | ||
6513 | |||
6514 | The function registers the watch at the service by sending a message of type | ||
6515 | @code{GNUNET_MESSAGE_TYPE_STATISTICS_WATCH}. The service then sends | ||
6516 | notifications through messages of type | ||
6517 | @code{GNUNET_MESSAGE_TYPE_STATISTICS_WATCH_VALUE} whenever the statistic | ||
6518 | parameter's value is changed. | ||
6519 | |||
6520 | @node GNUnet's Distributed Hash Table (DHT) | ||
6521 | @section GNUnet's Distributed Hash Table (DHT) | ||
6522 | |||
6523 | @c %**end of header | ||
6524 | |||
6525 | GNUnet includes a generic distributed hash table that can be used by developers | ||
6526 | building P2P applications in the framework. This section documents high-level | ||
6527 | features and how developers are expected to use the DHT. We have a research | ||
6528 | paper detailing how the DHT works. Also, Nate's thesis includes a detailed | ||
6529 | description and performance analysis (in chapter 6). | ||
6530 | |||
6531 | Key features of GNUnet's DHT include: | ||
6532 | |||
6533 | @itemize @bullet | ||
6534 | @item stores key-value pairs with values up to (approximately) 63k in size | ||
6535 | @item works with many underlay network topologies (small-world, random graph), | ||
6536 | underlay does not need to be a full mesh / clique | ||
6537 | @item support for extended queries (more than just a simple 'key'), filtering | ||
6538 | duplicate replies within the network (bloomfilter) and content validation (for | ||
6539 | details, please read the subsection on the block library) | ||
6540 | @item can (optionally) return paths taken by the PUT and GET operations to the | ||
6541 | application | ||
6542 | @item provides content replication to handle churn | ||
6543 | @end itemize | ||
6544 | |||
6545 | GNUnet's DHT is randomized and unreliable. Unreliable means that there is no | ||
6546 | strict guarantee that a value stored in the DHT is always found --- values are | ||
6547 | only found with high probability. While this is somewhat true in all P2P DHTs, | ||
6548 | GNUnet developers should be particularly wary of this fact (this will help you | ||
6549 | write secure, fault-tolerant code). Thus, when writing any application using | ||
6550 | the DHT, you should always consider the possibility that a value stored in the | ||
6551 | DHT by you or some other peer might simply not be returned, or returned with a | ||
6552 | significant delay. Your application logic must be written to tolerate this | ||
6553 | (naturally, some loss of performance or quality of service is expected in this | ||
6554 | case). | ||
6555 | |||
6556 | @menu | ||
6557 | * Block library and plugins:: | ||
6558 | * libgnunetdht:: | ||
6559 | * The DHT Client-Service Protocol:: | ||
6560 | * The DHT Peer-to-Peer Protocol:: | ||
6561 | @end menu | ||
6562 | |||
6563 | @node Block library and plugins | ||
6564 | @subsection Block library and plugins | ||
6565 | |||
6566 | @c %**end of header | ||
6567 | |||
6568 | @menu | ||
6569 | * What is a Block?:: | ||
6570 | * The API of libgnunetblock:: | ||
6571 | * Queries:: | ||
6572 | * Sample Code:: | ||
6573 | * Conclusion2:: | ||
6574 | @end menu | ||
6575 | |||
6576 | @node What is a Block? | ||
6577 | @subsubsection What is a Block? | ||
6578 | |||
6579 | @c %**end of header | ||
6580 | |||
6581 | Blocks are small (< 63k) pieces of data stored under a key (struct | ||
6582 | GNUNET_HashCode). Blocks have a type (enum GNUNET_BlockType) which defines | ||
6583 | their data format. Blocks are used in GNUnet as units of static data exchanged | ||
6584 | between peers and stored (or cached) locally. Uses of blocks include | ||
6585 | file-sharing (the files are broken up into blocks), the VPN (DNS information is | ||
6586 | stored in blocks) and the DHT (all information in the DHT and meta-information | ||
6587 | for the maintenance of the DHT are both stored using blocks). The block | ||
6588 | subsystem provides a few common functions that must be available for any type | ||
6589 | of block. | ||
6590 | |||
6591 | @node The API of libgnunetblock | ||
6592 | @subsubsection The API of libgnunetblock | ||
6593 | |||
6594 | @c %**end of header | ||
6595 | |||
6596 | The block library requires for each (family of) block type(s) a block plugin | ||
6597 | (implementing gnunet_block_plugin.h) that provides basic functions that are | ||
6598 | needed by the DHT (and possibly other subsystems) to manage the block. These | ||
6599 | block plugins are typically implemented within their respective subsystems.@ | ||
6600 | The main block library is then used to locate, load and query the appropriate | ||
6601 | block plugin. Which plugin is appropriate is determined by the block type | ||
6602 | (which is just a 32-bit integer). Block plugins contain code that specifies | ||
6603 | which block types are supported by a given plugin. The block library loads all | ||
6604 | block plugins that are installed at the local peer and forwards the application | ||
6605 | request to the respective plugin. | ||
6606 | |||
6607 | The central functions of the block APIs (plugin and main library) are to allow | ||
6608 | the mapping of blocks to their respective key (if possible) and the ability to | ||
6609 | check that a block is well-formed and matches a given request (again, if | ||
6610 | possible). This way, GNUnet can avoid storing invalid blocks, storing blocks | ||
6611 | under the wrong key and forwarding blocks in response to a query that they do | ||
6612 | not answer. | ||
6613 | |||
6614 | One key function of block plugins is that it allows GNUnet to detect duplicate | ||
6615 | replies (via the Bloom filter). All plugins MUST support detecting duplicate | ||
6616 | replies (by adding the current response to the Bloom filter and rejecting it if | ||
6617 | it is encountered again). If a plugin fails to do this, responses may loop in | ||
6618 | the network. | ||
6619 | |||
6620 | @node Queries | ||
6621 | @subsubsection Queries | ||
6622 | @c %**end of header | ||
6623 | |||
6624 | The query format for any block in GNUnet consists of four main components. | ||
6625 | First, the type of the desired block must be specified. Second, the query must | ||
6626 | contain a hash code. The hash code is used for lookups in hash tables and | ||
6627 | databases and must not be unique for the block (however, if possible a unique | ||
6628 | hash should be used as this would be best for performance). Third, an optional | ||
6629 | Bloom filter can be specified to exclude known results; replies that hash to | ||
6630 | the bits set in the Bloom filter are considered invalid. False-positives can be | ||
6631 | eliminated by sending the same query again with a different Bloom filter | ||
6632 | mutator value, which parameterizes the hash function that is used. Finally, an | ||
6633 | optional application-specific "eXtended query" (xquery) can be specified to | ||
6634 | further constrain the results. It is entirely up to the type-specific plugin to | ||
6635 | determine whether or not a given block matches a query (type, hash, Bloom | ||
6636 | filter, and xquery). Naturally, not all xquery's are valid and some types of | ||
6637 | blocks may not support Bloom filters either, so the plugin also needs to check | ||
6638 | if the query is valid in the first place. | ||
6639 | |||
6640 | Depending on the results from the plugin, the DHT will then discard the | ||
6641 | (invalid) query, forward the query, discard the (invalid) reply, cache the | ||
6642 | (valid) reply, and/or forward the (valid and non-duplicate) reply. | ||
6643 | |||
6644 | @node Sample Code | ||
6645 | @subsubsection Sample Code | ||
6646 | |||
6647 | @c %**end of header | ||
6648 | |||
6649 | The source code in @strong{plugin_block_test.c} is a good starting point for | ||
6650 | new block plugins --- it does the minimal work by implementing a plugin that | ||
6651 | performs no validation at all. The respective @strong{Makefile.am} shows how to | ||
6652 | build and install a block plugin. | ||
6653 | |||
6654 | @node Conclusion2 | ||
6655 | @subsubsection Conclusion2 | ||
6656 | |||
6657 | @c %**end of header | ||
6658 | |||
6659 | In conclusion, GNUnet subsystems that want to use the DHT need to define a | ||
6660 | block format and write a plugin to match queries and replies. For testing, the | ||
6661 | "GNUNET_BLOCK_TYPE_TEST" block type can be used; it accepts any query as valid | ||
6662 | and any reply as matching any query. This type is also used for the DHT command | ||
6663 | line tools. However, it should NOT be used for normal applications due to the | ||
6664 | lack of error checking that results from this primitive implementation. | ||
6665 | |||
6666 | @node libgnunetdht | ||
6667 | @subsection libgnunetdht | ||
6668 | |||
6669 | @c %**end of header | ||
6670 | |||
6671 | The DHT API itself is pretty simple and offers the usual GET and PUT functions | ||
6672 | that work as expected. The specified block type refers to the block library | ||
6673 | which allows the DHT to run application-specific logic for data stored in the | ||
6674 | network. | ||
6675 | |||
6676 | |||
6677 | @menu | ||
6678 | * GET:: | ||
6679 | * PUT:: | ||
6680 | * MONITOR:: | ||
6681 | * DHT Routing Options:: | ||
6682 | @end menu | ||
6683 | |||
6684 | @node GET | ||
6685 | @subsubsection GET | ||
6686 | |||
6687 | @c %**end of header | ||
6688 | |||
6689 | When using GET, the main consideration for developers (other than the block | ||
6690 | library) should be that after issuing a GET, the DHT will continuously cause | ||
6691 | (small amounts of) network traffic until the operation is explicitly canceled. | ||
6692 | So GET does not simply send out a single network request once; instead, the | ||
6693 | DHT will continue to search for data. This is needed to achieve good success | ||
6694 | rates and also handles the case where the respective PUT operation happens | ||
6695 | after the GET operation was started. Developers should not cancel an existing | ||
6696 | GET operation and then explicitly re-start it to trigger a new round of | ||
6697 | network requests; this is simply inefficient, especially as the internal | ||
6698 | automated version can be more efficient, for example by filtering results in | ||
6699 | the network that have already been returned. | ||
6700 | |||
6701 | If an application that performs a GET request has a set of replies that it | ||
6702 | already knows and would like to filter, it can call@ | ||
6703 | @code{GNUNET_DHT_get_filter_known_results} with an array of hashes over the | ||
6704 | respective blocks to tell the DHT that these results are not desired (any | ||
6705 | more). This way, the DHT will filter the respective blocks using the block | ||
6706 | library in the network, which may result in a significant reduction in | ||
6707 | bandwidth consumption. | ||
6708 | |||
6709 | @node PUT | ||
6710 | @subsubsection PUT | ||
6711 | |||
6712 | @c %**end of header | ||
6713 | |||
6714 | In contrast to GET operations, developers @strong{must} manually re-run PUT | ||
6715 | operations periodically (if they intend the content to continue to be | ||
6716 | available). Content stored in the DHT expires or might be lost due to churn. | ||
6717 | Furthermore, GNUnet's DHT typically requires multiple rounds of PUT operations | ||
6718 | before a key-value pair is consistently available to all peers (the DHT | ||
6719 | randomizes paths and thus storage locations, and only after multiple rounds of | ||
6720 | PUTs there will be a sufficient number of replicas in large DHTs). An explicit | ||
6721 | PUT operation using the DHT API will only cause network traffic once, so in | ||
6722 | order to ensure basic availability and resistance to churn (and adversaries), | ||
6723 | PUTs must be repeated. While the exact frequency depends on the application, a | ||
6724 | rule of thumb is that there should be at least a dozen PUT operations within | ||
6725 | the content lifetime. Content in the DHT typically expires after one day, so | ||
6726 | DHT PUT operations should be repeated at least every 1-2 hours. | ||
6727 | |||
6728 | @node MONITOR | ||
6729 | @subsubsection MONITOR | ||
6730 | |||
6731 | @c %**end of header | ||
6732 | |||
6733 | The DHT API also allows applications to monitor messages crossing the local | ||
6734 | DHT service. The types of messages used by the DHT are GET, PUT and RESULT | ||
6735 | messages. Using the monitoring API, applications can choose to monitor these | ||
6736 | requests, possibly limiting themselves to requests for a particular block | ||
6737 | type. | ||
6738 | |||
6739 | The monitoring API is not only usefu only for diagnostics, it can also be used | ||
6740 | to trigger application operations based on PUT operations. For example, an | ||
6741 | application may use PUTs to distribute work requests to other peers. The | ||
6742 | workers would then monitor for PUTs that give them work, instead of looking | ||
6743 | for work using GET operations. This can be beneficial, especially if the | ||
6744 | workers have no good way to guess the keys under which work would be stored. | ||
6745 | Naturally, additional protocols might be needed to ensure that the desired | ||
6746 | number of workers will process the distributed workload. | ||
6747 | |||
6748 | @node DHT Routing Options | ||
6749 | @subsubsection DHT Routing Options | ||
6750 | |||
6751 | @c %**end of header | ||
6752 | |||
6753 | There are two important options for GET and PUT requests: | ||
6754 | |||
6755 | @table @asis | ||
6756 | @item GNUNET_DHT_RO_DEMULITPLEX_EVERYWHERE This option means that all peers | ||
6757 | should process the request, even if their peer ID is not closest to the key. | ||
6758 | For a PUT request, this means that all peers that a request traverses may make | ||
6759 | a copy of the data. Similarly for a GET request, all peers will check their | ||
6760 | local database for a result. Setting this option can thus significantly improve | ||
6761 | caching and reduce bandwidth consumption --- at the expense of a larger DHT | ||
6762 | database. If in doubt, we recommend that this option should be used. | ||
6763 | @item GNUNET_DHT_RO_RECORD_ROUTE This option instructs the DHT to record the path | ||
6764 | that a GET or a PUT request is taking through the overlay network. The | ||
6765 | resulting paths are then returned to the application with the respective | ||
6766 | result. This allows the receiver of a result to construct a path to the | ||
6767 | originator of the data, which might then be used for routing. Naturally, | ||
6768 | setting this option requires additional bandwidth and disk space, so | ||
6769 | applications should only set this if the paths are needed by the application | ||
6770 | logic. | ||
6771 | @item GNUNET_DHT_RO_FIND_PEER This option is an internal option used by | ||
6772 | the DHT's peer discovery mechanism and should not be used by applications. | ||
6773 | @item GNUNET_DHT_RO_BART This option is currently not implemented. It may in | ||
6774 | the future offer performance improvements for clique topologies. | ||
6775 | @end table | ||
6776 | |||
6777 | @node The DHT Client-Service Protocol | ||
6778 | @subsection The DHT Client-Service Protocol | ||
6779 | |||
6780 | @c %**end of header | ||
6781 | |||
6782 | @menu | ||
6783 | * PUTting data into the DHT:: | ||
6784 | * GETting data from the DHT:: | ||
6785 | * Monitoring the DHT:: | ||
6786 | @end menu | ||
6787 | |||
6788 | @node PUTting data into the DHT | ||
6789 | @subsubsection PUTting data into the DHT | ||
6790 | |||
6791 | @c %**end of header | ||
6792 | |||
6793 | To store (PUT) data into the DHT, the client sends a@ @code{struct | ||
6794 | GNUNET_DHT_ClientPutMessage} to the service. This message specifies the block | ||
6795 | type, routing options, the desired replication level, the expiration time, key, | ||
6796 | value and a 64-bit unique ID for the operation. The service responds with a@ | ||
6797 | @code{struct GNUNET_DHT_ClientPutConfirmationMessage} with the same 64-bit | ||
6798 | unique ID. Note that the service sends the confirmation as soon as it has | ||
6799 | locally processed the PUT request. The PUT may still be propagating through the | ||
6800 | network at this time. | ||
6801 | |||
6802 | In the future, we may want to change this to provide (limited) feedback to the | ||
6803 | client, for example if we detect that the PUT operation had no effect because | ||
6804 | the same key-value pair was already stored in the DHT. However, changing this | ||
6805 | would also require additional state and messages in the P2P | ||
6806 | interaction. | ||
6807 | |||
6808 | @node GETting data from the DHT | ||
6809 | @subsubsection GETting data from the DHT | ||
6810 | |||
6811 | @c %**end of header | ||
6812 | |||
6813 | To retrieve (GET) data from the DHT, the client sends a@ @code{struct | ||
6814 | GNUNET_DHT_ClientGetMessage} to the service. The message specifies routing | ||
6815 | options, a replication level (for replicating the GET, not the content), the | ||
6816 | desired block type, the key, the (optional) extended query and unique 64-bit | ||
6817 | request ID. | ||
6818 | |||
6819 | Additionally, the client may send any number of@ @code{struct | ||
6820 | GNUNET_DHT_ClientGetResultSeenMessage}s to notify the service about results | ||
6821 | that the client is already aware of. These messages consist of the key, the | ||
6822 | unique 64-bit ID of the request, and an arbitrary number of hash codes over the | ||
6823 | blocks that the client is already aware of. As messages are restricted to 64k, | ||
6824 | a client that already knows more than about a thousand blocks may need to send | ||
6825 | several of these messages. Naturally, the client should transmit these messages | ||
6826 | as quickly as possible after the original GET request such that the DHT can | ||
6827 | filter those results in the network early on. Naturally, as these messages are | ||
6828 | send after the original request, it is conceivalbe that the DHT service may | ||
6829 | return blocks that match those already known to the client anyway. | ||
6830 | |||
6831 | In response to a GET request, the service will send @code{struct | ||
6832 | GNUNET_DHT_ClientResultMessage}s to the client. These messages contain the | ||
6833 | block type, expiration, key, unique ID of the request and of course the value | ||
6834 | (a block). Depending on the options set for the respective operations, the | ||
6835 | replies may also contain the path the GET and/or the PUT took through the | ||
6836 | network. | ||
6837 | |||
6838 | A client can stop receiving replies either by disconnecting or by sending a | ||
6839 | @code{struct GNUNET_DHT_ClientGetStopMessage} which must contain the key and | ||
6840 | the 64-bit unique ID of the original request. Using an explicit "stop" message | ||
6841 | is more common as this allows a client to run many concurrent GET operations | ||
6842 | over the same connection with the DHT service --- and to stop them | ||
6843 | individually. | ||
6844 | |||
6845 | @node Monitoring the DHT | ||
6846 | @subsubsection Monitoring the DHT | ||
6847 | |||
6848 | @c %**end of header | ||
6849 | |||
6850 | To begin monitoring, the client sends a @code{struct | ||
6851 | GNUNET_DHT_MonitorStartStop} message to the DHT service. In this message, flags | ||
6852 | can be set to enable (or disable) monitoring of GET, PUT and RESULT messages | ||
6853 | that pass through a peer. The message can also restrict monitoring to a | ||
6854 | particular block type or a particular key. Once monitoring is enabled, the DHT | ||
6855 | service will notify the client about any matching event using @code{struct | ||
6856 | GNUNET_DHT_MonitorGetMessage}s for GET events, @code{struct | ||
6857 | GNUNET_DHT_MonitorPutMessage} for PUT events and@ @code{struct | ||
6858 | GNUNET_DHT_MonitorGetRespMessage} for RESULTs. Each of these messages contains | ||
6859 | all of the information about the event. | ||
6860 | |||
6861 | @node The DHT Peer-to-Peer Protocol | ||
6862 | @subsection The DHT Peer-to-Peer Protocol | ||
6863 | @c %**end of header | ||
6864 | |||
6865 | |||
6866 | @menu | ||
6867 | * Routing GETs or PUTs:: | ||
6868 | * PUTting data into the DHT2:: | ||
6869 | * GETting data from the DHT2:: | ||
6870 | @end menu | ||
6871 | |||
6872 | @node Routing GETs or PUTs | ||
6873 | @subsubsection Routing GETs or PUTs | ||
6874 | |||
6875 | @c %**end of header | ||
6876 | |||
6877 | When routing GETs or PUTs, the DHT service selects a suitable subset of | ||
6878 | neighbours for forwarding. The exact number of neighbours can be zero or more | ||
6879 | and depends on the hop counter of the query (initially zero) in relation to the | ||
6880 | (log of) the network size estimate, the desired replication level and the | ||
6881 | peer's connectivity. Depending on the hop counter and our network size | ||
6882 | estimate, the selection of the peers maybe randomized or by proximity to the | ||
6883 | key. Furthermore, requests include a set of peers that a request has already | ||
6884 | traversed; those peers are also excluded from the selection. | ||
6885 | |||
6886 | @node PUTting data into the DHT2 | ||
6887 | @subsubsection PUTting data into the DHT2 | ||
6888 | |||
6889 | @c %**end of header | ||
6890 | |||
6891 | To PUT data into the DHT, the service sends a @code{struct PeerPutMessage} of | ||
6892 | type @code{GNUNET_MESSAGE_TYPE_DHT_P2P_PUT} to the respective neighbour. In | ||
6893 | addition to the usual information about the content (type, routing options, | ||
6894 | desired replication level for the content, expiration time, key and value), the | ||
6895 | message contains a fixed-size Bloom filter with information about which peers | ||
6896 | (may) have already seen this request. This Bloom filter is used to ensure that | ||
6897 | DHT messages never loop back to a peer that has already processed the request. | ||
6898 | Additionally, the message includes the current hop counter and, depending on | ||
6899 | the routing options, the message may include the full path that the message has | ||
6900 | taken so far. The Bloom filter should already contain the identity of the | ||
6901 | previous hop; however, the path should not include the identity of the previous | ||
6902 | hop and the receiver should append the identity of the sender to the path, not | ||
6903 | its own identity (this is done to reduce bandwidth). | ||
6904 | |||
6905 | @node GETting data from the DHT2 | ||
6906 | @subsubsection GETting data from the DHT2 | ||
6907 | |||
6908 | @c %**end of header | ||
6909 | |||
6910 | A peer can search the DHT by sending @code{struct PeerGetMessage}s of type | ||
6911 | @code{GNUNET_MESSAGE_TYPE_DHT_P2P_GET} to other peers. In addition to the usual | ||
6912 | information about the request (type, routing options, desired replication level | ||
6913 | for the request, the key and the extended query), a GET request also again | ||
6914 | contains a hop counter, a Bloom filter over the peers that have processed the | ||
6915 | request already and depending on the routing options the full path traversed by | ||
6916 | the GET. Finally, a GET request includes a variable-size second Bloom filter | ||
6917 | and a so-called Bloom filter mutator value which together indicate which | ||
6918 | replies the sender has already seen. During the lookup, each block that matches | ||
6919 | they block type, key and extended query is additionally subjected to a test | ||
6920 | against this Bloom filter. The block plugin is expected to take the hash of the | ||
6921 | block and combine it with the mutator value and check if the result is not yet | ||
6922 | in the Bloom filter. The originator of the query will from time to time modify | ||
6923 | the mutator to (eventually) allow false-positives filtered by the Bloom filter | ||
6924 | to be returned. | ||
6925 | |||
6926 | Peers that receive a GET request perform a local lookup (depending on their | ||
6927 | proximity to the key and the query options) and forward the request to other | ||
6928 | peers. They then remember the request (including the Bloom filter for blocking | ||
6929 | duplicate results) and when they obtain a matching, non-filtered response a | ||
6930 | @code{struct PeerResultMessage} of type@ | ||
6931 | @code{GNUNET_MESSAGE_TYPE_DHT_P2P_RESULT} is forwarded to the previous hop. | ||
6932 | Whenver a result is forwarded, the block plugin is used to update the Bloom | ||
6933 | filter accordingly, to ensure that the same result is never forwarded more than | ||
6934 | once. The DHT service may also cache forwarded results locally if the | ||
6935 | "CACHE_RESULTS" option is set to "YES" in the configuration. | ||
6936 | |||
6937 | @node The GNU Name System (GNS) | ||
6938 | @section The GNU Name System (GNS) | ||
6939 | |||
6940 | @c %**end of header | ||
6941 | |||
6942 | The GNU Name System (GNS) is a decentralized database that enables users to | ||
6943 | securely resolve names to values. Names can be used to identify other users | ||
6944 | (for example, in social networking), or network services (for example, VPN | ||
6945 | services running at a peer in GNUnet, or purely IP-based services on the | ||
6946 | Internet). Users interact with GNS by typing in a hostname that ends in ".gnu" | ||
6947 | or ".zkey". | ||
6948 | |||
6949 | Videos giving an overview of most of the GNS and the motivations behind it is | ||
6950 | available here and here. The remainder of this chapter targets developers that | ||
6951 | are familiar with high level concepts of GNS as presented in these talks. | ||
6952 | |||
6953 | GNS-aware applications should use the GNS resolver to obtain the respective | ||
6954 | records that are stored under that name in GNS. Each record consists of a type, | ||
6955 | value, expiration time and flags. | ||
6956 | |||
6957 | The type specifies the format of the value. Types below 65536 correspond to DNS | ||
6958 | record types, larger values are used for GNS-specific records. Applications can | ||
6959 | define new GNS record types by reserving a number and implementing a plugin | ||
6960 | (which mostly needs to convert the binary value representation to a | ||
6961 | human-readable text format and vice-versa). The expiration time specifies how | ||
6962 | long the record is to be valid. The GNS API ensures that applications are only | ||
6963 | given non-expired values. The flags are typically irrelevant for applications, | ||
6964 | as GNS uses them internally to control visibility and validity of records. | ||
6965 | |||
6966 | Records are stored along with a signature. The signature is generated using the | ||
6967 | private key of the authoritative zone. This allows any GNS resolver to verify | ||
6968 | the correctness of a name-value mapping. | ||
6969 | |||
6970 | Internally, GNS uses the NAMECACHE to cache information obtained from other | ||
6971 | users, the NAMESTORE to store information specific to the local users, and the | ||
6972 | DHT to exchange data between users. A plugin API is used to enable applications | ||
6973 | to define new GNS record types. | ||
6974 | |||
6975 | @menu | ||
6976 | * libgnunetgns:: | ||
6977 | * libgnunetgnsrecord:: | ||
6978 | * GNS plugins:: | ||
6979 | * The GNS Client-Service Protocol:: | ||
6980 | * Hijacking the DNS-Traffic using gnunet-service-dns:: | ||
6981 | * Serving DNS lookups via GNS on W32:: | ||
6982 | @end menu | ||
6983 | |||
6984 | @node libgnunetgns | ||
6985 | @subsection libgnunetgns | ||
6986 | |||
6987 | @c %**end of header | ||
6988 | |||
6989 | The GNS API itself is extremely simple. Clients first connec to the GNS service | ||
6990 | using @code{GNUNET_GNS_connect}. They can then perform lookups using | ||
6991 | @code{GNUNET_GNS_lookup} or cancel pending lookups using | ||
6992 | @code{GNUNET_GNS_lookup_cancel}. Once finished, clients disconnect using | ||
6993 | @code{GNUNET_GNS_disconnect}. | ||
6994 | |||
6995 | |||
6996 | @menu | ||
6997 | * Looking up records:: | ||
6998 | * Accessing the records:: | ||
6999 | * Creating records:: | ||
7000 | * Future work:: | ||
7001 | @end menu | ||
7002 | |||
7003 | @node Looking up records | ||
7004 | @subsubsection Looking up records | ||
7005 | |||
7006 | @c %**end of header | ||
7007 | |||
7008 | @code{GNUNET_GNS_lookup} takes a number of arguments: | ||
7009 | |||
7010 | @table @asis | ||
7011 | @item handle This is simply the GNS connection handle from | ||
7012 | @code{GNUNET_GNS_connect}. | ||
7013 | @item name The client needs to specify the name to | ||
7014 | be resolved. This can be any valid DNS or GNS hostname. | ||
7015 | @item zone The client | ||
7016 | needs to specify the public key of the GNS zone against which the resolution | ||
7017 | should be done (the ".gnu" zone). Note that a key must be provided, even if the | ||
7018 | name ends in ".zkey". This should typically be the public key of the | ||
7019 | master-zone of the user. | ||
7020 | @item type This is the desired GNS or DNS record type | ||
7021 | to look for. While all records for the given name will be returned, this can be | ||
7022 | important if the client wants to resolve record types that themselves delegate | ||
7023 | resolution, such as CNAME, PKEY or GNS2DNS. Resolving a record of any of these | ||
7024 | types will only work if the respective record type is specified in the request, | ||
7025 | as the GNS resolver will otherwise follow the delegation and return the records | ||
7026 | from the respective destination, instead of the delegating record. | ||
7027 | @item only_cached This argument should typically be set to @code{GNUNET_NO}. Setting | ||
7028 | it to @code{GNUNET_YES} disables resolution via the overlay network. | ||
7029 | @item shorten_zone_key If GNS encounters new names during resolution, their | ||
7030 | respective zones can automatically be learned and added to the "shorten zone". | ||
7031 | If this is desired, clients must pass the private key of the shorten zone. If | ||
7032 | NULL is passed, shortening is disabled. | ||
7033 | @item proc This argument identifies | ||
7034 | the function to call with the result. It is given proc_cls, the number of | ||
7035 | records found (possilby zero) and the array of the records as arguments. proc | ||
7036 | will only be called once. After proc,> has been called, the lookup must no | ||
7037 | longer be cancelled. | ||
7038 | @item proc_cls The closure for proc. | ||
7039 | @end table | ||
7040 | |||
7041 | @node Accessing the records | ||
7042 | @subsubsection Accessing the records | ||
7043 | |||
7044 | @c %**end of header | ||
7045 | |||
7046 | The @code{libgnunetgnsrecord} library provides an API to manipulate the GNS | ||
7047 | record array that is given to proc. In particular, it offers functions such as | ||
7048 | converting record values to human-readable strings (and back). However, most | ||
7049 | @code{libgnunetgnsrecord} functions are not interesting to GNS client | ||
7050 | applications. | ||
7051 | |||
7052 | For DNS records, the @code{libgnunetdnsparser} library provides functions for | ||
7053 | parsing (and serializing) common types of DNS records. | ||
7054 | |||
7055 | @node Creating records | ||
7056 | @subsubsection Creating records | ||
7057 | |||
7058 | @c %**end of header | ||
7059 | |||
7060 | Creating GNS records is typically done by building the respective record | ||
7061 | information (possibly with the help of @code{libgnunetgnsrecord} and | ||
7062 | @code{libgnunetdnsparser}) and then using the @code{libgnunetnamestore} to | ||
7063 | publish the information. The GNS API is not involved in this | ||
7064 | operation. | ||
7065 | |||
7066 | @node Future work | ||
7067 | @subsubsection Future work | ||
7068 | |||
7069 | @c %**end of header | ||
7070 | |||
7071 | In the future, we want to expand @code{libgnunetgns} to allow applications to | ||
7072 | observe shortening operations performed during GNS resolution, for example so | ||
7073 | that users can receive visual feedback when this happens. | ||
7074 | |||
7075 | @node libgnunetgnsrecord | ||
7076 | @subsection libgnunetgnsrecord | ||
7077 | |||
7078 | @c %**end of header | ||
7079 | |||
7080 | The @code{libgnunetgnsrecord} library is used to manipulate GNS records (in | ||
7081 | plaintext or in their encrypted format). Applications mostly interact with | ||
7082 | @code{libgnunetgnsrecord} by using the functions to convert GNS record values | ||
7083 | to strings or vice-versa, or to lookup a GNS record type number by name (or | ||
7084 | vice-versa). The library also provides various other functions that are mostly | ||
7085 | used internally within GNS, such as converting keys to names, checking for | ||
7086 | expiration, encrypting GNS records to GNS blocks, verifying GNS block | ||
7087 | signatures and decrypting GNS records from GNS blocks. | ||
7088 | |||
7089 | We will now discuss the four commonly used functions of the API.@ | ||
7090 | @code{libgnunetgnsrecord} does not perform these operations itself, but instead | ||
7091 | uses plugins to perform the operation. GNUnet includes plugins to support | ||
7092 | common DNS record types as well as standard GNS record types. | ||
7093 | |||
7094 | |||
7095 | @menu | ||
7096 | * Value handling:: | ||
7097 | * Type handling:: | ||
7098 | @end menu | ||
7099 | |||
7100 | @node Value handling | ||
7101 | @subsubsection Value handling | ||
7102 | |||
7103 | @c %**end of header | ||
7104 | |||
7105 | @code{GNUNET_GNSRECORD_value_to_string} can be used to convert the (binary) | ||
7106 | representation of a GNS record value to a human readable, 0-terminated UTF-8 | ||
7107 | string. NULL is returned if the specified record type is not supported by any | ||
7108 | available plugin. | ||
7109 | |||
7110 | @code{GNUNET_GNSRECORD_string_to_value} can be used to try to convert a human | ||
7111 | readable string to the respective (binary) representation of a GNS record | ||
7112 | value. | ||
7113 | |||
7114 | @node Type handling | ||
7115 | @subsubsection Type handling | ||
7116 | |||
7117 | @c %**end of header | ||
7118 | |||
7119 | @code{GNUNET_GNSRECORD_typename_to_number} can be used to obtain the numeric | ||
7120 | value associated with a given typename. For example, given the typename "A" | ||
7121 | (for DNS A reocrds), the function will return the number 1. A list of common | ||
7122 | DNS record types is | ||
7123 | @uref{http://en.wikipedia.org/wiki/List_of_DNS_record_types, here. Note that | ||
7124 | not all DNS record types are supported by GNUnet GNSRECORD plugins at this | ||
7125 | time.} | ||
7126 | |||
7127 | @code{GNUNET_GNSRECORD_number_to_typename} can be used to obtain the typename | ||
7128 | associated with a given numeric value. For example, given the type number 1, | ||
7129 | the function will return the typename "A". | ||
7130 | |||
7131 | @node GNS plugins | ||
7132 | @subsection GNS plugins | ||
7133 | |||
7134 | @c %**end of header | ||
7135 | |||
7136 | Adding a new GNS record type typically involves writing (or extending) a | ||
7137 | GNSRECORD plugin. The plugin needs to implement the | ||
7138 | @code{gnunet_gnsrecord_plugin.h} API which provides basic functions that are | ||
7139 | needed by GNSRECORD to convert typenames and values of the respective record | ||
7140 | type to strings (and back). These gnsrecord plugins are typically implemented | ||
7141 | within their respective subsystems. Examples for such plugins can be found in | ||
7142 | the GNSRECORD, GNS and CONVERSATION subsystems. | ||
7143 | |||
7144 | The @code{libgnunetgnsrecord} library is then used to locate, load and query | ||
7145 | the appropriate gnsrecord plugin. Which plugin is appropriate is determined by | ||
7146 | the record type (which is just a 32-bit integer). The @code{libgnunetgnsrecord} | ||
7147 | library loads all block plugins that are installed at the local peer and | ||
7148 | forwards the application request to the plugins. If the record type is not | ||
7149 | supported by the plugin, it should simply return an error code. | ||
7150 | |||
7151 | The central functions of the block APIs (plugin and main library) are the same | ||
7152 | four functions for converting between values and strings, and typenames and | ||
7153 | numbers documented in the previous subsection. | ||
7154 | |||
7155 | @node The GNS Client-Service Protocol | ||
7156 | @subsection The GNS Client-Service Protocol | ||
7157 | |||
7158 | @c %**end of header | ||
7159 | |||
7160 | The GNS client-service protocol consists of two simple messages, the | ||
7161 | @code{LOOKUP} message and the @code{LOOKUP_RESULT}. Each @code{LOOKUP} message | ||
7162 | contains a unique 32-bit identifier, which will be included in the | ||
7163 | corresponding response. Thus, clients can send many lookup requests in parallel | ||
7164 | and receive responses out-of-order. A @code{LOOKUP} request also includes the | ||
7165 | public key of the GNS zone, the desired record type and fields specifying | ||
7166 | whether shortening is enabled or networking is disabled. Finally, the | ||
7167 | @code{LOOKUP} message includes the name to be resolved. | ||
7168 | |||
7169 | The response includes the number of records and the records themselves in the | ||
7170 | format created by @code{GNUNET_GNSRECORD_records_serialize}. They can thus be | ||
7171 | deserialized using @code{GNUNET_GNSRECORD_records_deserialize}. | ||
7172 | |||
7173 | @node Hijacking the DNS-Traffic using gnunet-service-dns | ||
7174 | @subsection Hijacking the DNS-Traffic using gnunet-service-dns | ||
7175 | |||
7176 | @c %**end of header | ||
7177 | |||
7178 | This section documents how the gnunet-service-dns (and the gnunet-helper-dns) | ||
7179 | intercepts DNS queries from the local system.@ This is merely one method for | ||
7180 | how we can obtain GNS queries. It is also possible to change @code{resolv.conf} | ||
7181 | to point to a machine running @code{gnunet-dns2gns} or to modify libc's name | ||
7182 | system switch (NSS) configuration to include a GNS resolution plugin. The | ||
7183 | method described in this chaper is more of a last-ditch catch-all approach. | ||
7184 | |||
7185 | @code{gnunet-service-dns} enables intercepting DNS traffic using policy based | ||
7186 | routing. We MARK every outgoing DNS-packet if it was not sent by our | ||
7187 | application. Using a second routing table in the Linux kernel these marked | ||
7188 | packets are then routed through our virtual network interface and can thus be | ||
7189 | captured unchanged. | ||
7190 | |||
7191 | Our application then reads the query and decides how to handle it: A query to | ||
7192 | an address ending in ".gnu" or ".zkey" is hijacked by @code{gnunet-service-gns} | ||
7193 | and resolved internally using GNS. In the future, a reverse query for an | ||
7194 | address of the configured virtual network could be answered with records kept | ||
7195 | about previous forward queries. Queries that are not hijacked by some | ||
7196 | application using the DNS service will be sent to the original recipient. The | ||
7197 | answer to the query will always be sent back through the virtual interface with | ||
7198 | the original nameserver as source address. | ||
7199 | |||
7200 | |||
7201 | @menu | ||
7202 | * Network Setup Details:: | ||
7203 | @end menu | ||
7204 | |||
7205 | @node Network Setup Details | ||
7206 | @subsubsection Network Setup Details | ||
7207 | |||
7208 | @c %**end of header | ||
7209 | |||
7210 | The DNS interceptor adds the following rules to the Linux kernel: | ||
7211 | @example | ||
7212 | iptables -t mangle -I OUTPUT 1 -p udp --sport $LOCALPORT --dport 53 -j | ||
7213 | ACCEPT iptables -t mangle -I OUTPUT 2 -p udp --dport 53 -j MARK --set-mark 3 ip | ||
7214 | rule add fwmark 3 table2 ip route add default via $VIRTUALDNS table2 | ||
7215 | @end example | ||
7216 | |||
7217 | Line 1 makes sure that all packets coming from a port our application opened | ||
7218 | beforehand (@code{$LOCALPORT}) will be routed normally. Line 2 marks every | ||
7219 | other packet to a DNS-Server with mark 3 (chosen arbitrarily). The third line | ||
7220 | adds a routing policy based on this mark 3 via the routing table. | ||
7221 | |||
7222 | @node Serving DNS lookups via GNS on W32 | ||
7223 | @subsection Serving DNS lookups via GNS on W32 | ||
7224 | |||
7225 | @c %**end of header | ||
7226 | |||
7227 | This section documents how the libw32nsp (and gnunet-gns-helper-service-w32) do | ||
7228 | DNS resolutions of DNS queries on the local system. This only applies to GNUnet | ||
7229 | running on W32. | ||
7230 | |||
7231 | W32 has a concept of "Namespaces" and "Namespace providers". These are used to | ||
7232 | present various name systems to applications in a generic way. Namespaces | ||
7233 | include DNS, mDNS, NLA and others. For each namespace any number of providers | ||
7234 | could be registered, and they are queried in an order of priority (which is | ||
7235 | adjustable). | ||
7236 | |||
7237 | Applications can resolve names by using WSALookupService*() family of | ||
7238 | functions. | ||
7239 | |||
7240 | However, these are WSA-only facilities. Common BSD socket functions for | ||
7241 | namespace resolutions are gethostbyname and getaddrinfo (among others). These | ||
7242 | functions are implemented internally (by default - by mswsock, which also | ||
7243 | implements the default DNS provider) as wrappers around WSALookupService*() | ||
7244 | functions (see "Sample Code for a Service Provider" on MSDN). | ||
7245 | |||
7246 | On W32 GNUnet builds a libw32nsp - a namespace provider, which can then be | ||
7247 | installed into the system by using w32nsp-install (and uninstalled by | ||
7248 | w32nsp-uninstall), as described in "Installation Handbook". | ||
7249 | |||
7250 | libw32nsp is very simple and has almost no dependencies. As a response to | ||
7251 | NSPLookupServiceBegin(), it only checks that the provider GUID passed to it by | ||
7252 | the caller matches GNUnet DNS Provider GUID, checks that name being resolved | ||
7253 | ends in ".gnu" or ".zkey", then connects to gnunet-gns-helper-service-w32 at | ||
7254 | 127.0.0.1:5353 (hardcoded) and sends the name resolution request there, | ||
7255 | returning the connected socket to the caller. | ||
7256 | |||
7257 | When the caller invokes NSPLookupServiceNext(), libw32nsp reads a completely | ||
7258 | formed reply from that socket, unmarshalls it, then gives it back to the | ||
7259 | caller. | ||
7260 | |||
7261 | At the moment gnunet-gns-helper-service-w32 is implemented to ever give only | ||
7262 | one reply, and subsequent calls to NSPLookupServiceNext() will fail with | ||
7263 | WSA_NODATA (first call to NSPLookupServiceNext() might also fail if GNS failed | ||
7264 | to find the name, or there was an error connecting to it). | ||
7265 | |||
7266 | gnunet-gns-helper-service-w32 does most of the processing: | ||
7267 | |||
7268 | @itemize @bullet | ||
7269 | @item Maintains a connection to GNS. | ||
7270 | @item Reads GNS config and loads appropriate keys. | ||
7271 | @item Checks service GUID and decides on the type of record to look up, | ||
7272 | refusing to make a lookup outright when unsupported service GUID is passed. | ||
7273 | @item Launches the lookup | ||
7274 | @end itemize | ||
7275 | |||
7276 | When lookup result arrives, gnunet-gns-helper-service-w32 forms a complete | ||
7277 | reply (including filling a WSAQUERYSETW structure and, possibly, a binary blob | ||
7278 | with a hostent structure for gethostbyname() client), marshalls it, and sends | ||
7279 | it back to libw32nsp. If no records were found, it sends an empty header. | ||
7280 | |||
7281 | This works for most normal applications that use gethostbyname() or | ||
7282 | getaddrinfo() to resolve names, but fails to do anything with applications that | ||
7283 | use alternative means of resolving names (such as sending queries to a DNS | ||
7284 | server directly by themselves). This includes some of well known utilities, | ||
7285 | like "ping" and "nslookup". | ||
7286 | |||
7287 | @node The GNS Namecache | ||
7288 | @section The GNS Namecache | ||
7289 | |||
7290 | @c %**end of header | ||
7291 | |||
7292 | The NAMECACHE subsystem is responsible for caching (encrypted) resolution | ||
7293 | results of the GNU Name System (GNS). GNS makes zone information available to | ||
7294 | other users via the DHT. However, as accessing the DHT for every lookup is | ||
7295 | expensive (and as the DHT's local cache is lost whenever the peer is | ||
7296 | restarted), GNS uses the NAMECACHE as a more persistent cache for DHT lookups. | ||
7297 | Thus, instead of always looking up every name in the DHT, GNS first checks if | ||
7298 | the result is already available locally in the NAMECACHE. Only if there is no | ||
7299 | result in the NAMECACHE, GNS queries the DHT. The NAMECACHE stores data in the | ||
7300 | same (encrypted) format as the DHT. It thus makes no sense to iterate over all | ||
7301 | items in the NAMECACHE --- the NAMECACHE does not have a way to provide the | ||
7302 | keys required to decrypt the entries. | ||
7303 | |||
7304 | Blocks in the NAMECACHE share the same expiration mechanism as blocks in the | ||
7305 | DHT --- the block expires wheneever any of the records in the (encrypted) block | ||
7306 | expires. The expiration time of the block is the only information stored in | ||
7307 | plaintext. The NAMECACHE service internally performs all of the required work | ||
7308 | to expire blocks, clients do not have to worry about this. Also, given that | ||
7309 | NAMECACHE stores only GNS blocks that local users requested, there is no | ||
7310 | configuration option to limit the size of the NAMECACHE. It is assumed to be | ||
7311 | always small enough (a few MB) to fit on the drive. | ||
7312 | |||
7313 | The NAMECACHE supports the use of different database backends via a plugin API. | ||
7314 | |||
7315 | @menu | ||
7316 | * libgnunetnamecache:: | ||
7317 | * The NAMECACHE Client-Service Protocol:: | ||
7318 | * The NAMECACHE Plugin API:: | ||
7319 | @end menu | ||
7320 | |||
7321 | @node libgnunetnamecache | ||
7322 | @subsection libgnunetnamecache | ||
7323 | |||
7324 | @c %**end of header | ||
7325 | |||
7326 | The NAMECACHE API consists of five simple functions. First, there is | ||
7327 | @code{GNUNET_NAMECACHE_connect} to connect to the NAMECACHE service. This | ||
7328 | returns the handle required for all other operations on the NAMECACHE. Using | ||
7329 | @code{GNUNET_NAMECACHE_block_cache} clients can insert a block into the cache. | ||
7330 | @code{GNUNET_NAMECACHE_lookup_block} can be used to lookup blocks that were | ||
7331 | stored in the NAMECACHE. Both operations can be cancelled using | ||
7332 | @code{GNUNET_NAMECACHE_cancel}. Note that cancelling a | ||
7333 | @code{GNUNET_NAMECACHE_block_cache} operation can result in the block being | ||
7334 | stored in the NAMECACHE --- or not. Cancellation primarily ensures that the | ||
7335 | continuation function with the result of the operation will no longer be | ||
7336 | invoked. Finally, @code{GNUNET_NAMECACHE_disconnect} closes the connection to | ||
7337 | the NAMECACHE. | ||
7338 | |||
7339 | The maximum size of a block that can be stored in the NAMECACHE is | ||
7340 | @code{GNUNET_NAMECACHE_MAX_VALUE_SIZE}, which is defined to be 63 kB. | ||
7341 | |||
7342 | @node The NAMECACHE Client-Service Protocol | ||
7343 | @subsection The NAMECACHE Client-Service Protocol | ||
7344 | |||
7345 | @c %**end of header | ||
7346 | |||
7347 | All messages in the NAMECACHE IPC protocol start with the @code{struct | ||
7348 | GNUNET_NAMECACHE_Header} which adds a request ID (32-bit integer) to the | ||
7349 | standard message header. The request ID is used to match requests with the | ||
7350 | respective responses from the NAMECACHE, as they are allowed to happen | ||
7351 | out-of-order. | ||
7352 | |||
7353 | |||
7354 | @menu | ||
7355 | * Lookup:: | ||
7356 | * Store:: | ||
7357 | @end menu | ||
7358 | |||
7359 | @node Lookup | ||
7360 | @subsubsection Lookup | ||
7361 | |||
7362 | @c %**end of header | ||
7363 | |||
7364 | The @code{struct LookupBlockMessage} is used to lookup a block stored in the | ||
7365 | cache. It contains the query hash. The NAMECACHE always responds with a | ||
7366 | @code{struct LookupBlockResponseMessage}. If the NAMECACHE has no response, it | ||
7367 | sets the expiration time in the response to zero. Otherwise, the response is | ||
7368 | expected to contain the expiration time, the ECDSA signature, the derived key | ||
7369 | and the (variable-size) encrypted data of the block. | ||
7370 | |||
7371 | @node Store | ||
7372 | @subsubsection Store | ||
7373 | |||
7374 | @c %**end of header | ||
7375 | |||
7376 | The @code{struct BlockCacheMessage} is used to cache a block in the NAMECACHE. | ||
7377 | It has the same structure as the @code{struct LookupBlockResponseMessage}. The | ||
7378 | service responds with a @code{struct BlockCacheResponseMessage} which contains | ||
7379 | the result of the operation (success or failure). In the future, we might want | ||
7380 | to make it possible to provide an error message as well. | ||
7381 | |||
7382 | @node The NAMECACHE Plugin API | ||
7383 | @subsection The NAMECACHE Plugin API | ||
7384 | @c %**end of header | ||
7385 | |||
7386 | The NAMECACHE plugin API consists of two functions, @code{cache_block} to store | ||
7387 | a block in the database, and @code{lookup_block} to lookup a block in the | ||
7388 | database. | ||
7389 | |||
7390 | |||
7391 | @menu | ||
7392 | * Lookup2:: | ||
7393 | * Store2:: | ||
7394 | @end menu | ||
7395 | |||
7396 | @node Lookup2 | ||
7397 | @subsubsection Lookup2 | ||
7398 | |||
7399 | @c %**end of header | ||
7400 | |||
7401 | The @code{lookup_block} function is expected to return at most one block to the | ||
7402 | iterator, and return @code{GNUNET_NO} if there were no non-expired results. If | ||
7403 | there are multiple non-expired results in the cache, the lookup is supposed to | ||
7404 | return the result with the largest expiration time. | ||
7405 | |||
7406 | @node Store2 | ||
7407 | @subsubsection Store2 | ||
7408 | |||
7409 | @c %**end of header | ||
7410 | |||
7411 | The @code{cache_block} function is expected to try to store the block in the | ||
7412 | database, and return @code{GNUNET_SYSERR} if this was not possible for any | ||
7413 | reason. Furthermore, @code{cache_block} is expected to implicitly perform cache | ||
7414 | maintenance and purge blocks from the cache that have expired. Note that | ||
7415 | @code{cache_block} might encounter the case where the database already has | ||
7416 | another block stored under the same key. In this case, the plugin must ensure | ||
7417 | that the block with the larger expiration time is preserved. Obviously, this | ||
7418 | can done either by simply adding new blocks and selecting for the most recent | ||
7419 | expiration time during lookup, or by checking which block is more recent during | ||
7420 | the store operation. | ||
7421 | |||
7422 | @node The REVOCATION Subsystem | ||
7423 | @section The REVOCATION Subsystem | ||
7424 | @c %**end of header | ||
7425 | |||
7426 | The REVOCATION subsystem is responsible for key revocation of Egos. If a user | ||
7427 | learns that his private key has been compromised or has lost it, he can use the | ||
7428 | REVOCATION system to inform all of the other users that this private key is no | ||
7429 | longer valid. The subsystem thus includes ways to query for the validity of | ||
7430 | keys and to propagate revocation messages. | ||
7431 | |||
7432 | @menu | ||
7433 | * Dissemination:: | ||
7434 | * Revocation Message Design Requirements:: | ||
7435 | * libgnunetrevocation:: | ||
7436 | * The REVOCATION Client-Service Protocol:: | ||
7437 | * The REVOCATION Peer-to-Peer Protocol:: | ||
7438 | @end menu | ||
7439 | |||
7440 | @node Dissemination | ||
7441 | @subsection Dissemination | ||
7442 | |||
7443 | @c %**end of header | ||
7444 | |||
7445 | When a revocation is performed, the revocation is first of all disseminated by | ||
7446 | flooding the overlay network. The goal is to reach every peer, so that when a | ||
7447 | peer needs to check if a key has been revoked, this will be purely a local | ||
7448 | operation where the peer looks at his local revocation list. Flooding the | ||
7449 | network is also the most robust form of key revocation --- an adversary would | ||
7450 | have to control a separator of the overlay graph to restrict the propagation of | ||
7451 | the revocation message. Flooding is also very easy to implement --- peers that | ||
7452 | receive a revocation message for a key that they have never seen before simply | ||
7453 | pass the message to all of their neighbours. | ||
7454 | |||
7455 | Flooding can only distribute the revocation message to peers that are online. | ||
7456 | In order to notify peers that join the network later, the revocation service | ||
7457 | performs efficient set reconciliation over the sets of known revocation | ||
7458 | messages whenever two peers (that both support REVOCATION dissemination) | ||
7459 | connect. The SET service is used to perform this operation | ||
7460 | efficiently. | ||
7461 | |||
7462 | @node Revocation Message Design Requirements | ||
7463 | @subsection Revocation Message Design Requirements | ||
7464 | |||
7465 | @c %**end of header | ||
7466 | |||
7467 | However, flooding is also quite costly, creating O(|E|) messages on a network | ||
7468 | with |E| edges. Thus, revocation messages are required to contain a | ||
7469 | proof-of-work, the result of an expensive computation (which, however, is cheap | ||
7470 | to verify). Only peers that have expended the CPU time necessary to provide | ||
7471 | this proof will be able to flood the network with the revocation message. This | ||
7472 | ensures that an attacker cannot simply flood the network with millions of | ||
7473 | revocation messages. The proof-of-work required by GNUnet is set to take days | ||
7474 | on a typical PC to compute; if the ability to quickly revoke a key is needed, | ||
7475 | users have the option to pre-compute revocation messages to store off-line and | ||
7476 | use instantly after their key has expired. | ||
7477 | |||
7478 | Revocation messages must also be signed by the private key that is being | ||
7479 | revoked. Thus, they can only be created while the private key is in the | ||
7480 | possession of the respective user. This is another reason to create a | ||
7481 | revocation message ahead of time and store it in a secure location. | ||
7482 | |||
7483 | @node libgnunetrevocation | ||
7484 | @subsection libgnunetrevocation | ||
7485 | |||
7486 | @c %**end of header | ||
7487 | |||
7488 | The REVOCATION API consists of two parts, to query and to issue | ||
7489 | revocations. | ||
7490 | |||
7491 | |||
7492 | @menu | ||
7493 | * Querying for revoked keys:: | ||
7494 | * Preparing revocations:: | ||
7495 | * Issuing revocations:: | ||
7496 | @end menu | ||
7497 | |||
7498 | @node Querying for revoked keys | ||
7499 | @subsubsection Querying for revoked keys | ||
7500 | |||
7501 | @c %**end of header | ||
7502 | |||
7503 | @code{GNUNET_REVOCATION_query} is used to check if a given ECDSA public key has | ||
7504 | been revoked. The given callback will be invoked with the result of the check. | ||
7505 | The query can be cancelled using @code{GNUNET_REVOCATION_query_cancel} on the | ||
7506 | return value. | ||
7507 | |||
7508 | @node Preparing revocations | ||
7509 | @subsubsection Preparing revocations | ||
7510 | |||
7511 | @c %**end of header | ||
7512 | |||
7513 | It is often desirable to create a revocation record ahead-of-time and store it | ||
7514 | in an off-line location to be used later in an emergency. This is particularly | ||
7515 | true for GNUnet revocations, where performing the revocation operation itself | ||
7516 | is computationally expensive and thus is likely to take some time. Thus, if | ||
7517 | users want the ability to perform revocations quickly in an emergency, they | ||
7518 | must pre-compute the revocation message. The revocation API enables this with | ||
7519 | two functions that are used to compute the revocation message, but not trigger | ||
7520 | the actual revocation operation. | ||
7521 | |||
7522 | @code{GNUNET_REVOCATION_check_pow} should be used to calculate the | ||
7523 | proof-of-work required in the revocation message. This function takes the | ||
7524 | public key, the required number of bits for the proof of work (which in GNUnet | ||
7525 | is a network-wide constant) and finally a proof-of-work number as arguments. | ||
7526 | The function then checks if the given proof-of-work number is a valid proof of | ||
7527 | work for the given public key. Clients preparing a revocation are expected to | ||
7528 | call this function repeatedly (typically with a monotonically increasing | ||
7529 | sequence of numbers of the proof-of-work number) until a given number satisfies | ||
7530 | the check. That number should then be saved for later use in the revocation | ||
7531 | operation. | ||
7532 | |||
7533 | @code{GNUNET_REVOCATION_sign_revocation} is used to generate the signature that | ||
7534 | is required in a revocation message. It takes the private key that (possibly in | ||
7535 | the future) is to be revoked and returns the signature. The signature can again | ||
7536 | be saved to disk for later use, which will then allow performing a revocation | ||
7537 | even without access to the private key. | ||
7538 | |||
7539 | @node Issuing revocations | ||
7540 | @subsubsection Issuing revocations | ||
7541 | |||
7542 | |||
7543 | Given a ECDSA public key, the signature from @code{GNUNET_REVOCATION_sign} and | ||
7544 | the proof-of-work, @code{GNUNET_REVOCATION_revoke} can be used to perform the | ||
7545 | actual revocation. The given callback is called upon completion of the | ||
7546 | operation. @code{GNUNET_REVOCATION_revoke_cancel} can be used to stop the | ||
7547 | library from calling the continuation; however, in that case it is undefined | ||
7548 | whether or not the revocation operation will be executed. | ||
7549 | |||
7550 | @node The REVOCATION Client-Service Protocol | ||
7551 | @subsection The REVOCATION Client-Service Protocol | ||
7552 | |||
7553 | |||
7554 | The REVOCATION protocol consists of four simple messages. | ||
7555 | |||
7556 | A @code{QueryMessage} containing a public ECDSA key is used to check if a | ||
7557 | particular key has been revoked. The service responds with a | ||
7558 | @code{QueryResponseMessage} which simply contains a bit that says if the given | ||
7559 | public key is still valid, or if it has been revoked. | ||
7560 | |||
7561 | The second possible interaction is for a client to revoke a key by passing a | ||
7562 | @code{RevokeMessage} to the service. The @code{RevokeMessage} contains the | ||
7563 | ECDSA public key to be revoked, a signature by the corresponding private key | ||
7564 | and the proof-of-work, The service responds with a | ||
7565 | @code{RevocationResponseMessage} which can be used to indicate that the | ||
7566 | @code{RevokeMessage} was invalid (i.e. proof of work incorrect), or otherwise | ||
7567 | indicates that the revocation has been processed successfully. | ||
7568 | |||
7569 | @node The REVOCATION Peer-to-Peer Protocol | ||
7570 | @subsection The REVOCATION Peer-to-Peer Protocol | ||
7571 | |||
7572 | @c %**end of header | ||
7573 | |||
7574 | Revocation uses two disjoint ways to spread revocation information among peers. | ||
7575 | First of all, P2P gossip exchanged via CORE-level neighbours is used to quickly | ||
7576 | spread revocations to all connected peers. Second, whenever two peers (that | ||
7577 | both support revocations) connect, the SET service is used to compute the union | ||
7578 | of the respective revocation sets. | ||
7579 | |||
7580 | In both cases, the exchanged messages are @code{RevokeMessage}s which contain | ||
7581 | the public key that is being revoked, a matching ECDSA signature, and a | ||
7582 | proof-of-work. Whenever a peer learns about a new revocation this way, it first | ||
7583 | validates the signature and the proof-of-work, then stores it to disk | ||
7584 | (typically to a file $GNUNET_DATA_HOME/revocation.dat) and finally spreads the | ||
7585 | information to all directly connected neighbours. | ||
7586 | |||
7587 | For computing the union using the SET service, the peer with the smaller hashed | ||
7588 | peer identity will connect (as a "client" in the two-party set protocol) to the | ||
7589 | other peer after one second (to reduce traffic spikes on connect) and initiate | ||
7590 | the computation of the set union. All revocation services use a common hash to | ||
7591 | identify the SET operation over revocation sets. | ||
7592 | |||
7593 | The current implementation accepts revocation set union operations from all | ||
7594 | peers at any time; however, well-behaved peers should only initiate this | ||
7595 | operation once after establishing a connection to a peer with a larger hashed | ||
7596 | peer identity. | ||
7597 | |||
7598 | @node GNUnet's File-sharing (FS) Subsystem | ||
7599 | @section GNUnet's File-sharing (FS) Subsystem | ||
7600 | |||
7601 | @c %**end of header | ||
7602 | |||
7603 | This chapter describes the details of how the file-sharing service works. As | ||
7604 | with all services, it is split into an API (libgnunetfs), the service process | ||
7605 | (gnunet-service-fs) and user interface(s). The file-sharing service uses the | ||
7606 | datastore service to store blocks and the DHT (and indirectly datacache) for | ||
7607 | lookups for non-anonymous file-sharing.@ Furthermore, the file-sharing service | ||
7608 | uses the block library (and the block fs plugin) for validation of DHT | ||
7609 | operations. | ||
7610 | |||
7611 | In contrast to many other services, libgnunetfs is rather complex since the | ||
7612 | client library includes a large number of high-level abstractions; this is | ||
7613 | necessary since the Fs service itself largely only operates on the block level. | ||
7614 | The FS library is responsible for providing a file-based abstraction to | ||
7615 | applications, including directories, meta data, keyword search, verification, | ||
7616 | and so on. | ||
7617 | |||
7618 | The method used by GNUnet to break large files into blocks and to use keyword | ||
7619 | search is called the "Encoding for Censorship Resistant Sharing" (ECRS). ECRS | ||
7620 | is largely implemented in the fs library; block validation is also reflected in | ||
7621 | the block FS plugin and the FS service. ECRS on-demand encoding is implemented | ||
7622 | in the FS service. | ||
7623 | |||
7624 | NOTE: The documentation in this chapter is quite incomplete. | ||
7625 | |||
7626 | @menu | ||
7627 | * Encoding for Censorship-Resistant Sharing (ECRS):: | ||
7628 | * File-sharing persistence directory structure:: | ||
7629 | @end menu | ||
7630 | |||
7631 | @node Encoding for Censorship-Resistant Sharing (ECRS) | ||
7632 | @subsection Encoding for Censorship-Resistant Sharing (ECRS) | ||
7633 | |||
7634 | @c %**end of header | ||
7635 | |||
7636 | When GNUnet shares files, it uses a content encoding that is called ECRS, the | ||
7637 | Encoding for Censorship-Resistant Sharing. Most of ECRS is described in the | ||
7638 | (so far unpublished) research paper attached to this page. ECRS obsoletes the | ||
7639 | previous ESED and ESED II encodings which were used in GNUnet before version | ||
7640 | 0.7.0.@ @ The rest of this page assumes that the reader is familiar with the | ||
7641 | attached paper. What follows is a description of some minor extensions that | ||
7642 | GNUnet makes over what is described in the paper. The reason why these | ||
7643 | extensions are not in the paper is that we felt that they were obvious or | ||
7644 | trivial extensions to the original scheme and thus did not warrant space in | ||
7645 | the research report. | ||
7646 | |||
7647 | |||
7648 | @menu | ||
7649 | * Namespace Advertisements:: | ||
7650 | * KSBlocks:: | ||
7651 | @end menu | ||
7652 | |||
7653 | @node Namespace Advertisements | ||
7654 | @subsubsection Namespace Advertisements | ||
7655 | |||
7656 | @c %**end of header | ||
7657 | @c %**FIXME: all zeroses -> ? | ||
7658 | |||
7659 | An @code{SBlock} with identifier all zeros is a signed | ||
7660 | advertisement for a namespace. This special @code{SBlock} contains metadata | ||
7661 | describing the content of the namespace. Instead of the name of the identifier | ||
7662 | for a potential update, it contains the identifier for the root of the | ||
7663 | namespace. The URI should always be empty. The @code{SBlock} is signed with | ||
7664 | the content provder's RSA private key (just like any other SBlock). Peers | ||
7665 | can search for @code{SBlock}s in order to find out more about a namespace. | ||
7666 | |||
7667 | @node KSBlocks | ||
7668 | @subsubsection KSBlocks | ||
7669 | |||
7670 | @c %**end of header | ||
7671 | |||
7672 | GNUnet implements @code{KSBlocks} which are @code{KBlocks} that, instead of | ||
7673 | encrypting a CHK and metadata, encrypt an @code{SBlock} instead. In other | ||
7674 | words, @code{KSBlocks} enable GNUnet to find @code{SBlocks} using the global | ||
7675 | keyword search. Usually the encrypted @code{SBlock} is a namespace | ||
7676 | advertisement. The rationale behind @code{KSBlock}s and @code{SBlock}s is to | ||
7677 | enable peers to discover namespaces via keyword searches, and, to associate | ||
7678 | useful information with namespaces. When GNUnet finds @code{KSBlocks} during a | ||
7679 | normal keyword search, it adds the information to an internal list of | ||
7680 | discovered namespaces. Users looking for interesting namespaces can then | ||
7681 | inspect this list, reducing the need for out-of-band discovery of namespaces. | ||
7682 | Naturally, namespaces (or more specifically, namespace advertisements) can | ||
7683 | also be referenced from directories, but @code{KSBlock}s should make it easier | ||
7684 | to advertise namespaces for the owner of the pseudonym since they eliminate | ||
7685 | the need to first create a directory. | ||
7686 | |||
7687 | Collections are also advertised using @code{KSBlock}s. | ||
7688 | |||
7689 | @table @asis | ||
7690 | @item Attachment Size | ||
7691 | @item ecrs.pdf 270.68 KB | ||
7692 | @item https://gnunet.org/sites/default/files/ecrs.pdf | ||
7693 | @end table | ||
7694 | |||
7695 | @node File-sharing persistence directory structure | ||
7696 | @subsection File-sharing persistence directory structure | ||
7697 | |||
7698 | @c %**end of header | ||
7699 | |||
7700 | This section documents how the file-sharing library implements persistence of | ||
7701 | file-sharing operations and specifically the resulting directory structure. | ||
7702 | This code is only active if the @code{GNUNET_FS_FLAGS_PERSISTENCE} flag was set | ||
7703 | when calling @code{GNUNET_FS_start}. In this case, the file-sharing library | ||
7704 | will try hard to ensure that all major operations (searching, downloading, | ||
7705 | publishing, unindexing) are persistent, that is, can live longer than the | ||
7706 | process itself. More specifically, an operation is supposed to live until it is | ||
7707 | explicitly stopped. | ||
7708 | |||
7709 | If @code{GNUNET_FS_stop} is called before an operation has been stopped, a | ||
7710 | @code{SUSPEND} event is generated and then when the process calls | ||
7711 | @code{GNUNET_FS_start} next time, a @code{RESUME} event is generated. | ||
7712 | Additionally, even if an application crashes (segfault, SIGKILL, system crash) | ||
7713 | and hence @code{GNUNET_FS_stop} is never called and no @code{SUSPEND} events | ||
7714 | are generated, operations are still resumed (with @code{RESUME} events). This | ||
7715 | is implemented by constantly writing the current state of the file-sharing | ||
7716 | operations to disk. Specifically, the current state is always written to disk | ||
7717 | whenever anything significant changes (the exception are block-wise progress in | ||
7718 | publishing and unindexing, since those operations would be slowed down | ||
7719 | significantly and can be resumed cheaply even without detailed accounting). | ||
7720 | Note that@ if the process crashes (or is killed) during a serialization | ||
7721 | operation, FS does not guarantee that this specific operation is recoverable | ||
7722 | (no strict transactional semantics, again for performance reasons). However, | ||
7723 | all other unrelated operations should resume nicely. | ||
7724 | |||
7725 | Since we need to serialize the state continuously and want to recover as much | ||
7726 | as possible even after crashing during a serialization operation, we do not use | ||
7727 | one large file for serialization. Instead, several directories are used for the | ||
7728 | various operations. When @code{GNUNET_FS_start} executes, the master | ||
7729 | directories are scanned for files describing operations to resume. Sometimes, | ||
7730 | these operations can refer to related operations in child directories which may | ||
7731 | also be resumed at this point. Note that corrupted files are cleaned up | ||
7732 | automatically. However, dangling files in child directories (those that are not | ||
7733 | referenced by files from the master directories) are not automatically removed. | ||
7734 | |||
7735 | Persistence data is kept in a directory that begins with the "STATE_DIR" prefix | ||
7736 | from the configuration file (by default, "$SERVICEHOME/persistence/") followed | ||
7737 | by the name of the client as given to @code{GNUNET_FS_start} (for example, | ||
7738 | "gnunet-gtk") followed by the actual name of the master or child directory. | ||
7739 | |||
7740 | The names for the master directories follow the names of the operations: | ||
7741 | |||
7742 | @itemize @bullet | ||
7743 | @item "search" | ||
7744 | @item "download" | ||
7745 | @item "publish" | ||
7746 | @item "unindex" | ||
7747 | @end itemize | ||
7748 | |||
7749 | Each of the master directories contains names (chosen at random) for each | ||
7750 | active top-level (master) operation. | ||
7751 | Note that a download that is associated with a search result is not a | ||
7752 | top-level operation. | ||
7753 | |||
7754 | In contrast to the master directories, the child directories are only | ||
7755 | consulted when another operation refers to them. | ||
7756 | For each search, a subdirectory (named after the master search | ||
7757 | synchronization file) contains the search results. | ||
7758 | Search results can have an associated download, which is then stored in | ||
7759 | the general "download-child" directory. | ||
7760 | Downloads can be recursive, in which case children are stored in | ||
7761 | subdirectories mirroring the structure of the recursive download | ||
7762 | (either starting in the master "download" directory or in the | ||
7763 | "download-child" directory depending on how the download was initiated). | ||
7764 | For publishing operations, the "publish-file" directory contains | ||
7765 | information about the individual files and directories that are part of | ||
7766 | the publication. | ||
7767 | However, this directory structure is flat and does not mirror the | ||
7768 | structure of the publishing operation. | ||
7769 | Note that unindex operations cannot have associated child operations. | ||
7770 | |||
7771 | @cindex REGEX subsystem | ||
7772 | @cindex regex subsystem | ||
7773 | @node GNUnet's REGEX Subsystem | ||
7774 | @section GNUnet's REGEX Subsystem | ||
7775 | |||
7776 | @c %**end of header | ||
7777 | |||
7778 | Using the REGEX subsystem, you can discover peers that offer a particular | ||
7779 | service using regular expressions. | ||
7780 | The peers that offer a service specify it using a regular expressions. | ||
7781 | Peers that want to patronize a service search using a string. | ||
7782 | The REGEX subsystem will then use the DHT to return a set of matching | ||
7783 | offerers to the patrons. | ||
7784 | |||
7785 | For the technical details, we have Max's defense talk and Max's Master's | ||
7786 | thesis. | ||
7787 | |||
7788 | @c An additional publication is under preparation and available to | ||
7789 | @c team members (in Git). | ||
7790 | @c FIXME: Where is the file? Point to it. Assuming that it's szengel2012ms | ||
7791 | |||
7792 | @menu | ||
7793 | * How to run the regex profiler:: | ||
7794 | @end menu | ||
7795 | |||
7796 | @node How to run the regex profiler | ||
7797 | @subsection How to run the regex profiler | ||
7798 | |||
7799 | @c %**end of header | ||
7800 | |||
7801 | The gnunet-regex-profiler can be used to profile the usage of mesh/regex | ||
7802 | for a given set of regular expressions and strings. | ||
7803 | Mesh/regex allows you to announce your peer ID under a certain regex and | ||
7804 | search for peers matching a particular regex using a string. | ||
7805 | See @uref{https://gnunet.org/szengel2012ms, szengel2012ms} for a full | ||
7806 | introduction. | ||
7807 | |||
7808 | First of all, the regex profiler uses GNUnet testbed, thus all the | ||
7809 | implications for testbed also apply to the regex profiler | ||
7810 | (for example you need password-less ssh login to the machines listed in | ||
7811 | your hosts file). | ||
7812 | |||
7813 | @strong{Configuration} | ||
7814 | |||
7815 | Moreover, an appropriate configuration file is needed. | ||
7816 | Generally you can refer to the | ||
7817 | @file{contrib/regex_profiler_infiniband.conf} file in the sourcecode | ||
7818 | of GNUnet for an example configuration. | ||
7819 | In the following paragraph the important details are highlighted. | ||
7820 | |||
7821 | Announcing of the regular expressions is done by the | ||
7822 | gnunet-daemon-regexprofiler, therefore you have to make sure it is | ||
7823 | started, by adding it to the AUTOSTART set of ARM: | ||
7824 | |||
7825 | @example | ||
7826 | [regexprofiler] | ||
7827 | AUTOSTART = YES | ||
7828 | @end example | ||
7829 | |||
7830 | @noindent | ||
7831 | Furthermore you have to specify the location of the binary: | ||
7832 | |||
7833 | @example | ||
7834 | [regexprofiler] | ||
7835 | # Location of the gnunet-daemon-regexprofiler binary. | ||
7836 | BINARY = /home/szengel/gnunet/src/mesh/.libs/gnunet-daemon-regexprofiler | ||
7837 | # Regex prefix that will be applied to all regular expressions and | ||
7838 | # search string. | ||
7839 | REGEX_PREFIX = "GNVPN-0001-PAD" | ||
7840 | @end example | ||
7841 | |||
7842 | @noindent | ||
7843 | When running the profiler with a large scale deployment, you probably | ||
7844 | want to reduce the workload of each peer. | ||
7845 | Use the following options to do this. | ||
7846 | |||
7847 | @example | ||
7848 | [dht] | ||
7849 | # Force network size estimation | ||
7850 | FORCE_NSE = 1 | ||
7851 | |||
7852 | [dhtcache] | ||
7853 | DATABASE = heap | ||
7854 | # Disable RC-file for Bloom filter? (for benchmarking with limited IO | ||
7855 | # availability) | ||
7856 | DISABLE_BF_RC = YES | ||
7857 | # Disable Bloom filter entirely | ||
7858 | DISABLE_BF = YES | ||
7859 | |||
7860 | [nse] | ||
7861 | # Minimize proof-of-work CPU consumption by NSE | ||
7862 | WORKBITS = 1 | ||
7863 | @end example | ||
7864 | |||
7865 | @noindent | ||
7866 | @strong{Options} | ||
7867 | |||
7868 | To finally run the profiler some options and the input data need to be | ||
7869 | specified on the command line. | ||
7870 | |||
7871 | @example | ||
7872 | gnunet-regex-profiler -c config-file -d log-file -n num-links \ | ||
7873 | -p path-compression-length -s search-delay -t matching-timeout \ | ||
7874 | -a num-search-strings hosts-file policy-dir search-strings-file | ||
7875 | @end example | ||
7876 | |||
7877 | @noindent | ||
7878 | Where... | ||
7879 | |||
7880 | @itemize @bullet | ||
7881 | @item ... @code{config-file} means the configuration file created earlier. | ||
7882 | @item ... @code{log-file} is the file where to write statistics output. | ||
7883 | @item ... @code{num-links} indicates the number of random links between | ||
7884 | started peers. | ||
7885 | @item ... @code{path-compression-length} is the maximum path compression | ||
7886 | length in the DFA. | ||
7887 | @item ... @code{search-delay} time to wait between peers finished linking | ||
7888 | and starting to match strings. | ||
7889 | @item ... @code{matching-timeout} timeout after which to cancel the | ||
7890 | searching. | ||
7891 | @item ... @code{num-search-strings} number of strings in the | ||
7892 | search-strings-file. | ||
7893 | @item ... the @code{hosts-file} should contain a list of hosts for the | ||
7894 | testbed, one per line in the following format: | ||
7895 | |||
7896 | @itemize @bullet | ||
7897 | @item @code{user@@host_ip:port} | ||
7898 | @end itemize | ||
7899 | @item ... the @code{policy-dir} is a folder containing text files | ||
7900 | containing one or more regular expressions. A peer is started for each | ||
7901 | file in that folder and the regular expressions in the corresponding file | ||
7902 | are announced by this peer. | ||
7903 | @item ... the @code{search-strings-file} is a text file containing search | ||
7904 | strings, one in each line. | ||
7905 | @end itemize | ||
7906 | |||
7907 | @noindent | ||
7908 | You can create regular expressions and search strings for every AS in the | ||
7909 | Internet using the attached scripts. You need one of the | ||
7910 | @uref{http://data.caida.org/datasets/routing/routeviews-prefix2as/, CAIDA | ||
7911 | routeviews prefix2as} data files for this. Run | ||
7912 | |||
7913 | @example | ||
7914 | create_regex.py <filename> <output path> | ||
7915 | @end example | ||
7916 | |||
7917 | @noindent | ||
7918 | to create the regular expressions and | ||
7919 | |||
7920 | @example | ||
7921 | create_strings.py <input path> <outfile> | ||
7922 | @end example | ||
7923 | |||
7924 | @noindent | ||
7925 | to create a search strings file from the previously created | ||
7926 | regular expressions. | ||
diff --git a/doc/chapters/installation.texi b/doc/chapters/installation.texi deleted file mode 100644 index 63ab98e6d..000000000 --- a/doc/chapters/installation.texi +++ /dev/null | |||
@@ -1,3826 +0,0 @@ | |||
1 | @node GNUnet Installation Handbook | ||
2 | @chapter GNUnet Installation Handbook | ||
3 | |||
4 | This handbook describes how to install (build setup, compilation) and | ||
5 | setup (configuration, start) GNUnet 0.10.x. After following these | ||
6 | instructions you should be able to install and then start user-interfaces | ||
7 | to interact with the network. | ||
8 | |||
9 | This manual is far from complete, and we welcome informed contributions, | ||
10 | be it in the form of new chapters or insightful comments. | ||
11 | |||
12 | @menu | ||
13 | * Dependencies:: | ||
14 | * Pre-installation notes:: | ||
15 | * Generic installation instructions:: | ||
16 | * Build instructions for Ubuntu 12.04 using Git:: | ||
17 | * Build Instructions for Microsoft Windows Platforms:: | ||
18 | * Build instructions for Debian 7.5:: | ||
19 | * Installing GNUnet from Git on Ubuntu 14.4:: | ||
20 | * Build instructions for Debian 8:: | ||
21 | * Outdated build instructions for previous revisions:: | ||
22 | * Portable GNUnet:: | ||
23 | * The graphical configuration interface:: | ||
24 | * How to start and stop a GNUnet peer:: | ||
25 | @end menu | ||
26 | |||
27 | @node Dependencies | ||
28 | @section Dependencies | ||
29 | @c %**end of header | ||
30 | |||
31 | This section lists the various known dependencies for | ||
32 | GNUnet @value{EDITION}. | ||
33 | Suggestions for missing dependencies or wrong version numbers are welcome. | ||
34 | |||
35 | @menu | ||
36 | * External dependencies:: | ||
37 | * Fixing libgnurl build issues:: | ||
38 | * Optional dependencies:: | ||
39 | * Internal dependencies:: | ||
40 | @end menu | ||
41 | |||
42 | @node External dependencies | ||
43 | @subsection External dependencies | ||
44 | @c %**end of header | ||
45 | |||
46 | These packages must be installed before a typical GNUnet installation | ||
47 | can be performed: | ||
48 | |||
49 | @itemize @bullet | ||
50 | @item autoconf | ||
51 | @item automake | ||
52 | @item pkg-config | ||
53 | @item libltdl | ||
54 | @item gstreamer | ||
55 | @item gst-plugins-base | ||
56 | @item perl | ||
57 | @item python (only 2.7 supported)@footnote{tests and gnunet-qr} | ||
58 | @item jansson | ||
59 | @item nss | ||
60 | @item glib | ||
61 | @item gmp | ||
62 | @item bluez | ||
63 | @item miniupnpc | ||
64 | @item gettext | ||
65 | @item which | ||
66 | @item texinfo | ||
67 | @item GNU libmicrohttpd @geq{} 0.9.30 @footnote{We recommend to build it | ||
68 | with a GnuTLS version that was configured with libunbound ("DANE support")} | ||
69 | @item GNU libextractor @geq{} 1.0 | ||
70 | @item GNU libtool @geq{} 2.2 | ||
71 | @item GNU libunistring @geq{} 0.9.1.1 | ||
72 | @item GNU libidn @geq{} 1.0.0 | ||
73 | @item @uref{https://gnupg.org/software/libgcrypt/, GNU libgcrypt} @geq{} | ||
74 | @uref{https://gnupg.org/ftp/gcrypt/libgcrypt/, 1.6.0} | ||
75 | @item @uref{https://gnutls.org/, GnuTLS} @geq{} 3.2.7 | ||
76 | @footnote{We recommend to compile with libunbound for DANE support; | ||
77 | GnuTLS also requires GNU nettle 2.7 (update: GnuTLS 3.2.7 appears NOT | ||
78 | to work against GNU nettle > 2.7, due to some API updatings done by | ||
79 | nettle. Thus it should be compiled against nettle 2.7 | ||
80 | and, in case you get some error on the reference to `rpl_strerror' being | ||
81 | undefined, follow the instructions on | ||
82 | @uref{http://lists.gnupg.org/pipermail/gnutls-devel/2013-November/006588.html, this} | ||
83 | post (and the link inside it)).} | ||
84 | @item @uref{https://gnunet.org/gnurl, gnURL} libgnurl @geq{} 7.34.0 | ||
85 | @footnote{must be compiled after @code{GnuTLS}} | ||
86 | @item libglpk @geq{} 4.45 | ||
87 | @item @uref{http://www.openssl.org/, OpenSSL} @geq{} 1.0 | ||
88 | @item TeX Live @geq{} 2012, optional (for gnunet-bcd) | ||
89 | @item Texinfo @geq{} 5.2 (for documentation) | ||
90 | @item libsqlite @geq{} 3.8.0 @footnote{(note that the code will | ||
91 | compile and often work with lower version numbers, but you may get subtle | ||
92 | bugs with respect to quota management in certain rare cases); | ||
93 | alternatively, MySQL or Postgres can also be installed, but those | ||
94 | databases will require more complex configurations (not | ||
95 | recommended for first-time users)} | ||
96 | @item zlib | ||
97 | @end itemize | ||
98 | |||
99 | @node Fixing libgnurl build issues | ||
100 | @subsection Fixing libgnurl build issues | ||
101 | |||
102 | If you have to compile libgnurl from source since the version included in | ||
103 | your distribution is to old you perhaps get an error message while | ||
104 | running the @file{configure} script: | ||
105 | |||
106 | @example | ||
107 | $ configure | ||
108 | ... | ||
109 | checking for 64-bit curl_off_t data type... unknown | ||
110 | checking for 32-bit curl_off_t data type... unknown | ||
111 | checking for 16-bit curl_off_t data type... unknown | ||
112 | configure: error: cannot find data type for curl_off_t. | ||
113 | @end example | ||
114 | |||
115 | @noindent | ||
116 | Solution: | ||
117 | |||
118 | Before running the configure script, set: | ||
119 | |||
120 | @example | ||
121 | CFLAGS="-I. -I$BUILD_ROOT/include" | ||
122 | @end example | ||
123 | |||
124 | @node Optional dependencies | ||
125 | @subsection Optional dependencies | ||
126 | |||
127 | These applications must be installed for various experimental or otherwise | ||
128 | optional features such as @code{gnunet-conversation}, @code{gnunet-gtk}. | ||
129 | |||
130 | @itemize @bullet | ||
131 | @item libpulse 2.0 or higher, optional (for gnunet-conversation) | ||
132 | @item libopus 1.0.1 or higher, optional (for gnunet-conversation) | ||
133 | @item libogg 1.3.0 or higher, optional (for gnunet-conversation) | ||
134 | @item certool (binary) optional @footnote{for convenient installation of | ||
135 | the GNS proxy (available as part of Debian's libnss3-tools)} | ||
136 | @item python-zbar 0.10 or higher, optional (for gnunet-qr) | ||
137 | @item Gtk+ 3.0 or higher, optional (for gnunet-gtk) | ||
138 | @item libgladeui must match Gtk+ version, optional (for gnunet-gtk) | ||
139 | @item libqrencode 3.0 or higher, optional (for gnunet-namestore-gtk) | ||
140 | @end itemize | ||
141 | |||
142 | @node Internal dependencies | ||
143 | @subsection Internal dependencies | ||
144 | |||
145 | This section tries to give an overview of what processes a typical GNUnet peer | ||
146 | running a particular application would consist of. All of the processes listed | ||
147 | here should be automatically started by @code{gnunet-arm -s}. The list is given | ||
148 | as a rough first guide to users for failure diagnostics. Ideally, end-users | ||
149 | should never have to worry about these internal dependencies. | ||
150 | |||
151 | In terms of internal dependencies, a minimum file-sharing system consists of | ||
152 | the following GNUnet processes (in order of dependency): | ||
153 | |||
154 | @itemize @bullet | ||
155 | @item gnunet-service-arm | ||
156 | @item gnunet-service-resolver (required by all) | ||
157 | @item gnunet-service-statistics (required by all) | ||
158 | @item gnunet-service-peerinfo | ||
159 | @item gnunet-service-transport (requires peerinfo) | ||
160 | @item gnunet-service-core (requires transport) | ||
161 | @item gnunet-daemon-hostlist (requires core) | ||
162 | @item gnunet-daemon-topology (requires hostlist, peerinfo) | ||
163 | @item gnunet-service-datastore | ||
164 | @item gnunet-service-dht (requires core) | ||
165 | @item gnunet-service-identity | ||
166 | @item gnunet-service-fs (requires identity, mesh, dht, datastore, core) | ||
167 | @end itemize | ||
168 | |||
169 | |||
170 | A minimum VPN system consists of the following GNUnet processes (in order of | ||
171 | dependency): | ||
172 | |||
173 | @itemize @bullet | ||
174 | @item gnunet-service-arm | ||
175 | @item gnunet-service-resolver (required by all) | ||
176 | @item gnunet-service-statistics (required by all) | ||
177 | @item gnunet-service-peerinfo | ||
178 | @item gnunet-service-transport (requires peerinfo) | ||
179 | @item gnunet-service-core (requires transport) | ||
180 | @item gnunet-daemon-hostlist (requires core) | ||
181 | @item gnunet-service-dht (requires core) | ||
182 | @item gnunet-service-mesh (requires dht, core) | ||
183 | @item gnunet-service-dns (requires dht) | ||
184 | @item gnunet-service-regex (requires dht) | ||
185 | @item gnunet-service-vpn (requires regex, dns, mesh, dht) | ||
186 | @end itemize | ||
187 | |||
188 | |||
189 | A minimum GNS system consists of the following GNUnet processes (in order of | ||
190 | dependency): | ||
191 | @itemize @bullet | ||
192 | @item gnunet-service-arm | ||
193 | @item gnunet-service-resolver (required by all) | ||
194 | @item gnunet-service-statistics (required by all) | ||
195 | @item gnunet-service-peerinfo | ||
196 | @item gnunet-service-transport (requires peerinfo) | ||
197 | @item gnunet-service-core (requires transport) | ||
198 | @item gnunet-daemon-hostlist (requires core) | ||
199 | @item gnunet-service-dht (requires core) | ||
200 | @item gnunet-service-mesh (requires dht, core) | ||
201 | @item gnunet-service-dns (requires dht) | ||
202 | @item gnunet-service-regex (requires dht) | ||
203 | @item gnunet-service-vpn (requires regex, dns, mesh, dht) | ||
204 | @item gnunet-service-identity | ||
205 | @item gnunet-service-namestore (requires identity) | ||
206 | @item gnunet-service-gns (requires vpn, dns, dht, namestore, identity) | ||
207 | @end itemize | ||
208 | |||
209 | @node Pre-installation notes | ||
210 | @section Pre-installation notes | ||
211 | |||
212 | Please note that in the code instructions for the installation, | ||
213 | @emph{#} indicates commands run as privileged root user and | ||
214 | @emph{$} shows commands run as unprivileged ("normal") system user. | ||
215 | |||
216 | |||
217 | @node Generic installation instructions | ||
218 | @section Generic installation instructions | ||
219 | |||
220 | First, in addition to the GNUnet sources you must download the latest version | ||
221 | of various dependencies. Most distributions do not include sufficiently recent | ||
222 | versions of these dependencies. Thus, a typically installation on a "modern" | ||
223 | GNU/Linux distribution requires you to install the following | ||
224 | dependencies (ideally in this order): | ||
225 | |||
226 | @itemize @bullet | ||
227 | @item libgpgerror and libgcrypt | ||
228 | @item libnettle and libunbound (possibly from distribution), GnuTLS | ||
229 | @item libgnurl (read the README) | ||
230 | @item GNU libmicrohttpd | ||
231 | @item GNU libextractor | ||
232 | @end itemize | ||
233 | |||
234 | Make sure to first install the various mandatory and optional | ||
235 | dependencies including development headers from your distribution. | ||
236 | |||
237 | Other dependencies that you should strongly consider to install is a | ||
238 | database (MySQL, sqlite or Postgres). The following instructions will assume | ||
239 | that you installed at least sqlite. For most distributions you should be able | ||
240 | to find pre-build packages for the database. Again, make sure to install the | ||
241 | client libraries and the respective development headers (if they are | ||
242 | packaged separately) as well. | ||
243 | |||
244 | You can find specific, detailed instructions for installing of the dependencies | ||
245 | (and possibly the rest of the GNUnet installation) in the platform-specific | ||
246 | descriptions, which are linked from the bottom of this page. Please consult | ||
247 | them now. If your distribution is not listed, please study the instructions for | ||
248 | Debian stable carefully as you try to install the dependencies for your own | ||
249 | distribution. Contributing additional instructions for further platforms is | ||
250 | always appreciated. | ||
251 | |||
252 | Before proceeding further, please double-check the dependency list. | ||
253 | Note that in addition to satisfying the dependencies, you might have to | ||
254 | make sure that development headers for the various libraries are also | ||
255 | installed. | ||
256 | There maybe files for other distributions, or you might be able to find | ||
257 | equivalent packages for your distribution. | ||
258 | |||
259 | While it is possible to build and install GNUnet without having root access, | ||
260 | we will assume that you have full control over your system in these | ||
261 | instructions. First, you should create a system user @emph{gnunet} and | ||
262 | an additional group @emph{gnunetdns}. On Debian and Ubuntu GNU/Linux, type: | ||
263 | |||
264 | @example | ||
265 | # adduser --system --home /var/lib/gnunet --group \ | ||
266 | --disabled-password gnunet | ||
267 | # addgroup --system gnunetdns | ||
268 | @end example | ||
269 | |||
270 | On other Unixes, this should have the same effect: | ||
271 | |||
272 | @example | ||
273 | # useradd --system --groups gnunet --home-dir /var/lib/gnunet | ||
274 | # addgroup --system gnunetdns | ||
275 | @end example | ||
276 | |||
277 | Now compile and install GNUnet using: | ||
278 | |||
279 | @example | ||
280 | $ tar xvf gnunet-0.10.?.tar.gz | ||
281 | $ cd gnunet-0.10.? | ||
282 | $ ./configure --with-sudo=sudo --with-nssdir=/lib | ||
283 | $ make | ||
284 | $ sudo make install | ||
285 | @end example | ||
286 | |||
287 | If you want to be able to enable DEBUG-level log messages, add | ||
288 | @code{--enable-logging=verbose} to the end of the @code{./configure} command. | ||
289 | DEBUG-level log messages are in English-only and should only be useful for | ||
290 | developers (or for filing really detailed bug reports). | ||
291 | |||
292 | Finally, you probably want to compile @code{gnunet-gtk}, which | ||
293 | includes gnunet-setup (graphical tool for configuration) | ||
294 | and @code{gnunet-fs-gtk} (graphical tool for file-sharing): | ||
295 | |||
296 | @example | ||
297 | $ tar xvf gnunet-gtk-0.10.?.tar.gz | ||
298 | $ cd gnunet-gtk-0.10.? | ||
299 | $ ./configure --with-gnunet=/usr/local/ | ||
300 | $ make | ||
301 | $ sudo make install | ||
302 | $ cd .. | ||
303 | $ sudo ldconfig # just to be safe | ||
304 | @end example | ||
305 | |||
306 | Next, edit the file @file{/etc/gnunet.conf} to contain the following: | ||
307 | |||
308 | @example | ||
309 | [arm] | ||
310 | SYSTEM_ONLY = YES | ||
311 | USER_ONLY = NO | ||
312 | @end example | ||
313 | |||
314 | You may need to update your ld.so cache to include files installed in | ||
315 | @file{/usr/local/lib}: @code{ # ldconfig }. | ||
316 | |||
317 | Then, switch from user root to user gnunet to start the peer: | ||
318 | |||
319 | @example | ||
320 | # su -s /bin/sh - gnunet | ||
321 | $ gnunet-arm -c /etc/gnunet.conf -s | ||
322 | @end example | ||
323 | |||
324 | You may also want to add the last line in the gnunet users @file{crontab} | ||
325 | prefixed with @code{@@reboot} so that it is executed whenever the system is | ||
326 | booted: | ||
327 | |||
328 | @example | ||
329 | @@reboot /usr/local/bin/gnunet-arm -c /etc/gnunet.conf -s@ | ||
330 | @end example | ||
331 | |||
332 | This will only start the system-wide GNUnet services. Type exit to get back | ||
333 | your root shell. Now, you need to configure the per-user part. For each | ||
334 | $USER on the system, run: @code{ # adduser $USER gnunet }. | ||
335 | |||
336 | to allow them to access the system-wide GNUnet services. Then, each | ||
337 | user should create a configuration file @file{~/.config/gnunet.conf} | ||
338 | with the lines: | ||
339 | |||
340 | @example | ||
341 | [arm] | ||
342 | SYSTEM_ONLY = NO | ||
343 | USER_ONLY = YES | ||
344 | DEFAULTSERVICES = gns | ||
345 | @end example | ||
346 | |||
347 | and start the per-user services using | ||
348 | |||
349 | @code{@ | ||
350 | $ gnunet-arm -c ~/.config/gnunet.conf -s@ | ||
351 | }@ | ||
352 | |||
353 | Again, adding a @code{crontab} entry to autostart the peer is advised:@ | ||
354 | @code{@ | ||
355 | @@reboot /usr/local/bin/gnunet-arm -c $HOME/.config/gnunet.conf -s@ | ||
356 | }@ | ||
357 | |||
358 | Note that some GNUnet services (such as SOCKS5 proxies) may need a system-wide | ||
359 | TCP port for each user. For those services, systems with more than one user may | ||
360 | require each user to specify a different port number in their personal | ||
361 | configuration file. | ||
362 | |||
363 | Finally, the user should perform the basic initial setup for the GNU Name | ||
364 | System. This is done by running two commands:@ | ||
365 | |||
366 | @example | ||
367 | $ gnunet-gns-import.sh@ | ||
368 | $ gnunet-gns-proxy-setup-ca@ | ||
369 | @end example | ||
370 | |||
371 | The first generates the default zones, wheras the second setups the GNS | ||
372 | Certificate Authority with the user's browser. Now, to actiave GNS in the | ||
373 | normal DNS resolution process, you need to edit your @file{/etc/nsswitch.conf} | ||
374 | where you should find a line like this: | ||
375 | @example | ||
376 | hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 | ||
377 | @end example | ||
378 | |||
379 | |||
380 | The exact details may differ a bit, which is fine. Add the text | ||
381 | @emph{"gns [NOTFOUND=return]"} after @emph{"files"}: | ||
382 | |||
383 | @example | ||
384 | hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4 | ||
385 | @end example | ||
386 | |||
387 | |||
388 | You might want to make sure that @file{/lib/libnss_gns.so.2} exists on your | ||
389 | system, it should have been created during the installation. | ||
390 | |||
391 | |||
392 | |||
393 | @node Build instructions for Ubuntu 12.04 using Git | ||
394 | @section Build instructions for Ubuntu 12.04 using Git | ||
395 | |||
396 | |||
397 | @menu | ||
398 | * Install the required build tools:: | ||
399 | * Install libgcrypt 1.6 and libgpg-error:: | ||
400 | * Install gnutls with DANE support:: | ||
401 | * Install libgnurl:: | ||
402 | * Install libmicrohttpd from Git:: | ||
403 | * Install libextractor from Git:: | ||
404 | * Install GNUnet dependencies:: | ||
405 | * Build GNUnet:: | ||
406 | * Install the GNUnet-gtk user interface from Git:: | ||
407 | @end menu | ||
408 | |||
409 | @node Install the required build tools | ||
410 | @subsection Install the required build tools | ||
411 | |||
412 | First, make sure Git is installed on your system: | ||
413 | |||
414 | @example | ||
415 | $ sudo apt-get install git | ||
416 | @end example | ||
417 | |||
418 | Install the essential buildtools: | ||
419 | |||
420 | @example | ||
421 | $ sudo apt-get install automake autopoint autoconf libtool | ||
422 | @end example | ||
423 | |||
424 | @node Install libgcrypt 1.6 and libgpg-error | ||
425 | @subsection Install libgcrypt 1.6 and libgpg-error | ||
426 | |||
427 | @example | ||
428 | $ wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.12.tar.bz2 | ||
429 | $ tar xf libgpg-error-1.12.tar.bz2 | ||
430 | $ cd libgpg-error-1.12 | ||
431 | $ ./configure | ||
432 | $ sudo make install ; cd .. | ||
433 | @end example | ||
434 | |||
435 | @node Install gnutls with DANE support | ||
436 | @subsection Install gnutls with DANE support | ||
437 | |||
438 | @example | ||
439 | $ wget http://www.lysator.liu.se/~nisse/archive/nettle-2.7.1.tar.gz | ||
440 | $ tar xf nettle-2.7.1.tar.gz | ||
441 | $ cd nettle-2.7.1 | ||
442 | $ ./configure | ||
443 | $ sudo make install ; cd .. | ||
444 | @end example | ||
445 | |||
446 | @example | ||
447 | $ wget https://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.16.tar.gz | ||
448 | $ tar xf ldns-1.6.16.tar.gz | ||
449 | $ cd ldns-1.6.16 | ||
450 | $ ./configure | ||
451 | $ sudo make install ; cd .. | ||
452 | @end example | ||
453 | |||
454 | @example | ||
455 | $ wget https://unbound.net/downloads/unbound-1.4.21.tar.gz | ||
456 | $ tar xf unbound-1.4.21.tar.gz | ||
457 | $ cd unbound-1.4.21 | ||
458 | $ ./configure | ||
459 | $ sudo make install ; cd .. | ||
460 | @end example | ||
461 | |||
462 | @example | ||
463 | $ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.17.tar.xz | ||
464 | $ tar xf gnutls-3.1.17.tar.xz | ||
465 | $ cd gnutls-3.1.17 | ||
466 | $ ./configure | ||
467 | $ sudo make install ; cd .. | ||
468 | @end example | ||
469 | |||
470 | @example | ||
471 | $ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.0.tar.bz2 | ||
472 | $ tar xf libgcrypt-1.6.0.tar.bz2 | ||
473 | $ cd libgcrypt-1.6.0 | ||
474 | $ ./configure | ||
475 | $ sudo make install ; cd .. | ||
476 | @end example | ||
477 | |||
478 | @node Install libgnurl | ||
479 | @subsection Install libgnurl | ||
480 | |||
481 | @example | ||
482 | $ wget https://gnunet.org/sites/default/files/gnurl-7.34.0.tar.bz2 | ||
483 | $ tar xf gnurl-7.34.0.tar.bz2 | ||
484 | $ cd gnurl-7.34.0 | ||
485 | $ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \ | ||
486 | --without-libmetalink --without-winidn --without-librtmp \ | ||
487 | --without-nghttp2 --without-nss --without-cyassl \ | ||
488 | --without-polarssl --without-ssl --without-winssl \ | ||
489 | --without-darwinssl --disable-sspi --disable-ntlm-wb \ | ||
490 | --disable-ldap --disable-rtsp --disable-dict --disable-telnet \ | ||
491 | --disable-tftp --disable-pop3 --disable-imap --disable-smtp \ | ||
492 | --disable-gopher --disable-file --disable-ftp | ||
493 | $ sudo make install ; cd .. | ||
494 | @end example | ||
495 | |||
496 | @node Install libmicrohttpd from Git | ||
497 | @subsection Install libmicrohttpd from Git | ||
498 | |||
499 | @example | ||
500 | $ git clone https://gnunet.org/git/libmicrohttpd | ||
501 | $ cd libmicrohttpd/ | ||
502 | $ ./bootstrap | ||
503 | $ ./configure | ||
504 | $ sudo make install ; cd .. | ||
505 | @end example | ||
506 | |||
507 | @node Install libextractor from Git | ||
508 | @subsection Install libextractor from Git | ||
509 | |||
510 | Install libextractor dependencies: | ||
511 | |||
512 | @example | ||
513 | $ sudo apt-get install zlib1g-dev libgsf-1-dev libmpeg2-4-dev \ | ||
514 | libpoppler-dev libvorbis-dev libexiv2-dev libjpeg-dev \ | ||
515 | libtiff-dev libgif-dev libvorbis-dev libflac-dev libsmf-dev \ | ||
516 | g++ | ||
517 | @end example | ||
518 | |||
519 | Build libextractor: | ||
520 | |||
521 | @example | ||
522 | $ git clone https://gnunet.org/git/libextractor | ||
523 | $ cd libextractor | ||
524 | $ ./bootstrap | ||
525 | $ ./configure | ||
526 | $ sudo make install ; cd .. | ||
527 | @end example | ||
528 | |||
529 | @node Install GNUnet dependencies | ||
530 | @subsection Install GNUnet dependencies | ||
531 | |||
532 | @example | ||
533 | $ sudo apt-get install libidn11-dev libunistring-dev libglpk-dev \ | ||
534 | libpulse-dev libbluetooth-dev libsqlite-dev | ||
535 | @end example | ||
536 | |||
537 | Install libopus: | ||
538 | |||
539 | @example | ||
540 | $ wget http://downloads.xiph.org/releases/opus/opus-1.1.tar.gz | ||
541 | $ tar xf opus-1.1.tar.gz | ||
542 | $ cd opus-1.1/ | ||
543 | $ ./configure | ||
544 | $ sudo make install ; cd .. | ||
545 | @end example | ||
546 | |||
547 | Choose one or more database backends: | ||
548 | |||
549 | SQLite3: | ||
550 | @example | ||
551 | $ sudo apt-get install libsqlite3-dev | ||
552 | @end example | ||
553 | MySQL: | ||
554 | @example | ||
555 | $ sudo apt-get install libmysqlclient-dev | ||
556 | @end example | ||
557 | PostgreSQL: | ||
558 | @example | ||
559 | $ sudo apt-get install libpq-dev postgresql | ||
560 | @end example | ||
561 | |||
562 | |||
563 | |||
564 | @node Build GNUnet | ||
565 | @subsection Build GNUnet | ||
566 | |||
567 | |||
568 | |||
569 | @menu | ||
570 | * Configuring the installation path:: | ||
571 | * Configuring the system:: | ||
572 | * Installing components requiring sudo permission:: | ||
573 | * Build:: | ||
574 | @end menu | ||
575 | |||
576 | @node Configuring the installation path | ||
577 | @subsubsection Configuring the installation path | ||
578 | |||
579 | You can specify the location of the GNUnet installation by setting the prefix | ||
580 | when calling the configure script with @code{--prefix=DIRECTORY} | ||
581 | |||
582 | @example | ||
583 | $ export PATH=$PATH:DIRECTORY/bin | ||
584 | @end example | ||
585 | |||
586 | @node Configuring the system | ||
587 | @subsubsection Configuring the system | ||
588 | |||
589 | Please make sure NOW that you have created a user and group 'gnunet' | ||
590 | and additionally a group 'gnunetdns': | ||
591 | |||
592 | @example | ||
593 | $ sudo addgroup gnunet | ||
594 | $ sudo addgroup gnunetdns | ||
595 | $ sudo adduser gnunet | ||
596 | @end example | ||
597 | |||
598 | Each GNUnet user should be added to the 'gnunet' group (may | ||
599 | require fresh login to come into effect): | ||
600 | |||
601 | @example | ||
602 | $ sudo useradd -G gnunet | ||
603 | @end example | ||
604 | |||
605 | @node Installing components requiring sudo permission | ||
606 | @subsubsection Installing components requiring sudo permission | ||
607 | |||
608 | Some components, like the nss plugin required for GNS, may require root | ||
609 | permissions. To allow these few components to be installed use: | ||
610 | |||
611 | @example | ||
612 | $ ./configure --with-sudo | ||
613 | @end example | ||
614 | |||
615 | @node Build | ||
616 | @subsubsection Build | ||
617 | |||
618 | @example | ||
619 | $ git clone https://gnunet.org/git/gnunet/ | ||
620 | $ cd gnunet/ | ||
621 | $ ./bootstrap | ||
622 | @end example | ||
623 | |||
624 | Use the required configure call including the optional installation prefix | ||
625 | PREFIX or the sudo permissions: | ||
626 | |||
627 | @example | ||
628 | $ ./configure [ --with-sudo | --with-prefix=PREFIX ] | ||
629 | @end example | ||
630 | |||
631 | @example | ||
632 | $ make; sudo make install | ||
633 | @end example | ||
634 | |||
635 | After installing it, you need to create an empty configuration file: | ||
636 | |||
637 | @example | ||
638 | mkdir ~/.gnunet; touch ~/.gnunet/gnunet.conf | ||
639 | @end example | ||
640 | |||
641 | And finally you can start GNUnet with @code{$ gnunet-arm -s}. | ||
642 | |||
643 | @node Install the GNUnet-gtk user interface from Git | ||
644 | @subsection Install the GNUnet-gtk user interface from Git | ||
645 | |||
646 | |||
647 | Install depencies: | ||
648 | |||
649 | @example | ||
650 | $ sudo apt-get install libgtk-3-dev libunique-3.0-dev libgladeui-dev \ | ||
651 | libqrencode-dev | ||
652 | @end example | ||
653 | |||
654 | To build GNUnet (with an optional prefix)and execute: | ||
655 | |||
656 | @example | ||
657 | $ git clone https://gnunet.org/git/gnunet-gtk/ | ||
658 | $ cd gnunet-gtk/ | ||
659 | $ ./bootstrap | ||
660 | $ ./configure [--prefix=PREFIX] --with-gnunet=DIRECTORY | ||
661 | $ make; sudo make install | ||
662 | @end example | ||
663 | |||
664 | @node Build Instructions for Microsoft Windows Platforms | ||
665 | @section Build Instructions for Microsoft Windows Platforms | ||
666 | |||
667 | @menu | ||
668 | * Introduction to building on MS Windows:: | ||
669 | * Requirements:: | ||
670 | * Dependencies & Initial Setup:: | ||
671 | * GNUnet Installation:: | ||
672 | * Adjusting Windows for running and testing GNUnet:: | ||
673 | * Building the GNUnet Installer:: | ||
674 | * Using GNUnet with Netbeans on Windows:: | ||
675 | @end menu | ||
676 | |||
677 | @node Introduction to building on MS Windows | ||
678 | @subsection Introduction to building on MS Windows | ||
679 | |||
680 | |||
681 | This document is a guide to building GNUnet and its dependencies on Windows | ||
682 | platforms. GNUnet development is mostly done under Linux and especially SVN | ||
683 | checkouts may not build out of the box. We regret any inconvenience, and | ||
684 | if you have problems, please report them. | ||
685 | |||
686 | @node Requirements | ||
687 | @subsection Requirements | ||
688 | |||
689 | The Howto is based upon a @strong{Windows Server 2008 32bit@strong{ | ||
690 | Installation, @strong{sbuild} and thus a @uref{http://www.mingw.org/wiki/MSYS, | ||
691 | MSYS+MinGW} (W32-GCC-Compiler-Suite + Unix-like Userland) installation. sbuild | ||
692 | is a convenient set of scripts which creates a working msys/mingw installation | ||
693 | and installs most dependencies required for GNUnet. }} | ||
694 | |||
695 | As of the point of the creation of this Howto, GNUnet @strong{requires} a | ||
696 | Windows @strong{Server} 2003 or newer for full feature support. Windows Vista | ||
697 | and later will also work, but | ||
698 | @strong{non-server version can not run a VPN-Exit-Node} as the NAT features | ||
699 | have been removed as of Windows Vista. | ||
700 | |||
701 | @node Dependencies & Initial Setup | ||
702 | @subsection Dependencies & Initial Setup | ||
703 | |||
704 | |||
705 | @itemize @bullet | ||
706 | |||
707 | @item | ||
708 | Install a fresh version of @strong{Python 2.x}, even if you are using a x64-OS, | ||
709 | install a 32-bit version for use with sbuild. Python 3.0 currently is | ||
710 | incompatible. | ||
711 | |||
712 | @item | ||
713 | Install your favorite @uref{http://code.google.com/p/tortoisegit/, GIT} & | ||
714 | @uref{http://tortoisesvn.net/, SVN}-clients. | ||
715 | |||
716 | @item | ||
717 | You will also need some archive-manager like @uref{http://www.7-zip.org/, 7zip}. | ||
718 | |||
719 | @item | ||
720 | Pull a copy of sbuild to a directory of your choice, which will be used in the | ||
721 | remainder of this guide. For now, we will use @file{c:\gnunet\sbuild\} | ||
722 | |||
723 | @item | ||
724 | in @file{sbuild\src\mingw\mingw32-buildall.sh}, comment out the packages | ||
725 | @strong{gnunet-svn} and @strong{gnunet-gtk-svn}, as we don't want sbuild to | ||
726 | compile/install those for us. | ||
727 | |||
728 | @item | ||
729 | Follow LRN's sbuild installation instructions.- | ||
730 | @end itemize | ||
731 | |||
732 | Please note that sbuild may (or will most likely) fail during installation, | ||
733 | thus you really HAVE to @strong{check the logfiles} created during the | ||
734 | installation process. Certain packages may fail to build initially due to | ||
735 | missing dependencies, thus you may have to | ||
736 | @strong{substitute those with binary-versions initially}. Later on once | ||
737 | dependencies are satisfied you can re-build the newer package versions. | ||
738 | |||
739 | @strong{It is normal that you may have to repeat this step multiple times and | ||
740 | there is no uniform way to fix all compile-time issues, as the build-process | ||
741 | of many of the dependencies installed are rather unstable on win32 and certain | ||
742 | releases may not even compile at all.} | ||
743 | |||
744 | Most dependencies for GNUnet have been set up by sbuild, thus we now should add | ||
745 | the @file{bin/} directories in your new msys and mingw installations to PATH. | ||
746 | You will want to create a backup of your finished msys-environment by now. | ||
747 | |||
748 | @node GNUnet Installation | ||
749 | @subsection GNUnet Installation | ||
750 | |||
751 | First, we need to launch our msys-shell, you can do this via | ||
752 | |||
753 | @file{C:\gnunet\sbuild\msys\msys.bat} | ||
754 | |||
755 | You might wish to take a look at this file and adjust some login-parameters to | ||
756 | your msys environment. | ||
757 | |||
758 | Also, sbuild added two pointpoints to your msys-environment, though those | ||
759 | might remain invisible: | ||
760 | |||
761 | @itemize @bullet | ||
762 | |||
763 | @item | ||
764 | /mingw, which will mount your mingw-directory from sbuild/mingw and the other one is | ||
765 | |||
766 | @item | ||
767 | /src which contains all the installation sources sbuild just compiled. | ||
768 | @end itemize | ||
769 | |||
770 | Check out the current gnunet-sources (svn-head) from the gnunet-repository, | ||
771 | we will do this in your home directory: | ||
772 | |||
773 | @code{svn checkout https://gnunet.org/svn/gnunet/ ~/gnunet} | ||
774 | |||
775 | Now, we will first need to bootstrap the checked out installation and then | ||
776 | configure it accordingly. | ||
777 | |||
778 | @example | ||
779 | cd ~/gnunet | ||
780 | ./bootstrap | ||
781 | STRIP=true CPPFLAGS="-DUSE_IPV6=1 -DW32_VEH" CFLAGS="$CFLAGS -g -O2" \ | ||
782 | ./configure --prefix=/ --docdir=/share/doc/gnunet \ | ||
783 | --with-libiconv-prefix=/mingw --with-libintl-prefix=/mingw \ | ||
784 | --with-libcurl=/mingw --with-extractor=/mingw --with-sqlite=/mingw \ | ||
785 | --with-microhttpd=/mingw --with-plibc=/mingw --enable-benchmarks \ | ||
786 | --enable-expensivetests --enable-experimental --with-qrencode=/mingw \ | ||
787 | --enable-silent-rules --enable-experimental 2>&1 | tee -a ./configure.log | ||
788 | @end example | ||
789 | |||
790 | The parameters above will configure for a reasonable gnunet installation to the | ||
791 | your msys-root directory. Depending on which features your would like to build | ||
792 | or you may need to specify additional dependencies. Sbuild installed most libs | ||
793 | into the /mingw subdirectory, so remember to prefix library locations with | ||
794 | this path. | ||
795 | |||
796 | Like on a unixoid system, you might want to use your home directory as prefix | ||
797 | for your own gnunet installation for development, without tainting the | ||
798 | buildenvironment. Just change the "prefix" parameter to point towards | ||
799 | ~/ in this case. | ||
800 | |||
801 | Now it's time to compile gnunet as usual. Though this will take some time, so | ||
802 | you may fetch yourself a coffee or some Mate now... | ||
803 | |||
804 | @example | ||
805 | make ; make install | ||
806 | @end example | ||
807 | |||
808 | @node Adjusting Windows for running and testing GNUnet | ||
809 | @subsection Adjusting Windows for running and testing GNUnet | ||
810 | |||
811 | Assuming the build succeeded and you | ||
812 | @strong{added the bin directory of your gnunet to PATH}, you can now use your | ||
813 | gnunet-installation as usual. Remember that UAC or the windows firewall may | ||
814 | popup initially, blocking further execution of gnunet until you acknowledge | ||
815 | them (duh!). | ||
816 | |||
817 | You will also have to take the usual steps to get p2p software running properly | ||
818 | (port forwarding, ...), and gnunet will require administrative permissions as | ||
819 | it may even install a device-driver (in case you are using gnunet-vpn and/or | ||
820 | gnunet-exit). | ||
821 | |||
822 | @node Building the GNUnet Installer | ||
823 | @subsection Building the GNUnet Installer | ||
824 | |||
825 | The GNUnet installer is made with @uref{http://nsis.sourceforge.net/, NSIS} | ||
826 | The installer script is located in @file{contrib\win} in the | ||
827 | GNUnet source tree. | ||
828 | |||
829 | @node Using GNUnet with Netbeans on Windows | ||
830 | @subsection Using GNUnet with Netbeans on Windows | ||
831 | |||
832 | TODO | ||
833 | |||
834 | @node Build instructions for Debian 7.5 | ||
835 | @section Build instructions for Debian 7.5 | ||
836 | |||
837 | |||
838 | These are the installation instructions for Debian 7.5. They were tested using | ||
839 | a minimal, fresh Debian 7.5 AMD64 installation without non-free software | ||
840 | (no contrib or non-free). By "minimal", we mean that during installation, we | ||
841 | did not select any desktop environment, servers or system utilities during the | ||
842 | "tasksel" step. Note that the packages and the dependencies that we will | ||
843 | install during this chapter take about 1.5 GB of disk space. Combined with | ||
844 | GNUnet and space for objects during compilation, you should not even attempt | ||
845 | this unless you have about 2.5 GB free after the minimal Debian installation. | ||
846 | Using these instructions to build a VM image is likely to require a minimum of | ||
847 | 4-5 GB for the VM (as you will likely also want a desktop manager). | ||
848 | |||
849 | GNUnet's security model assumes that your @file{/home} directory is encrypted. | ||
850 | Thus, if possible, you should encrypt your home partition | ||
851 | (or per-user home directory). | ||
852 | |||
853 | Naturally, the exact details of the starting state for your installation | ||
854 | should not matter much. For example, if you selected any of those installation | ||
855 | groups you might simply already have some of the necessary packages installed. | ||
856 | We did this for testing, as this way we are less likely to forget to mention a | ||
857 | required package. Note that we will not install a desktop environment, but of | ||
858 | course you will need to install one to use GNUnet's graphical user interfaces. | ||
859 | Thus, it is suggested that you simply install the desktop environment of your | ||
860 | choice before beginning with the instructions. | ||
861 | |||
862 | |||
863 | |||
864 | @menu | ||
865 | * Update:: | ||
866 | * Stable? Hah!:: | ||
867 | * Update again:: | ||
868 | * Installing packages:: | ||
869 | * Installing dependencies from source:: | ||
870 | * Installing GNUnet from source:: | ||
871 | * But wait there is more!:: | ||
872 | @end menu | ||
873 | |||
874 | @node Update | ||
875 | @subsection Update | ||
876 | |||
877 | After any installation, you should begin by running | ||
878 | |||
879 | @example | ||
880 | # apt-get update ; apt-get upgrade | ||
881 | @end example | ||
882 | |||
883 | to ensure that all of your packages are up-to-date. Note that the "#" is used | ||
884 | to indicate that you need to type in this command as "root" | ||
885 | (or prefix with "sudo"), whereas "$" is used to indicate typing in a command | ||
886 | as a normal user. | ||
887 | |||
888 | @node Stable? Hah! | ||
889 | @subsection Stable? Hah! | ||
890 | |||
891 | Yes, we said we start with a Debian 7.5 "stable" system. However, to reduce the | ||
892 | amount of compilation by hand, we will begin by allowing the installation of | ||
893 | packages from the testing and unstable distributions as well. We will stick to | ||
894 | "stable" packages where possible, but some packages will be taken from the | ||
895 | other distributions. Start by modifying @file{/etc/apt/sources.list} to contain | ||
896 | the following (possibly adjusted to point to your mirror of choice): | ||
897 | @example | ||
898 | # These were there before: | ||
899 | deb http://ftp.de.debian.org/debian/ wheezy main | ||
900 | deb-src http://ftp.de.debian.org/debian/ wheezy main | ||
901 | deb http://security.debian.org/ wheezy/updates main | ||
902 | deb-src http://security.debian.org/ wheezy/updates main | ||
903 | deb http://ftp.de.debian.org/debian/ wheezy-updates main | ||
904 | deb-src http://ftp.de.debian.org/debian/ wheezy-updates main | ||
905 | |||
906 | # Add these lines (feel free to adjust the mirror): | ||
907 | deb http://ftp.de.debian.org/debian/ testing main | ||
908 | deb http://ftp.de.debian.org/debian/ unstable main | ||
909 | @end example | ||
910 | |||
911 | The next step is to create/edit your @file{/etc/apt/preferences} file to look | ||
912 | like this: | ||
913 | |||
914 | @example | ||
915 | Package: * | ||
916 | Pin: release a=stable,n=wheezy | ||
917 | Pin-Priority: 700 | ||
918 | |||
919 | Package: * | ||
920 | Pin: release o=Debian,a=testing | ||
921 | Pin-Priority: 650 | ||
922 | |||
923 | Package: * | ||
924 | Pin: release o=Debian,a=unstable | ||
925 | Pin-Priority: 600 | ||
926 | @end example | ||
927 | |||
928 | You can read more about Apt Preferences here and here. Note that other pinnings | ||
929 | are likely to also work for GNUnet, the key thing is that you need some | ||
930 | packages from unstable (as shown below). However, as unstable is unlikely to | ||
931 | be comprehensive (missing packages) or might be problematic (crashing packages), | ||
932 | you probably want others from stable and/or testing. | ||
933 | |||
934 | @node Update again | ||
935 | @subsection Update again | ||
936 | |||
937 | Now, run again@ | ||
938 | |||
939 | @example | ||
940 | # apt-get update@ | ||
941 | # apt-get upgrade@ | ||
942 | @end example | ||
943 | |||
944 | to ensure that all your new distribution indices are downloaded, and that your | ||
945 | pinning is correct: the upgrade step should cause no changes at all. | ||
946 | |||
947 | @node Installing packages | ||
948 | @subsection Installing packages | ||
949 | |||
950 | We begin by installing a few Debian packages from stable:@ | ||
951 | |||
952 | @example | ||
953 | # apt-get install gcc make python-zbar libltdl-dev libsqlite3-dev \ | ||
954 | libunistring-dev libopus-dev libpulse-dev openssl libglpk-dev \ | ||
955 | texlive libidn11-dev libmysqlclient-dev libpq-dev libarchive-dev \ | ||
956 | libbz2-dev libexiv2-dev libflac-dev libgif-dev libglib2.0-dev \ | ||
957 | libgtk-3-dev libmagic-dev libjpeg8-dev libmpeg2-4-dev libmp4v2-dev \ | ||
958 | librpm-dev libsmf-dev libtidy-dev libtiff5-dev libvorbis-dev \ | ||
959 | libogg-dev zlib1g-dev g++ gettext libgsf-1-dev libunbound-dev \ | ||
960 | libqrencode-dev libgladeui-dev nasm texlive-latex-extra \ | ||
961 | libunique-3.0-dev gawk miniupnpc libfuse-dev libbluetooth-dev | ||
962 | @end example | ||
963 | |||
964 | After that, we install a few more packages from unstable:@ | ||
965 | |||
966 | @example | ||
967 | # apt-get install -t unstable nettle-dev libgstreamer1.0-dev \ | ||
968 | gstreamer1.0-plugins-base gstreamer1.0-plugins-good \ | ||
969 | libgstreamer-plugins-base1.0-dev | ||
970 | @end example | ||
971 | |||
972 | @node Installing dependencies from source | ||
973 | @subsection Installing dependencies from source | ||
974 | |||
975 | Next, we need to install a few dependencies from source. You might want to do | ||
976 | this as a "normal" user and only run the @code{make install} steps as root | ||
977 | (hence the @code{sudo} in the commands below). Also, you do this from any | ||
978 | directory. We begin by downloading all dependencies, then extracting the | ||
979 | sources, and finally compiling and installing the libraries:@ | ||
980 | |||
981 | @example | ||
982 | $ wget https://libav.org/releases/libav-9.10.tar.xz | ||
983 | $ wget http://ftp.gnu.org/gnu/libextractor/libextractor-1.3.tar.gz | ||
984 | $ wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.12.tar.bz2 | ||
985 | $ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.0.tar.bz2 | ||
986 | $ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.7.tar.xz | ||
987 | $ wget http://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.33.tar.gz | ||
988 | $ wget https://gnunet.org/sites/default/files/gnurl-7.34.0.tar.bz2 | ||
989 | $ tar xvf libextractor-1.3.tar.gz | ||
990 | $ tar xvf libgpg-error-1.12.tar.bz2 | ||
991 | $ tar xvf libgcrypt-1.6.0.tar.bz2 | ||
992 | $ tar xvf gnutls-3.2.7.tar.xz | ||
993 | $ tar xvf libmicrohttpd-0.9.33.tar.gz | ||
994 | $ tar xvf gnurl-7.34.0.tar.bz2 | ||
995 | $ cd libav-0.9 ; ./configure --enable-shared; | ||
996 | $ make; sudo make install; cd .. | ||
997 | $ cd libextractor-1.3 ; ./configure; | ||
998 | $ make ; sudo make install; cd .. | ||
999 | $ cd libgpg-error-1.12; ./configure; | ||
1000 | $ make ; sudo make install; cd .. | ||
1001 | $ cd libgcrypt-1.6.0; ./configure --with-gpg-error-prefix=/usr/local; | ||
1002 | $ make ; sudo make install ; cd .. | ||
1003 | $ cd gnutls-3.2.7 ; ./configure; | ||
1004 | $ make ; sudo make install ; cd .. | ||
1005 | $ cd libmicrohttpd-0.9.33; ./configure; | ||
1006 | $ make ; sudo make install ; cd .. | ||
1007 | $ cd gnurl-7.34.0 | ||
1008 | $ ./configure --enable-ipv6 --with-gnutls=/usr/local --without-libssh2 \ | ||
1009 | --without-libmetalink --without-winidn --without-librtmp --without-nghttp2 \ | ||
1010 | --without-nss --without-cyassl --without-polarssl --without-ssl \ | ||
1011 | --without-winssl --without-darwinssl --disable-sspi --disable-ntlm-wb \ | ||
1012 | --disable-ldap --disable-rtsp --disable-dict --disable-telnet --disable-tftp \ | ||
1013 | --disable-pop3 --disable-imap --disable-smtp --disable-gopher --disable-file \ | ||
1014 | --disable-ftp | ||
1015 | $ make ; sudo make install; cd .. | ||
1016 | @end example | ||
1017 | |||
1018 | @node Installing GNUnet from source | ||
1019 | @subsection Installing GNUnet from source | ||
1020 | |||
1021 | |||
1022 | For this, simply follow the generic installation instructions from | ||
1023 | here. | ||
1024 | |||
1025 | @node But wait there is more! | ||
1026 | @subsection But wait there is more! | ||
1027 | |||
1028 | So far, we installed all of the packages and dependencies required to ensure | ||
1029 | that all of GNUnet would be built. However, while for example the plugins to | ||
1030 | interact with the MySQL or Postgres databases have been created, we did not | ||
1031 | actually install or configure those databases. Thus, you will need to install | ||
1032 | and configure those databases or stick with the default Sqlite database. | ||
1033 | Sqlite is usually fine for most applications, but MySQL can offer better | ||
1034 | performance and Postgres better resillience. | ||
1035 | |||
1036 | |||
1037 | @node Installing GNUnet from Git on Ubuntu 14.4 | ||
1038 | @section Installing GNUnet from Git on Ubuntu 14.4 | ||
1039 | |||
1040 | @strong{Install the required build tools:} | ||
1041 | @code{ $ sudo apt-get install git automake autopoint autoconf } | ||
1042 | |||
1043 | @strong{Install the required dependencies} | ||
1044 | @example | ||
1045 | $ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \ | ||
1046 | libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \ | ||
1047 | libmicrohttpd-dev libgnutls28-dev | ||
1048 | @end example | ||
1049 | |||
1050 | @strong{Choose one or more database backends} | ||
1051 | |||
1052 | SQLite3: | ||
1053 | @example | ||
1054 | $ sudo apt-get install libsqlite3-dev | ||
1055 | @end example | ||
1056 | MySQL: | ||
1057 | @example | ||
1058 | $ sudo apt-get install libmysqlclient-dev | ||
1059 | @end example | ||
1060 | PostgreSQL: | ||
1061 | @example | ||
1062 | $ sudo apt-get install libpq-dev postgresql | ||
1063 | @end example | ||
1064 | |||
1065 | @strong{Install the optional dependencies for gnunet-conversation:} | ||
1066 | |||
1067 | @example | ||
1068 | $ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev | ||
1069 | @end example | ||
1070 | |||
1071 | @strong{Install the libgrypt 1.6.1:} | ||
1072 | For Ubuntu 14.04: | ||
1073 | @example | ||
1074 | $ sudo apt-get install libgcrypt20-dev | ||
1075 | @end example | ||
1076 | For Ubuntu older 14.04: | ||
1077 | @example | ||
1078 | $ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2 | ||
1079 | $ tar xf libgcrypt-1.6.1.tar.bz2 | ||
1080 | $ cd libgcrypt-1.6.1 | ||
1081 | $ ./configure | ||
1082 | $ sudo make install | ||
1083 | $ cd .. | ||
1084 | @end example | ||
1085 | @strong{Install libgnurl} | ||
1086 | @example | ||
1087 | $ wget https://gnunet.org/sites/default/files/gnurl-7.35.0.tar.bz2 | ||
1088 | $ tar xf gnurl-7.35.0.tar.bz2 | ||
1089 | $ cd gnurl-7.35.0 | ||
1090 | $ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \ | ||
1091 | --without-libmetalink --without-winidn --without-librtmp --without-nghttp2 \ | ||
1092 | --without-nss --without-cyassl --without-polarssl --without-ssl \ | ||
1093 | --without-winssl --without-darwinssl --disable-sspi --disable-ntlm-wb \ | ||
1094 | --disable-ldap --disable-rtsp --disable-dict --disable-telnet --disable-tftp \ | ||
1095 | --disable-pop3 --disable-imap --disable-smtp --disable-gopher --disable-file \ | ||
1096 | --disable-ftp | ||
1097 | $ sudo make install | ||
1098 | $ cd .. | ||
1099 | @end example | ||
1100 | |||
1101 | @strong{Install GNUnet} | ||
1102 | @example | ||
1103 | $ git clone https://gnunet.org/git/gnunet/ | ||
1104 | $ cd gnunet/ | ||
1105 | $ ./bootstrap | ||
1106 | @end example | ||
1107 | |||
1108 | If you want to: | ||
1109 | @itemize @bullet | ||
1110 | |||
1111 | |||
1112 | @item | ||
1113 | Install to a different directory:@ | ||
1114 | --prefix=PREFIX | ||
1115 | |||
1116 | @item | ||
1117 | Have sudo permission, but do not want to compile as root:@ | ||
1118 | --with-sudo | ||
1119 | |||
1120 | @item | ||
1121 | Want debug message enabled:@ | ||
1122 | -- enable-logging=verbose | ||
1123 | @end itemize | ||
1124 | |||
1125 | |||
1126 | @code{@ | ||
1127 | $ ./configure [ --with-sudo | --prefix=PREFIX | --- enable-logging=verbose]@ | ||
1128 | $ make; sudo make install@ | ||
1129 | } | ||
1130 | |||
1131 | After installing it, you need to create an empty configuration file:@ | ||
1132 | @code{touch ~/.config/gnunet.conf} | ||
1133 | |||
1134 | And finally you can start GNUnet with@ | ||
1135 | @code{$ gnunet-arm -s} | ||
1136 | |||
1137 | @node Build instructions for Debian 8 | ||
1138 | @section Build instructions for Debian 8 | ||
1139 | |||
1140 | These are the installation instructions for Debian 8. They were tested using a | ||
1141 | fresh Debian 8 AMD64 installation without non-free software (no contrib or | ||
1142 | non-free). During installation, I only selected "lxde" for the desktop | ||
1143 | environment. Note that the packages and the dependencies that we will install | ||
1144 | during this chapter take about 1.5 GB of disk space. Combined with GNUnet and | ||
1145 | space for objects during compilation, you should not even attempt this unless | ||
1146 | you have about 2.5 GB free after the Debian installation. Using these | ||
1147 | instructions to build a VM image is likely to require a minimum of 4-5 GB for | ||
1148 | the VM (as you will likely also want a desktop manager). | ||
1149 | |||
1150 | GNUnet's security model assumes that your @code{/home} directory is encrypted. | ||
1151 | Thus, if possible, you should encrypt your entire disk, or at least just your | ||
1152 | home partition (or per-user home directory). | ||
1153 | |||
1154 | Naturally, the exact details of the starting state for your installation should | ||
1155 | not matter much. For example, if you selected any of those installation groups | ||
1156 | you might simply already have some of the necessary packages installed. Thus, | ||
1157 | it is suggested that you simply install the desktop environment of your choice | ||
1158 | before beginning with the instructions. | ||
1159 | |||
1160 | |||
1161 | @menu | ||
1162 | * Update Debian:: | ||
1163 | * Installing Debian Packages:: | ||
1164 | * Installing Dependencies from Source2:: | ||
1165 | * Installing GNUnet from Source2:: | ||
1166 | * But wait (again) there is more!:: | ||
1167 | @end menu | ||
1168 | |||
1169 | @node Update Debian | ||
1170 | @subsection Update Debian | ||
1171 | |||
1172 | After any installation, you should begin by running@ | ||
1173 | @code{@ | ||
1174 | # apt-get update@ | ||
1175 | # apt-get upgrade@ | ||
1176 | }@ | ||
1177 | to ensure that all of your packages are up-to-date. Note that the "#" is used | ||
1178 | to indicate that you need to type in this command as "root" (or prefix with | ||
1179 | "sudo"), whereas "$" is used to indicate typing in a command as a normal | ||
1180 | user. | ||
1181 | |||
1182 | @node Installing Debian Packages | ||
1183 | @subsection Installing Debian Packages | ||
1184 | |||
1185 | We begin by installing a few Debian packages from stable:@ | ||
1186 | @example | ||
1187 | # apt-get install gcc make python-zbar libltdl-dev libsqlite3-dev \ | ||
1188 | libunistring-dev libopus-dev libpulse-dev openssl libglpk-dev texlive \ | ||
1189 | libidn11-dev libmysqlclient-dev libpq-dev libarchive-dev libbz2-dev \ | ||
1190 | libflac-dev libgif-dev libglib2.0-dev libgtk-3-dev libmpeg2-4-dev \ | ||
1191 | libtidy-dev libvorbis-dev libogg-dev zlib1g-dev g++ gettext libgsf-1-dev \ | ||
1192 | libunbound-dev libqrencode-dev libgladeui-dev nasm texlive-latex-extra \ | ||
1193 | libunique-3.0-dev gawk miniupnpc libfuse-dev libbluetooth-dev \ | ||
1194 | gstreamer1.0-plugins-base gstreamer1.0-plugins-good \ | ||
1195 | libgstreamer-plugins-base1.0-dev nettle-dev libextractor-dev libgcrypt20-dev \ | ||
1196 | libmicrohttpd-dev | ||
1197 | @end example | ||
1198 | |||
1199 | @node Installing Dependencies from Source2 | ||
1200 | @subsection Installing Dependencies from Source2 | ||
1201 | |||
1202 | Yes, we said we start with a Debian 8 "stable" system, but because Debian | ||
1203 | linked GnuTLS without support for DANE, we need to compile a few things, in | ||
1204 | addition to GNUnet, still by hand. Yes, you can run GNUnet using the respective | ||
1205 | Debian packages, but then you will not get DANE support. | ||
1206 | |||
1207 | Next, we need to install a few dependencies from source. You might want to do | ||
1208 | this as a "normal" user and only run the @code{make install} steps as root | ||
1209 | (hence the @code{sudo} in the commands below). Also, you do this from any | ||
1210 | directory. We begin by downloading all dependencies, then extracting the | ||
1211 | sources, and finally compiling and installing the libraries:@ | ||
1212 | |||
1213 | @code{@ | ||
1214 | $ wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-3.3.12.tar.xz@ | ||
1215 | $ wget https://gnunet.org/sites/default/files/gnurl-7.40.0.tar.bz2@ | ||
1216 | $ tar xvf gnutls-3.3.12.tar.xz@ | ||
1217 | $ tar xvf gnurl-7.40.0.tar.bz2@ | ||
1218 | $ cd gnutls-3.3.12 ; ./configure ; make ; sudo make install ; cd ..@ | ||
1219 | $ cd gnurl-7.40.0@ | ||
1220 | $ ./configure --enable-ipv6 --with-gnutls=/usr/local --without-libssh2 \ | ||
1221 | --without-libmetalink --without-winidn --without-librtmp --without-nghttp2 \ | ||
1222 | --without-nss --without-cyassl --without-polarssl --without-ssl \ | ||
1223 | --without-winssl --without-darwinssl --disable-sspi --disable-ntlm-wb \ | ||
1224 | --disable-ldap --disable-rtsp --disable-dict --disable-telnet --disable-tftp \ | ||
1225 | --disable-pop3 --disable-imap --disable-smtp --disable-gopher --disable-file \ | ||
1226 | --disable-ftp --disable-smb | ||
1227 | $ make ; sudo make install; cd ..@ | ||
1228 | } | ||
1229 | |||
1230 | @node Installing GNUnet from Source2 | ||
1231 | @subsection Installing GNUnet from Source2 | ||
1232 | |||
1233 | For this, simply follow the generic installation instructions from@ | ||
1234 | here. | ||
1235 | |||
1236 | @node But wait (again) there is more! | ||
1237 | @subsection But wait (again) there is more! | ||
1238 | |||
1239 | So far, we installed all of the packages and dependencies required to ensure | ||
1240 | that all of GNUnet would be built. However, while for example the plugins to | ||
1241 | interact with the MySQL or Postgres databases have been created, we did not | ||
1242 | actually install or configure those databases. Thus, you will need to install | ||
1243 | and configure those databases or stick with the default Sqlite database. Sqlite | ||
1244 | is usually fine for most applications, but MySQL can offer better performance | ||
1245 | and Postgres better resillience. | ||
1246 | |||
1247 | @node Outdated build instructions for previous revisions | ||
1248 | @section Outdated build instructions for previous revisions | ||
1249 | |||
1250 | This chapter contains a collection of outdated, older installation guides. They | ||
1251 | are mostly intended to serve as a starting point for writing up-to-date | ||
1252 | instructions and should not be expected to work for GNUnet 0.10.x. | ||
1253 | A set of older installation instructions can also be found in the | ||
1254 | @file{doc/outdated-and-old-installation-instructions.txt} in the source | ||
1255 | of GNUnet. This file covers old instructions which no longer receive | ||
1256 | security updates or any kind of support. | ||
1257 | |||
1258 | |||
1259 | @menu | ||
1260 | * Installing GNUnet 0.10.1 on Ubuntu 14.04:: | ||
1261 | * Building GLPK for MinGW:: | ||
1262 | * GUI build instructions for Ubuntu 12.04 using Subversion:: | ||
1263 | * Installation with gnunet-update:: | ||
1264 | * Instructions for Microsoft Windows Platforms (Old):: | ||
1265 | @end menu | ||
1266 | |||
1267 | |||
1268 | @node Installing GNUnet 0.10.1 on Ubuntu 14.04 | ||
1269 | @subsection Installing GNUnet 0.10.1 on Ubuntu 14.04 | ||
1270 | |||
1271 | Install the required dependencies@ | ||
1272 | |||
1273 | @example | ||
1274 | $ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \ | ||
1275 | libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \ | ||
1276 | libmicrohttpd-dev libgnutls28-dev | ||
1277 | @end example | ||
1278 | |||
1279 | Choose one or more database backends@ | ||
1280 | SQLite3@ | ||
1281 | @code{@ | ||
1282 | $ sudo apt-get install libsqlite3-dev@ | ||
1283 | }@ | ||
1284 | MySQL@ | ||
1285 | @code{@ | ||
1286 | $ sudo apt-get install libmysqlclient-dev@ | ||
1287 | }@ | ||
1288 | PostgreSQL@ | ||
1289 | @code{@ | ||
1290 | $ sudo apt-get install libpq-dev postgresql@ | ||
1291 | } | ||
1292 | |||
1293 | Install the optional dependencies for gnunet-conversation:@ | ||
1294 | @code{@ | ||
1295 | $ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev@ | ||
1296 | } | ||
1297 | |||
1298 | Install the libgrypt 1.6:@ | ||
1299 | For Ubuntu 14.04:@ | ||
1300 | @code{$ sudo apt-get install libgcrypt20-dev}@ | ||
1301 | For Ubuntu older 14.04:@ | ||
1302 | @code{$ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2@ | ||
1303 | $ tar xf libgcrypt-1.6.1.tar.bz2@ | ||
1304 | $ cd libgcrypt-1.6.1@ | ||
1305 | $ ./configure@ | ||
1306 | $ sudo make install@ | ||
1307 | $ cd ..} | ||
1308 | |||
1309 | Install libgnurl@ | ||
1310 | @example | ||
1311 | $ wget https://gnunet.org/sites/default/files/gnurl-7.35.0.tar.bz2@ | ||
1312 | $ tar xf gnurl-7.35.0.tar.bz2@ | ||
1313 | $ cd gnurl-7.35.0@ | ||
1314 | $ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \ | ||
1315 | --without-libmetalink --without-winidn --without-librtmp --without-nghttp2 \ | ||
1316 | --without-nss --without-cyassl --without-polarssl --without-ssl \ | ||
1317 | --without-winssl --without-darwinssl --disable-sspi --disable-ntlm-wb \ | ||
1318 | --disable-ldap --disable-rtsp --disable-dict --disable-telnet --disable-tftp \ | ||
1319 | --disable-pop3 --disable-imap --disable-smtp --disable-gopher --disable-file \ | ||
1320 | --disable-ftp@ | ||
1321 | $ sudo make install@ | ||
1322 | $ cd ..@ | ||
1323 | @end example | ||
1324 | |||
1325 | Install GNUnet@ | ||
1326 | @code{@ | ||
1327 | $ wget http://ftpmirror.gnu.org/gnunet/gnunet-0.10.1.tar.gz@ | ||
1328 | $ tar xf gnunet-0.10.1.tar.gz@ | ||
1329 | $ cd gnunet-0.10.1@ | ||
1330 | } | ||
1331 | |||
1332 | If you want to: | ||
1333 | @itemize @bullet | ||
1334 | |||
1335 | @item | ||
1336 | Install to a different directory:@ | ||
1337 | --prefix=PREFIX | ||
1338 | |||
1339 | @item | ||
1340 | Have sudo permission, but do not want to compile as root:@ | ||
1341 | --with-sudo | ||
1342 | |||
1343 | @item | ||
1344 | Want debug message enabled:@ | ||
1345 | -- enable-logging=verbose | ||
1346 | @end itemize | ||
1347 | |||
1348 | @code{@ | ||
1349 | $ ./configure [ --with-sudo | --prefix=PREFIX | --enable-logging=verbose]@ | ||
1350 | $ make; sudo make install@ | ||
1351 | } | ||
1352 | |||
1353 | After installing it, you need to create an empty configuration file:@ | ||
1354 | @code{touch ~/.config/gnunet.conf} | ||
1355 | |||
1356 | And finally you can start GNUnet with@ | ||
1357 | @code{$ gnunet-arm -s} | ||
1358 | |||
1359 | @node Building GLPK for MinGW | ||
1360 | @subsection Building GLPK for MinGW | ||
1361 | |||
1362 | GNUnet now requires the GNU Linear Programming Kit (GLPK). Since there's is no | ||
1363 | package you can install with @code{mingw-get} you have to compile it from | ||
1364 | source: | ||
1365 | |||
1366 | @itemize @bullet | ||
1367 | |||
1368 | @item | ||
1369 | Download the latest version from http://ftp.gnu.org/gnu/glpk/ | ||
1370 | |||
1371 | @item | ||
1372 | Unzip it using your favourite unzipper@ | ||
1373 | In the MSYS shell: | ||
1374 | |||
1375 | @item | ||
1376 | change to the respective directory | ||
1377 | |||
1378 | @item | ||
1379 | @code{./configure '--build=i686-pc-mingw32'} | ||
1380 | |||
1381 | @item | ||
1382 | run @code{make install check } | ||
1383 | |||
1384 | MinGW does not automatically detect the correct buildtype so you have to | ||
1385 | specify it manually | ||
1386 | @end itemize | ||
1387 | |||
1388 | |||
1389 | @node GUI build instructions for Ubuntu 12.04 using Subversion | ||
1390 | @subsection GUI build instructions for Ubuntu 12.04 using Subversion | ||
1391 | |||
1392 | After installing GNUnet you can continue installing the GNUnet GUI tools: | ||
1393 | |||
1394 | First, install the required dependencies: | ||
1395 | |||
1396 | @code{@ | ||
1397 | $ sudo apt-get install libgladeui-dev libqrencode-dev@ | ||
1398 | } | ||
1399 | |||
1400 | Please ensure that the GNUnet shared libraries can be found by the linker. If | ||
1401 | you installed GNUnet libraries in a non standard path (say | ||
1402 | GNUNET_PREFIX=/usr/local/lib/), you can | ||
1403 | @itemize @bullet | ||
1404 | |||
1405 | |||
1406 | @item | ||
1407 | set the environmental variable permanently to@ | ||
1408 | @code{LD_LIBRARY_PATH=$GNUNET_PREFIX} | ||
1409 | |||
1410 | @item | ||
1411 | or add @code{$GNUNET_PREFIX} to @code{/etc/ld.so.conf} | ||
1412 | @end itemize | ||
1413 | |||
1414 | |||
1415 | Now you can checkout and compile the GNUnet GUI tools@ | ||
1416 | @code{@ | ||
1417 | $ svn co https://gnunet.org/svn/gnunet-gtk@ | ||
1418 | $ cd gnunet-gtk@ | ||
1419 | $ ./bootstrap@ | ||
1420 | $ ./configure --prefix=$GNUNET_PREFIX/.. --with-gnunet=$GNUNET_PREFIX/..@ | ||
1421 | $ make install@ | ||
1422 | } | ||
1423 | |||
1424 | @node Installation with gnunet-update | ||
1425 | @subsection Installation with gnunet-update | ||
1426 | |||
1427 | gnunet-update project is an effort to introduce updates to GNUnet | ||
1428 | installations. An interesting to-be-implemented-feature of gnunet-update is | ||
1429 | that these updates are propagated through GNUnet's peer-to-peer network. More | ||
1430 | information about gnunet-update can be found at | ||
1431 | https://gnunet.org/svn/gnunet-update/README. | ||
1432 | |||
1433 | While the project is still under development, we have implemented the following | ||
1434 | features which we believe may be helpful for users and we would like them to be | ||
1435 | tested: | ||
1436 | |||
1437 | @itemize @bullet | ||
1438 | |||
1439 | @item | ||
1440 | Packaging GNUnet installation along with its run-time dependencies into update | ||
1441 | packages | ||
1442 | |||
1443 | @item | ||
1444 | Installing update packages into compatible hosts | ||
1445 | |||
1446 | @item | ||
1447 | Updating an existing installation (which had been installed by gnunet-update) | ||
1448 | to a newer one | ||
1449 | @end itemize | ||
1450 | |||
1451 | The above said features of gnunet-update are currently available for testing on | ||
1452 | GNU/Linux systems. | ||
1453 | |||
1454 | The following is a guide to help you get started with gnunet-update. It shows | ||
1455 | you how to install the testing binary packages of GNUnet 0.9.1 we have at | ||
1456 | https://gnunet.org/install/ | ||
1457 | |||
1458 | gnunet-update needs the following: | ||
1459 | |||
1460 | @itemize @bullet | ||
1461 | @item | ||
1462 | python ( 2.6 or above) | ||
1463 | |||
1464 | @item | ||
1465 | gnupg | ||
1466 | |||
1467 | @item | ||
1468 | python-gpgme | ||
1469 | @end itemize | ||
1470 | |||
1471 | |||
1472 | Checkout gnunet-update:@ | ||
1473 | @code{@ | ||
1474 | $ svn checkout -r24905 https://gnunet.org/svn/gnunet-update@ | ||
1475 | } | ||
1476 | |||
1477 | For security reasons, all packages released for gnunet-update from us are | ||
1478 | signed with the key at https://gnunet.org/install/key.txt You would need to | ||
1479 | import this key into your gpg key ring. gnunet-update uses this key to verify | ||
1480 | the integrity of the packages it installs@ | ||
1481 | @code{@ | ||
1482 | $ gpg --recv-keys 7C613D78@ | ||
1483 | } | ||
1484 | |||
1485 | Download the packages relevant to your architecture (currently I have access to | ||
1486 | GNU/Linux machines on x86_64 and i686, so only two for now, hopefully more | ||
1487 | later) from https://gnunet.org/install/. | ||
1488 | |||
1489 | To install the downloaded package into the directory /foo: | ||
1490 | |||
1491 | @code{@ | ||
1492 | gnunet-update/bin/gnunet-update install downloaded/package /foo@ | ||
1493 | } | ||
1494 | |||
1495 | The installer reports the directories into which shared libraries and | ||
1496 | dependencies have been installed. You may need to add the reported shared | ||
1497 | library installation paths to LD_LIBRARY_PATH before you start running any | ||
1498 | installed binaries. | ||
1499 | |||
1500 | Please report bugs at https://gnunet.org/bugs/ under the project | ||
1501 | 'gnunet-update'. | ||
1502 | |||
1503 | @node Instructions for Microsoft Windows Platforms (Old) | ||
1504 | @subsection Instructions for Microsoft Windows Platforms (Old) | ||
1505 | |||
1506 | This document is a DEPRECATED installation guide for gnunet on windows. It will | ||
1507 | not work for recent gnunet versions, but maybe it will be of some use if | ||
1508 | problems arise. | ||
1509 | |||
1510 | The Windows build uses a UNIX emulator for Windows, | ||
1511 | @uref{http://www.mingw.org/, MinGW}, to build the executable modules. These | ||
1512 | modules run natively on Windows and do not require additional emulation | ||
1513 | software besides the usual dependencies. | ||
1514 | |||
1515 | GNUnet development is mostly done under Linux and especially SVN checkouts may | ||
1516 | not build out of the box. We regret any inconvenience, and if you have | ||
1517 | problems, please report them. | ||
1518 | |||
1519 | |||
1520 | |||
1521 | @menu | ||
1522 | * Hardware and OS requirements:: | ||
1523 | * Software installation:: | ||
1524 | * Building libextractor and GNUnet:: | ||
1525 | * Installer:: | ||
1526 | * Source:: | ||
1527 | @end menu | ||
1528 | |||
1529 | @node Hardware and OS requirements | ||
1530 | @subsubsection Hardware and OS requirements | ||
1531 | |||
1532 | @itemize @bullet | ||
1533 | |||
1534 | @item | ||
1535 | Pentium II or equivalent processor, 350 MHz or better | ||
1536 | |||
1537 | @item | ||
1538 | 128 MB RAM | ||
1539 | |||
1540 | @item | ||
1541 | 600 MB free disk space | ||
1542 | |||
1543 | @item | ||
1544 | Windows 2000 or Windows XP are recommended | ||
1545 | @end itemize | ||
1546 | |||
1547 | @node Software installation | ||
1548 | @subsubsection Software installation | ||
1549 | |||
1550 | @itemize @bullet | ||
1551 | |||
1552 | @item | ||
1553 | @strong{Compression software}@ | ||
1554 | @ | ||
1555 | The software packages GNUnet depends on are usually compressed using UNIX | ||
1556 | tools like tar, gzip and bzip2.@ If you do not already have an utility that is | ||
1557 | able to extract such archives, get @uref{http://www.7-zip.org/, 7-Zip}. | ||
1558 | |||
1559 | @item | ||
1560 | @strong{UNIX environment}@ | ||
1561 | @ | ||
1562 | The MinGW project provides the compiler toolchain that is used to build | ||
1563 | GNUnet.@ Get the following packages from | ||
1564 | @uref{http://sourceforge.net/projects/mingw/files/, the MinGW project}: | ||
1565 | @itemize @bullet | ||
1566 | |||
1567 | |||
1568 | @item | ||
1569 | GCC core | ||
1570 | |||
1571 | @item | ||
1572 | GCC g++ | ||
1573 | |||
1574 | @item | ||
1575 | MSYS | ||
1576 | |||
1577 | @item | ||
1578 | MSYS Developer Tool Kit (msysDTK) | ||
1579 | |||
1580 | @item | ||
1581 | MSYS Developer Tool Kit - msys-autoconf (bin) | ||
1582 | |||
1583 | @item | ||
1584 | MSYS Developer Tool Kit - msys-automake (bin) | ||
1585 | |||
1586 | @item | ||
1587 | MinGW Runtime | ||
1588 | |||
1589 | @item | ||
1590 | MinGW Utilities | ||
1591 | |||
1592 | @item | ||
1593 | Windows API | ||
1594 | |||
1595 | @item | ||
1596 | Binutils | ||
1597 | |||
1598 | @item | ||
1599 | make | ||
1600 | |||
1601 | @item | ||
1602 | pdcurses | ||
1603 | |||
1604 | @item | ||
1605 | GDB (snapshot) | ||
1606 | @end itemize | ||
1607 | |||
1608 | @itemize @bullet | ||
1609 | |||
1610 | |||
1611 | @item | ||
1612 | Install MSYS (to c:\mingw, for example.)@ | ||
1613 | Do @strong{not} use spaces in the pathname (c:\program files\mingw). | ||
1614 | |||
1615 | @item | ||
1616 | Install MinGW runtime, utilities and GCC to a subdirectory (to c:\mingw\mingw, | ||
1617 | for example) | ||
1618 | |||
1619 | @item | ||
1620 | Install the Development Kit to the MSYS directory (c:\mingw) | ||
1621 | |||
1622 | @item | ||
1623 | Create a batch file bash.bat in your MSYS directory with the files:@ | ||
1624 | |||
1625 | @example | ||
1626 | bin\sh.exe --login | ||
1627 | @end example | ||
1628 | |||
1629 | |||
1630 | This batch file opens a shell which is used to invoke the build processes..@ | ||
1631 | MinGW's standard shell (msys.bat) is not suitable because it opens a separate | ||
1632 | console window@ On Vista, bash.bat needs to be run as administrator. | ||
1633 | |||
1634 | @item | ||
1635 | Start bash.sh and rename (c:\mingw\mingw\)lib\libstdc++.la to avoid problems:@ | ||
1636 | |||
1637 | @example | ||
1638 | mv /usr/mingw/lib/libstdc++.la /usr/mingw/lib/libstdc++.la.broken | ||
1639 | @end example | ||
1640 | |||
1641 | |||
1642 | @item | ||
1643 | Unpack the Windows API to the MinGW directory (c:\mingw\mingw\) and remove the | ||
1644 | declaration of DATADIR from (c:\mingw\mingw\)include\objidl.h (lines 55-58) | ||
1645 | |||
1646 | @item | ||
1647 | Unpack autoconf, automake to the MSYS directory (c:\mingw) | ||
1648 | |||
1649 | @item | ||
1650 | Install all other packages to the MinGW directory (c:\mingw\mingw\) | ||
1651 | @end itemize | ||
1652 | |||
1653 | |||
1654 | @item | ||
1655 | @strong{GNU Libtool}@ | ||
1656 | @ | ||
1657 | GNU Libtool is required to use shared libraries.@ | ||
1658 | @ | ||
1659 | Get the prebuilt package from here and unpack it to the MinGW directory | ||
1660 | (c:\mingw) | ||
1661 | |||
1662 | @item | ||
1663 | @strong{Pthreads}@ | ||
1664 | @ | ||
1665 | GNUnet uses the portable POSIX thread library for multi-threading..@ | ||
1666 | |||
1667 | @itemize @bullet | ||
1668 | |||
1669 | |||
1670 | @item | ||
1671 | Save @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x86 | ||
1672 | /libpthreadGC2.a, libpthreadGC2.a} (x86) or @uref{ftp://sources.redhat.c | ||
1673 | om/pub/pthreads-win32/dll-latest/lib/x64/libpthreadGC2.a, libpthreadGC2. | ||
1674 | a} (x64) as libpthread.a into the lib directory (c:\mingw\mingw\lib\libpt | ||
1675 | hread.a) | ||
1676 | |||
1677 | @item | ||
1678 | Save @uref{ftp://sources.redhat.com/pub/pthreads-win32/dll-latest/lib/x86 | ||
1679 | /pthreadGC2.dll, pthreadGC2.dll} (x86) or @uref{ftp://sources.redhat.c | ||
1680 | om/pub/pthreads-win32/dll-latest/lib/x64/pthreadGC2.dll, libpthreadGC2.a} | ||
1681 | (x64) into the MinGW bin directory (c:\mingw\mingw\bin) | ||
1682 | |||
1683 | @item | ||
1684 | Download all header files from @uref{ftp://sources.redhat.com/pub/pthread | ||
1685 | s-win32/dll-latest/include/, include/} to the @file{include} directory | ||
1686 | (c:\mingw\mingw\include) | ||
1687 | @end itemize | ||
1688 | |||
1689 | |||
1690 | @item | ||
1691 | @strong{GNU MP@ | ||
1692 | }@ | ||
1693 | @ | ||
1694 | GNUnet uses the GNU Multiple Precision library for special cryptographic operations.@ | ||
1695 | @ | ||
1696 | Get the GMP binary package from the | ||
1697 | @uref{http://sourceforge.net/projects/mingwrep/, MinGW repository} and | ||
1698 | unpack it to the MinGW directory (c:\mingw\mingw) | ||
1699 | |||
1700 | @item | ||
1701 | @strong{GNU Gettext}@ | ||
1702 | @ | ||
1703 | GNU gettext is used to provide national language support.@ | ||
1704 | @ | ||
1705 | Get the prebuilt package from hereand unpack it to the MinGW directory (c:\mingw\mingw) | ||
1706 | |||
1707 | @item | ||
1708 | @strong{GNU iconv}@ | ||
1709 | @ | ||
1710 | GNU Libiconv is used for character encoding conversion.@ | ||
1711 | @ | ||
1712 | Get the prebuilt package from here and unpack it to the MinGW directory (c:\mingw\mingw) | ||
1713 | |||
1714 | @item | ||
1715 | @strong{SQLite}@ | ||
1716 | @ | ||
1717 | GNUnet uses the SQLite database to store data.@ | ||
1718 | @ | ||
1719 | Get the prebuilt binary from here and unpack it to your MinGW directory. | ||
1720 | |||
1721 | @item @strong{MySQL}@ | ||
1722 | As an alternative to SQLite, GNUnet also supports MySQL. | ||
1723 | |||
1724 | @itemize @bullet | ||
1725 | |||
1726 | @item Get the binary installer from the | ||
1727 | @uref{http://dev.mysql.com/downloads/mysql/4.1.html#Windows, MySQL project} | ||
1728 | (version 4.1), install it and follow the instructions in README.mysql. | ||
1729 | |||
1730 | @item Create a temporary build directory (c:\mysql) | ||
1731 | |||
1732 | @item Copy the directories include\ and lib\ from the MySQL directory to | ||
1733 | the new directory | ||
1734 | |||
1735 | @item Get the patches from | ||
1736 | @uref{http://bugs.mysql.com/bug.php?id=8906&files=1, Bug #8906} and | ||
1737 | @uref{http://bugs.mysql.com/bug.php?id=8872&files=1, Bug #8872} (the | ||
1738 | latter is only required for MySQL | ||
1739 | |||
1740 | @example | ||
1741 | patch -p 0 | ||
1742 | @end example | ||
1743 | |||
1744 | @item Move lib\opt\libmysql.dll to lib\libmysql.dll | ||
1745 | |||
1746 | @item Change to lib\ and create an import library:@ | ||
1747 | |||
1748 | @example | ||
1749 | dlltool --input-def ../include/libmySQL.def --dllname libmysql.dll | ||
1750 | --output-lib libmysqlclient.a -k | ||
1751 | @end example | ||
1752 | |||
1753 | @item Copy include\* to include\mysql\ | ||
1754 | |||
1755 | @item Pass "--with-mysql=/c/mysql" to ./configure and copy libmysql.dll | ||
1756 | to your PATH or GNUnet's @file{bin} directory | ||
1757 | @end itemize | ||
1758 | |||
1759 | |||
1760 | @item | ||
1761 | @strong{GTK+}@ | ||
1762 | @ | ||
1763 | gnunet-gtk and libextractor depend on GTK.@ | ||
1764 | @ | ||
1765 | Get the the binary and developer packages of atk, glib, gtk, iconv, | ||
1766 | gettext-runtime, pango from | ||
1767 | @uref{ftp://ftp.gtk.org/pub/gtk/v2.6/win32, gtk.org} and unpack it to the | ||
1768 | MinGW directory (c:\mingw\mingw)@ | ||
1769 | @ | ||
1770 | Get @uref{http://www.gtk.org/download/win32.php, pkg-config} and libpng | ||
1771 | and unpack them to the MinGW directory (c:\mingw\mingw)@ | ||
1772 | @ | ||
1773 | Here is an all-in-one package for | ||
1774 | @uref{http://ftp.gnome.org/pub/gnome/binaries/win32/gtk+/2.24/gtk+-bundle_2.24.10-20120208_win32.zip, gtk+dependencies}. | ||
1775 | Do not overwrite any existing files! | ||
1776 | |||
1777 | @item | ||
1778 | @strong{Glade}@ | ||
1779 | @ | ||
1780 | gnunet-gtk and and gnunet-setup were created using this interface builder | ||
1781 | |||
1782 | @itemize @bullet | ||
1783 | |||
1784 | |||
1785 | @item | ||
1786 | Get the Glade and libglade (-bin and -devel) packages (without GTK!) from | ||
1787 | @uref{http://gladewin32.sourceforge.net/, GladeWin32} and unpack it to | ||
1788 | the MinGW directory (c:\mingw\mingw) | ||
1789 | |||
1790 | @item | ||
1791 | Get libxml from here and unpack it to the MinGW | ||
1792 | directory (c:\mingw\mingw). | ||
1793 | @end itemize | ||
1794 | |||
1795 | |||
1796 | @item | ||
1797 | @strong{zLib}@ | ||
1798 | @ | ||
1799 | libextractor requires zLib to decompress some file formats. GNUnet uses it | ||
1800 | to (de)compress meta-data.@ | ||
1801 | @ | ||
1802 | Get zLib from here (Signature) and unpack it to the | ||
1803 | MinGW directory (c:\mingw\mingw) | ||
1804 | |||
1805 | @item | ||
1806 | @strong{Bzip2}@ | ||
1807 | @ | ||
1808 | libextractor also requires Bzip2 to decompress some file formats.@ | ||
1809 | @ | ||
1810 | Get Bzip2 (binary and developer package) from | ||
1811 | @uref{http://gnuwin32.sourceforge.net/packages/bzip2.htm, GnuWin32} and | ||
1812 | unpack it to the MinGW directory (c:\mingw\mingw) | ||
1813 | |||
1814 | @item | ||
1815 | @strong{Libgcrypt}@ | ||
1816 | @ | ||
1817 | Libgcrypt provides the cryptographic functions used by GNUnet@ | ||
1818 | @ | ||
1819 | Get Libgcrypt from @uref{ftp://ftp.gnupg.org/gcrypt/libgcrypt/, here}, | ||
1820 | compile and place it in the MinGW directory (c:\mingw\mingw). Currently | ||
1821 | you need at least version 1.4.2 to compile GNUnet. | ||
1822 | |||
1823 | @item | ||
1824 | @strong{PlibC}@ | ||
1825 | @ | ||
1826 | PlibC emulates Unix functions under Windows.@ | ||
1827 | @ | ||
1828 | Get PlibC from here and unpack it to the MinGW | ||
1829 | directory (c:\mingw\mingw) | ||
1830 | |||
1831 | @item | ||
1832 | @strong{OGG Vorbis}@ | ||
1833 | @ | ||
1834 | OGG Vorbis is used to extract meta-data from .ogg files@ | ||
1835 | @ | ||
1836 | Get the packages | ||
1837 | @uref{http://www.gnunet.org/libextractor/download/win/libogg-1.1.4.zip, libogg} | ||
1838 | and | ||
1839 | @uref{http://www.gnunet.org/libextractor/download/win/libvorbis-1.2.3.zip, libvorbis} | ||
1840 | from the | ||
1841 | @uref{http://ftp.gnu.org/gnu/libextractor/libextractor-w32-1.0.0.zip, libextractor win32 build} | ||
1842 | and unpack them to the MinGW directory (c:\mingw\mingw) | ||
1843 | |||
1844 | @item | ||
1845 | @strong{Exiv2}@ | ||
1846 | @ | ||
1847 | (lib)Exiv2 is used to extract meta-data from files with Exiv2 meta-data@ | ||
1848 | @ | ||
1849 | Download | ||
1850 | @uref{http://www.gnunet.org/libextractor/download/win/exiv2-0.18.2.zip, Exiv2} | ||
1851 | and unpack it to the MSYS directory (c:\mingw) | ||
1852 | @end itemize | ||
1853 | |||
1854 | @node Building libextractor and GNUnet | ||
1855 | @subsubsection Building libextractor and GNUnet | ||
1856 | |||
1857 | Before you compile libextractor or GNUnet, be sure to set PKG_CONFIG_PATH: | ||
1858 | |||
1859 | @example | ||
1860 | export PKG_CONFIG_PATH=/mingw/lib/pkgconfig | ||
1861 | @end example | ||
1862 | |||
1863 | @noindent | ||
1864 | See Installation for basic instructions on building libextractor | ||
1865 | and GNUnet. By default, all modules that are created in this way contain | ||
1866 | debug information and are quite large. To compile release versions (small | ||
1867 | and fast) set the variable CFLAGS: | ||
1868 | |||
1869 | @example | ||
1870 | export CFLAGS='-O2 -march=pentium -fomit-frame-pointer' | ||
1871 | ./configure --prefix=$HOME --with-extractor=$HOME | ||
1872 | @end example | ||
1873 | |||
1874 | @node Installer | ||
1875 | @subsubsection Installer | ||
1876 | |||
1877 | The GNUnet installer is made with | ||
1878 | @uref{http://nsis.sourceforge.net/, NSIS}. The installer script is | ||
1879 | located in @file{contrib\win} in the GNUnet source tree. | ||
1880 | |||
1881 | @node Source | ||
1882 | @subsubsection Source | ||
1883 | |||
1884 | The sources of all dependencies are available here. | ||
1885 | |||
1886 | @node Portable GNUnet | ||
1887 | @section Portable GNUnet | ||
1888 | |||
1889 | Quick instructions on how to use the most recent GNUnet on most GNU/Linux | ||
1890 | distributions | ||
1891 | |||
1892 | Currently this has only been tested on Ubuntu 12.04, 12.10, 13.04, Debian | ||
1893 | and CentOS 6, but it should work on almost any GNU/Linux distribution. | ||
1894 | More in-detail information can be found in the handbook. | ||
1895 | |||
1896 | |||
1897 | |||
1898 | @menu | ||
1899 | * Prerequisites:: | ||
1900 | * Download & set up gnunet-update:: | ||
1901 | * Install GNUnet:: | ||
1902 | @end menu | ||
1903 | |||
1904 | @node Prerequisites | ||
1905 | @subsection Prerequisites | ||
1906 | |||
1907 | Open a terminal and paste this line into it to install all required tools | ||
1908 | needed:@ | ||
1909 | @code{sudo apt-get install python-gpgme subversion} | ||
1910 | |||
1911 | @node Download & set up gnunet-update | ||
1912 | @subsection Download & set up gnunet-update | ||
1913 | |||
1914 | The following command will download a working version of gnunet-update | ||
1915 | with the subversion tool and import the public key which is needed for | ||
1916 | authentication: | ||
1917 | |||
1918 | @example | ||
1919 | svn checkout -r24905 https://gnunet.org/svn/gnunet-update ~/gnunet-update | ||
1920 | cd ~/gnunet-update | ||
1921 | gpg --keyserver "hkp://keys.gnupg.net" --recv-keys 7C613D78 | ||
1922 | @end example | ||
1923 | |||
1924 | @node Install GNUnet | ||
1925 | @subsection Install GNUnet | ||
1926 | |||
1927 | Download and install GNUnet binaries which can be found here and set | ||
1928 | library paths: | ||
1929 | |||
1930 | @example | ||
1931 | wget -P /tmp https://gnunet.org/install/packs/gnunet-0.9.4-`uname -m`.tgz | ||
1932 | ./bin/gnunet-update install /tmp/gnunet-0.9*.tgz ~ | ||
1933 | echo "PATH DEFAULT=$@{PATH@}:$HOME/bin" >> ~/.pam_environment | ||
1934 | echo -e "$@{HOME@}/lib\n$@{HOME@}/lib/gnunet-deps" | sudo tee \ | ||
1935 | /etc/ld.so.conf.d/gnunet.conf > /dev/null | ||
1936 | sudo ldconfig | ||
1937 | @end example | ||
1938 | |||
1939 | You may need to re-login once after executing these last commands | ||
1940 | |||
1941 | That's it, GNUnet is installed in your home directory now. GNUnet can be | ||
1942 | configured and afterwards started by executing @code{gnunet-arm -s}. | ||
1943 | |||
1944 | @node The graphical configuration interface | ||
1945 | @section The graphical configuration interface | ||
1946 | |||
1947 | If you also would like to use gnunet-gtk and gnunet-setup (highly | ||
1948 | recommended for beginners), do: | ||
1949 | |||
1950 | @example | ||
1951 | wget -P /tmp https://gnunet.org/install/packs/gnunet-0.9.4-gtk-0.9.4-`uname -m`.tgz | ||
1952 | sh ~/gnunet-update/bin/gnunet-update install /tmp/gnunet-*gtk*.tgz ~ | ||
1953 | sudo ldconfig | ||
1954 | @end example | ||
1955 | |||
1956 | Now you can run @code{gnunet-setup} for easy configuration of your | ||
1957 | GNUnet peer. | ||
1958 | |||
1959 | @menu | ||
1960 | * Configuring your peer:: | ||
1961 | * Configuring the Friend-to-Friend (F2F) mode:: | ||
1962 | * Configuring the hostlist to bootstrap:: | ||
1963 | * Configuration of the HOSTLIST proxy settings:: | ||
1964 | * Configuring your peer to provide a hostlist :: | ||
1965 | * Configuring the datastore:: | ||
1966 | * Configuring the MySQL database:: | ||
1967 | * Reasons for using MySQL:: | ||
1968 | * Reasons for not using MySQL:: | ||
1969 | * Setup Instructions:: | ||
1970 | * Testing:: | ||
1971 | * Performance Tuning:: | ||
1972 | * Setup for running Testcases:: | ||
1973 | * Configuring the Postgres database:: | ||
1974 | * Reasons to use Postgres:: | ||
1975 | * Reasons not to use Postgres:: | ||
1976 | * Manual setup instructions:: | ||
1977 | * Testing the setup manually:: | ||
1978 | * Configuring the datacache:: | ||
1979 | * Configuring the file-sharing service:: | ||
1980 | * Configuring logging:: | ||
1981 | * Configuring the transport service and plugins:: | ||
1982 | * Configuring the wlan transport plugin:: | ||
1983 | * Configuring HTTP(S) reverse proxy functionality using Apache or nginx:: | ||
1984 | * Blacklisting peers:: | ||
1985 | * Configuration of the HTTP and HTTPS transport plugins:: | ||
1986 | * Configuring the GNU Name System:: | ||
1987 | * Configuring the GNUnet VPN:: | ||
1988 | * Bandwidth Configuration:: | ||
1989 | * Configuring NAT:: | ||
1990 | * Peer configuration for distributions:: | ||
1991 | @end menu | ||
1992 | |||
1993 | @node Configuring your peer | ||
1994 | @subsection Configuring your peer | ||
1995 | |||
1996 | This chapter will describe the various configuration options in GNUnet. | ||
1997 | |||
1998 | The easiest way to configure your peer is to use the gnunet-setup tool. | ||
1999 | gnunet-setup is part of the gnunet-gtk download. You might have to | ||
2000 | install it separately. | ||
2001 | |||
2002 | Many of the specific sections from this chapter actually are linked from | ||
2003 | within gnunet-setup to help you while using the setup tool. | ||
2004 | |||
2005 | While you can also configure your peer by editing the configuration | ||
2006 | file by hand, this is not recommended for anyone except for developers. | ||
2007 | |||
2008 | |||
2009 | @node Configuring the Friend-to-Friend (F2F) mode | ||
2010 | @subsection Configuring the Friend-to-Friend (F2F) mode | ||
2011 | |||
2012 | GNUnet knows three basic modes of operation. In standard "peer-to-peer" | ||
2013 | mode, your peer will connect to any peer. In the pure "friend-to-friend" | ||
2014 | mode, your peer will ONLY connect to peers from a list of friends | ||
2015 | specified in the configuration. | ||
2016 | Finally, in mixed mode, GNUnet will only connect to arbitrary peers if it | ||
2017 | has at least a specified number of connections to friends. | ||
2018 | |||
2019 | When configuring any of the F2F modes, you first need to create a file | ||
2020 | with the peer identities of your friends. Ask your friends to run | ||
2021 | |||
2022 | @example | ||
2023 | $ gnunet-peerinfo -sq | ||
2024 | @end example | ||
2025 | |||
2026 | @noindent | ||
2027 | The output of this command needs to be added to your friends file, which | ||
2028 | is simply a plain text file with one line per friend with the output from | ||
2029 | the above command. | ||
2030 | |||
2031 | You then specify the location of your friends file in the "FRIENDS" | ||
2032 | option of the "topology" section. | ||
2033 | |||
2034 | Once you have created the friends file, you can tell GNUnet to only | ||
2035 | connect to your friends by setting the "FRIENDS-ONLY" option (again in | ||
2036 | the "topology" section) to YES. | ||
2037 | |||
2038 | If you want to run in mixed-mode, set "FRIENDS-ONLY" to NO and configure a | ||
2039 | minimum number of friends to have (before connecting to arbitrary peers) | ||
2040 | under the "MINIMUM-FRIENDS" option. | ||
2041 | |||
2042 | If you want to operate in normal P2P-only mode, simply set | ||
2043 | "MINIMUM-FRIENDS" to zero and "FRIENDS_ONLY" to NO. This is the default. | ||
2044 | |||
2045 | @node Configuring the hostlist to bootstrap | ||
2046 | @subsection Configuring the hostlist to bootstrap | ||
2047 | |||
2048 | After installing the software you need to get connected to the GNUnet | ||
2049 | network. The configuration file included in your download is already | ||
2050 | configured to connect you to the GNUnet network. | ||
2051 | In this section the relevant configuration settings are explained. | ||
2052 | |||
2053 | To get an initial connection to the GNUnet network and to get to know | ||
2054 | peers already connected to the network you can use the so called | ||
2055 | bootstrap servers. | ||
2056 | These servers can give you a list of peers connected to the network. | ||
2057 | To use these bootstrap servers you have to configure the hostlist daemon | ||
2058 | to activate bootstrapping. | ||
2059 | |||
2060 | To activate bootstrapping edit your configuration file and edit the | ||
2061 | @code{[hostlist]}-section. You have to set the argument "-b" in the | ||
2062 | options line: | ||
2063 | |||
2064 | @example | ||
2065 | [hostlist] | ||
2066 | OPTIONS = -b | ||
2067 | @end example | ||
2068 | |||
2069 | Additionally you have to specify which server you want to use. | ||
2070 | The default bootstrapping server is | ||
2071 | "@uref{http://v10.gnunet.org/hostlist, http://v10.gnunet.org/hostlist}". | ||
2072 | [^] To set the server you have to edit the line "SERVERS" in the hostlist | ||
2073 | section. To use the default server you should set the lines to | ||
2074 | |||
2075 | @example | ||
2076 | SERVERS = http://v10.gnunet.org/hostlist [^] | ||
2077 | @end example | ||
2078 | |||
2079 | @noindent | ||
2080 | To use bootstrapping your configuration file should include these lines: | ||
2081 | |||
2082 | @example | ||
2083 | [hostlist] | ||
2084 | OPTIONS = -b | ||
2085 | SERVERS = http://v10.gnunet.org/hostlist [^] | ||
2086 | @end example | ||
2087 | |||
2088 | @noindent | ||
2089 | Besides using bootstrap servers you can configure your GNUnet peer to | ||
2090 | recieve hostlist advertisements. | ||
2091 | Peers offering hostlists to other peers can send advertisement messages | ||
2092 | to peers that connect to them. If you configure your peer to receive these | ||
2093 | messages, your peer can download these lists and connect to the peers | ||
2094 | included. These lists are persistent, which means that they are saved to | ||
2095 | your hard disk regularly and are loaded during startup. | ||
2096 | |||
2097 | To activate hostlist learning you have to add the "-e" switch to the | ||
2098 | OPTIONS line in the hostlist section: | ||
2099 | |||
2100 | @example | ||
2101 | [hostlist] | ||
2102 | OPTIONS = -b -e | ||
2103 | @end example | ||
2104 | |||
2105 | @noindent | ||
2106 | Furthermore you can specify in which file the lists are saved. To save the | ||
2107 | lists in the file "hostlists.file" just add the line: | ||
2108 | |||
2109 | @example | ||
2110 | HOSTLISTFILE = hostlists.file | ||
2111 | @end example | ||
2112 | |||
2113 | @noindent | ||
2114 | Best practice is to activate both bootstrapping and hostlist learning. | ||
2115 | So your configuration file should include these lines: | ||
2116 | |||
2117 | @example | ||
2118 | [hostlist] | ||
2119 | OPTIONS = -b -e | ||
2120 | HTTPPORT = 8080 | ||
2121 | SERVERS = http://v10.gnunet.org/hostlist [^] | ||
2122 | HOSTLISTFILE = $SERVICEHOME/hostlists.file | ||
2123 | @end example | ||
2124 | |||
2125 | @node Configuration of the HOSTLIST proxy settings | ||
2126 | @subsection Configuration of the HOSTLIST proxy settings | ||
2127 | |||
2128 | The hostlist client can be configured to use a proxy to connect to the | ||
2129 | hostlist server. | ||
2130 | This functionality can be configured in the configuration file directly | ||
2131 | or using the gnunet-setup tool. | ||
2132 | |||
2133 | The hostlist client supports the following proxy types at the moment: | ||
2134 | |||
2135 | @itemize @bullet | ||
2136 | @item HTTP and HTTP 1.0 only proxy | ||
2137 | @item SOCKS 4/4a/5/5 with hostname | ||
2138 | @end itemize | ||
2139 | |||
2140 | In addition authentication at the proxy with username and password can be | ||
2141 | configured. | ||
2142 | |||
2143 | To configure proxy support for the hostlist client in the gnunet-setup | ||
2144 | tool, select the "hostlist" tab and select the appropriate proxy type. | ||
2145 | The hostname or IP address (including port if required) has to be entered | ||
2146 | in the "Proxy hostname" textbox. If required, enter username and password | ||
2147 | in the "Proxy username" and "Proxy password" boxes. | ||
2148 | Be aware that these information will be stored in the configuration in | ||
2149 | plain text. | ||
2150 | |||
2151 | To configure these options directly in the configuration, you can | ||
2152 | configure the following settings in the | ||
2153 | @code{[hostlist]} section of the configuration: | ||
2154 | |||
2155 | @example | ||
2156 | # Type of proxy server,@ | ||
2157 | # Valid values: HTTP, HTTP_1_0, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME@ | ||
2158 | # Default: HTTP@ | ||
2159 | # PROXY_TYPE = HTTP | ||
2160 | |||
2161 | # Hostname or IP of proxy server@ | ||
2162 | # PROXY =@ | ||
2163 | # User name for proxy server@ | ||
2164 | # PROXY_USERNAME =@ | ||
2165 | # User password for proxy server@ | ||
2166 | # PROXY_PASSWORD =@ | ||
2167 | @end example | ||
2168 | |||
2169 | @node Configuring your peer to provide a hostlist | ||
2170 | @subsection Configuring your peer to provide a hostlist | ||
2171 | |||
2172 | If you operate a peer permanently connected to GNUnet you can configure | ||
2173 | your peer to act as a hostlist server, providing other peers the list of | ||
2174 | peers known to him. | ||
2175 | |||
2176 | Yor server can act as a bootstrap server and peers needing to obtain a | ||
2177 | list of peers can contact him to download this list. | ||
2178 | To download this hostlist the peer uses HTTP. | ||
2179 | For this reason you have to build your peer with libcurl and microhttpd | ||
2180 | support. How you build your peer with this options can be found here: | ||
2181 | @uref{https://gnunet.org/generic_installation} | ||
2182 | |||
2183 | To configure your peer to act as a bootstrap server you have to add the | ||
2184 | "@code{-p}" option to OPTIONS in the @code{[hostlist]} section of your | ||
2185 | configuration file. Besides that you have to specify a port number for | ||
2186 | the http server. In conclusion you have to add the following lines: | ||
2187 | |||
2188 | @example | ||
2189 | [hostlist] | ||
2190 | HTTPPORT = 12980 | ||
2191 | OPTIONS = -p | ||
2192 | @end example | ||
2193 | |||
2194 | @noindent | ||
2195 | If your peer acts as a bootstrap server other peers should know about | ||
2196 | that. You can advertise the hostlist your are providing to other peers. | ||
2197 | Peers connecting to your peer will get a message containing an | ||
2198 | advertisement for your hostlist and the URL where it can be downloaded. | ||
2199 | If this peer is in learning mode, it will test the hostlist and, in the | ||
2200 | case it can obtain the list successfully, it will save it for | ||
2201 | bootstrapping. | ||
2202 | |||
2203 | To activate hostlist advertisement on your peer, you have to set the | ||
2204 | following lines in your configuration file: | ||
2205 | |||
2206 | @example | ||
2207 | [hostlist] | ||
2208 | EXTERNAL_DNS_NAME = example.org | ||
2209 | HTTPPORT = 12981 | ||
2210 | OPTIONS = -p -a | ||
2211 | @end example | ||
2212 | |||
2213 | @noindent | ||
2214 | With this configuration your peer will a act as a bootstrap server and | ||
2215 | advertise this hostlist to other peers connecting to him. The URL used to | ||
2216 | download the list will be | ||
2217 | @code{@uref{http://example.org:12981/, http://example.org:12981/}}. | ||
2218 | |||
2219 | Please notice: | ||
2220 | @itemize @bullet | ||
2221 | @item The hostlist is not human readable, so you should not try to | ||
2222 | download it using your webbrowser. Just point your GNUnet peer to the | ||
2223 | address! | ||
2224 | @item Advertising without providing a hostlist does not make sense and | ||
2225 | will not work. | ||
2226 | @end itemize | ||
2227 | |||
2228 | @node Configuring the datastore | ||
2229 | @subsection Configuring the datastore | ||
2230 | |||
2231 | The datastore is what GNUnet uses to for long-term storage of file-sharing | ||
2232 | data. Note that long-term does not mean 'forever' since content does have | ||
2233 | an expiration date, and of course storage space is finite (and hence | ||
2234 | sometimes content may have to be discarded). | ||
2235 | |||
2236 | Use the "QUOTA" option to specify how many bytes of storage space you are | ||
2237 | willing to dedicate to GNUnet. | ||
2238 | |||
2239 | In addition to specifying the maximum space GNUnet is allowed to use for | ||
2240 | the datastore, you need to specify which database GNUnet should use to do | ||
2241 | so. Currently, you have the choice between sqLite, MySQL and Postgres. | ||
2242 | |||
2243 | @node Configuring the MySQL database | ||
2244 | @subsection Configuring the MySQL database | ||
2245 | |||
2246 | This section describes how to setup the MySQL database for GNUnet. | ||
2247 | |||
2248 | Note that the mysql plugin does NOT work with mysql before 4.1 since we | ||
2249 | need prepared statements. | ||
2250 | We are generally testing the code against MySQL 5.1 at this point. | ||
2251 | |||
2252 | @node Reasons for using MySQL | ||
2253 | @subsection Reasons for using MySQL | ||
2254 | |||
2255 | @itemize @bullet | ||
2256 | |||
2257 | @item | ||
2258 | On up-to-date hardware where mysql can be used comfortably, this module | ||
2259 | will have better performance than the other database choices (according | ||
2260 | to our tests). | ||
2261 | |||
2262 | @item Its often possible to recover the mysql database from internal | ||
2263 | inconsistencies. Some of the other databases do not support repair. | ||
2264 | @end itemize | ||
2265 | |||
2266 | @node Reasons for not using MySQL | ||
2267 | @subsection Reasons for not using MySQL | ||
2268 | |||
2269 | @itemize @bullet | ||
2270 | @item Memory usage (likely not an issue if you have more than 1 GB) | ||
2271 | @item Complex manual setup | ||
2272 | @end itemize | ||
2273 | |||
2274 | @node Setup Instructions | ||
2275 | @subsection Setup Instructions | ||
2276 | |||
2277 | @itemize @bullet | ||
2278 | @item In @code{gnunet.conf} set in section "DATASTORE" the value for | ||
2279 | "DATABASE" to "mysql". | ||
2280 | @item Access mysql as root:@ | ||
2281 | |||
2282 | @example | ||
2283 | $ mysql -u root -p | ||
2284 | @end example | ||
2285 | |||
2286 | @noindent | ||
2287 | and issue the following commands, replacing $USER with the username | ||
2288 | that will be running gnunet-arm (so typically "gnunet"): | ||
2289 | |||
2290 | @example | ||
2291 | CREATE DATABASE gnunet; | ||
2292 | GRANT select,insert,update,delete,create,alter,drop,create temporary tables | ||
2293 | ON gnunet.* TO $USER@@localhost; | ||
2294 | SET PASSWORD FOR $USER@@localhost=PASSWORD('$the_password_you_like'); | ||
2295 | FLUSH PRIVILEGES; | ||
2296 | @end example | ||
2297 | |||
2298 | @item | ||
2299 | In the $HOME directory of $USER, create a ".my.cnf" file with the | ||
2300 | following lines | ||
2301 | |||
2302 | @example | ||
2303 | [client] | ||
2304 | user=$USER | ||
2305 | password=$the_password_you_like | ||
2306 | @end example | ||
2307 | |||
2308 | @end itemize | ||
2309 | |||
2310 | Thats it. Note that @code{.my.cnf} file is a slight security risk unless | ||
2311 | its on a safe partition. The $HOME/.my.cnf can of course be a symbolic | ||
2312 | link. Luckily $USER has only priviledges to mess up GNUnet's tables, | ||
2313 | which should be pretty harmless. | ||
2314 | |||
2315 | @node Testing | ||
2316 | @subsection Testing | ||
2317 | |||
2318 | You should briefly try if the database connection works. First, login | ||
2319 | as $USER. Then use: | ||
2320 | |||
2321 | @example | ||
2322 | $ mysql -u $USER | ||
2323 | mysql> use gnunet; | ||
2324 | @end example | ||
2325 | |||
2326 | @noindent | ||
2327 | If you get the message "Database changed" it probably works. | ||
2328 | |||
2329 | If you get "ERROR 2002: Can't connect to local MySQL server@ | ||
2330 | through socket '/tmp/mysql.sock' (2)" it may be resolvable by@ | ||
2331 | "ln -s /var/run/mysqld/mysqld.sock /tmp/mysql.sock"@ | ||
2332 | so there may be some additional trouble depending on your mysql setup. | ||
2333 | |||
2334 | @node Performance Tuning | ||
2335 | @subsection Performance Tuning | ||
2336 | |||
2337 | For GNUnet, you probably want to set the option | ||
2338 | |||
2339 | @example | ||
2340 | innodb_flush_log_at_trx_commit = 0 | ||
2341 | @end example | ||
2342 | |||
2343 | @noindent | ||
2344 | for a rather dramatic boost in MySQL performance. However, this reduces | ||
2345 | the "safety" of your database as with this options you may loose | ||
2346 | transactions during a power outage. | ||
2347 | While this is totally harmless for GNUnet, the option applies to all | ||
2348 | applications using MySQL. So you should set it if (and only if) GNUnet is | ||
2349 | the only application on your system using MySQL. | ||
2350 | |||
2351 | @node Setup for running Testcases | ||
2352 | @subsection Setup for running Testcases | ||
2353 | |||
2354 | If you want to run the testcases, you must create a second database | ||
2355 | "gnunetcheck" with the same username and password. This database will | ||
2356 | then be used for testing ("make check"). | ||
2357 | |||
2358 | @node Configuring the Postgres database | ||
2359 | @subsection Configuring the Postgres database | ||
2360 | |||
2361 | This text describes how to setup the Postgres database for GNUnet. | ||
2362 | |||
2363 | This Postgres plugin was developed for Postgres 8.3 but might work for | ||
2364 | earlier versions as well. | ||
2365 | |||
2366 | @node Reasons to use Postgres | ||
2367 | @subsection Reasons to use Postgres | ||
2368 | |||
2369 | @itemize @bullet | ||
2370 | @item Easier to setup than MySQL | ||
2371 | @item Real database | ||
2372 | @end itemize | ||
2373 | |||
2374 | @node Reasons not to use Postgres | ||
2375 | @subsection Reasons not to use Postgres | ||
2376 | |||
2377 | @itemize @bullet | ||
2378 | @item Quite slow | ||
2379 | @item Still some manual setup required | ||
2380 | @end itemize | ||
2381 | |||
2382 | @node Manual setup instructions | ||
2383 | @subsection Manual setup instructions | ||
2384 | |||
2385 | @itemize @bullet | ||
2386 | @item In @code{gnunet.conf} set in section "DATASTORE" the value for | ||
2387 | "DATABASE" to "postgres". | ||
2388 | @item Access Postgres to create a user:@ | ||
2389 | |||
2390 | @table @asis | ||
2391 | @item with Postgres 8.x, use: | ||
2392 | |||
2393 | @example | ||
2394 | # su - postgres | ||
2395 | $ createuser | ||
2396 | @end example | ||
2397 | |||
2398 | @noindent | ||
2399 | and enter the name of the user running GNUnet for the role interactively. | ||
2400 | Then, when prompted, do not set it to superuser, allow the creation of | ||
2401 | databases, and do not allow the creation of new roles.@ | ||
2402 | |||
2403 | @item with Postgres 9.x, use: | ||
2404 | |||
2405 | @example | ||
2406 | # su - postgres | ||
2407 | $ createuser -d $GNUNET_USER | ||
2408 | @end example | ||
2409 | |||
2410 | @noindent | ||
2411 | where $GNUNET_USER is the name of the user running GNUnet.@ | ||
2412 | |||
2413 | @end table | ||
2414 | |||
2415 | |||
2416 | @item | ||
2417 | As that user (so typically as user "gnunet"), create a database (or two):@ | ||
2418 | |||
2419 | @example | ||
2420 | $ createdb gnunet | ||
2421 | # this way you can run "make check" | ||
2422 | $ createdb gnunetcheck | ||
2423 | @end example | ||
2424 | |||
2425 | @end itemize | ||
2426 | |||
2427 | Now you should be able to start @code{gnunet-arm}. | ||
2428 | |||
2429 | @node Testing the setup manually | ||
2430 | @subsection Testing the setup manually | ||
2431 | |||
2432 | You may want to try if the database connection works. First, again login | ||
2433 | as the user who will run gnunet-arm. Then use, | ||
2434 | |||
2435 | @example | ||
2436 | $ psql gnunet # or gnunetcheck | ||
2437 | gnunet=> \dt | ||
2438 | @end example | ||
2439 | |||
2440 | @noindent | ||
2441 | If, after you have started gnunet-arm at least once, you get | ||
2442 | a @code{gn090} table here, it probably works. | ||
2443 | |||
2444 | @node Configuring the datacache | ||
2445 | @subsection Configuring the datacache | ||
2446 | @c %**end of header | ||
2447 | |||
2448 | The datacache is what GNUnet uses for storing temporary data. This data is | ||
2449 | expected to be wiped completely each time GNUnet is restarted (or the | ||
2450 | system is rebooted). | ||
2451 | |||
2452 | You need to specify how many bytes GNUnet is allowed to use for the | ||
2453 | datacache using the "QUOTA" option in the section "dhtcache". | ||
2454 | Furthermore, you need to specify which database backend should be used to | ||
2455 | store the data. Currently, you have the choice between | ||
2456 | sqLite, MySQL and Postgres. | ||
2457 | |||
2458 | @node Configuring the file-sharing service | ||
2459 | @subsection Configuring the file-sharing service | ||
2460 | |||
2461 | In order to use GNUnet for file-sharing, you first need to make sure | ||
2462 | that the file-sharing service is loaded. | ||
2463 | This is done by setting the AUTOSTART option in section "fs" to "YES". | ||
2464 | Alternatively, you can run | ||
2465 | |||
2466 | @example | ||
2467 | $ gnunet-arm -i fs | ||
2468 | @end example | ||
2469 | |||
2470 | @noindent | ||
2471 | to start the file-sharing service by hand. | ||
2472 | |||
2473 | Except for configuring the database and the datacache the only important | ||
2474 | option for file-sharing is content migration. | ||
2475 | |||
2476 | Content migration allows your peer to cache content from other peers as | ||
2477 | well as send out content stored on your system without explicit requests. | ||
2478 | This content replication has positive and negative impacts on both system | ||
2479 | performance and privacy. | ||
2480 | |||
2481 | FIXME: discuss the trade-offs. Here is some older text about it... | ||
2482 | |||
2483 | Setting this option to YES allows gnunetd to migrate data to the local | ||
2484 | machine. Setting this option to YES is highly recommended for efficiency. | ||
2485 | Its also the default. If you set this value to YES, GNUnet will store | ||
2486 | content on your machine that you cannot decrypt. | ||
2487 | While this may protect you from liability if the judge is sane, it may | ||
2488 | not (IANAL). If you put illegal content on your machine yourself, setting | ||
2489 | this option to YES will probably increase your chances to get away with it | ||
2490 | since you can plausibly deny that you inserted the content. | ||
2491 | Note that in either case, your anonymity would have to be broken first | ||
2492 | (which may be possible depending on the size of the GNUnet network and the | ||
2493 | strength of the adversary). | ||
2494 | |||
2495 | @node Configuring logging | ||
2496 | @subsection Configuring logging | ||
2497 | |||
2498 | Logging in GNUnet 0.9.0 is controlled via the "-L" and "-l" options. | ||
2499 | Using "-L", a log level can be specified. With log level "ERROR" only | ||
2500 | serious errors are logged. | ||
2501 | The default log level is "WARNING" which causes anything of | ||
2502 | concern to be logged. Log level "INFO" can be used to log anything that | ||
2503 | might be interesting information whereas "DEBUG" can be used by | ||
2504 | developers to log debugging messages (but you need to run configure with | ||
2505 | @code{--enable-logging=verbose} to get them compiled). | ||
2506 | The "-l" option is used to specify the log file. | ||
2507 | |||
2508 | Since most GNUnet services are managed by @code{gnunet-arm}, using the | ||
2509 | "-l" or "-L" options directly is not possible. | ||
2510 | Instead, they can be specified using the "OPTIONS" configuration value in | ||
2511 | the respective section for the respective service. | ||
2512 | In order to enable logging globally without editing the "OPTIONS" values | ||
2513 | for each service, @code{gnunet-arm} supports a "GLOBAL_POSTFIX" option. | ||
2514 | The value specified here is given as an extra option to all services for | ||
2515 | which the configuration does contain a service-specific "OPTIONS" field. | ||
2516 | |||
2517 | "GLOBAL_POSTFIX" can contain the special sequence "@{@}" which is replaced | ||
2518 | by the name of the service that is being started. Furthermore, | ||
2519 | @code{GLOBAL_POSTFIX} is special in that sequences starting with "$" | ||
2520 | anywhere in the string are expanded (according to options in "PATHS"); | ||
2521 | this expansion otherwise is only happening for filenames and then the "$" | ||
2522 | must be the first character in the option. Both of these restrictions do | ||
2523 | not apply to "GLOBAL_POSTFIX". | ||
2524 | Note that specifying @code{%} anywhere in the "GLOBAL_POSTFIX" disables | ||
2525 | both of these features. | ||
2526 | |||
2527 | In summary, in order to get all services to log at level "INFO" to | ||
2528 | log-files called @code{SERVICENAME-logs}, the following global prefix | ||
2529 | should be used: | ||
2530 | |||
2531 | @example | ||
2532 | GLOBAL_POSTFIX = -l $SERVICEHOME/@{@}-logs -L INFO | ||
2533 | @end example | ||
2534 | |||
2535 | @node Configuring the transport service and plugins | ||
2536 | @subsection Configuring the transport service and plugins | ||
2537 | |||
2538 | The transport service in GNUnet is responsible to maintain basic | ||
2539 | connectivity to other peers. | ||
2540 | Besides initiating and keeping connections alive it is also responsible | ||
2541 | for address validation. | ||
2542 | |||
2543 | The GNUnet transport supports more than one transport protocol. | ||
2544 | These protocols are configured together with the transport service. | ||
2545 | |||
2546 | The configuration section for the transport service itself is quite | ||
2547 | similar to all the other services | ||
2548 | |||
2549 | @example | ||
2550 | AUTOSTART = YES@ | ||
2551 | @@UNIXONLY@@ PORT = 2091@ | ||
2552 | HOSTNAME = localhost@ | ||
2553 | HOME = $SERVICEHOME@ | ||
2554 | CONFIG = $DEFAULTCONFIG@ | ||
2555 | BINARY = gnunet-service-transport@ | ||
2556 | #PREFIX = valgrind@ | ||
2557 | NEIGHBOUR_LIMIT = 50@ | ||
2558 | ACCEPT_FROM = 127.0.0.1;@ | ||
2559 | ACCEPT_FROM6 = ::1;@ | ||
2560 | PLUGINS = tcp udp@ | ||
2561 | UNIXPATH = /tmp/gnunet-service-transport.sock@ | ||
2562 | @end example | ||
2563 | |||
2564 | Different are the settings for the plugins to load @code{PLUGINS}. | ||
2565 | The first setting specifies which transport plugins to load. | ||
2566 | |||
2567 | @itemize @bullet | ||
2568 | @item transport-unix | ||
2569 | A plugin for local only communication with UNIX domain sockets. Used for | ||
2570 | testing and available on unix systems only. Just set the port | ||
2571 | |||
2572 | @example | ||
2573 | [transport-unix]@ | ||
2574 | PORT = 22086@ | ||
2575 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
2576 | @end example | ||
2577 | |||
2578 | @item transport-tcp | ||
2579 | A plugin for communication with TCP. Set port to 0 for client mode with | ||
2580 | outbound only connections | ||
2581 | |||
2582 | @example | ||
2583 | [transport-tcp]@ | ||
2584 | # Use 0 to ONLY advertise as a peer behind NAT (no port binding)@ | ||
2585 | PORT = 2086@ | ||
2586 | ADVERTISED_PORT = 2086@ | ||
2587 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
2588 | # Maximum number of open TCP connections allowed@ | ||
2589 | MAX_CONNECTIONS = 128@ | ||
2590 | @end example | ||
2591 | |||
2592 | @item transport-udp | ||
2593 | A plugin for communication with UDP. Supports peer discovery using | ||
2594 | broadcasts. | ||
2595 | |||
2596 | @example | ||
2597 | [transport-udp]@ | ||
2598 | PORT = 2086@ | ||
2599 | BROADCAST = YES@ | ||
2600 | BROADCAST_INTERVAL = 30 s@ | ||
2601 | MAX_BPS = 1000000@ | ||
2602 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
2603 | @end example | ||
2604 | |||
2605 | @item transport-http | ||
2606 | HTTP and HTTPS support is split in two part: a client plugin initiating | ||
2607 | outbound connections and a server part accepting connections from the | ||
2608 | client. The client plugin just takes the maximum number of connections as | ||
2609 | an argument. | ||
2610 | |||
2611 | @example | ||
2612 | [transport-http_client]@ | ||
2613 | MAX_CONNECTIONS = 128@ | ||
2614 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
2615 | @end example | ||
2616 | |||
2617 | @example | ||
2618 | [transport-https_client]@ | ||
2619 | MAX_CONNECTIONS = 128@ | ||
2620 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
2621 | @end example | ||
2622 | |||
2623 | @noindent | ||
2624 | The server has a port configured and the maximum nunber of connections. | ||
2625 | The HTTPS part has two files with the certificate key and the certificate | ||
2626 | file. | ||
2627 | |||
2628 | The server plugin supports reverse proxies, so a external hostname can be | ||
2629 | set using the @code{EXTERNAL_HOSTNAME} setting. | ||
2630 | The webserver under this address should forward the request to the peer | ||
2631 | and the configure port. | ||
2632 | |||
2633 | @example | ||
2634 | [transport-http_server]@ | ||
2635 | EXTERNAL_HOSTNAME = fulcrum.net.in.tum.de/gnunet@ | ||
2636 | PORT = 1080@ | ||
2637 | MAX_CONNECTIONS = 128@ | ||
2638 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
2639 | @end example | ||
2640 | |||
2641 | @example | ||
2642 | [transport-https_server]@ | ||
2643 | PORT = 4433@ | ||
2644 | CRYPTO_INIT = NORMAL@ | ||
2645 | KEY_FILE = https.key@ | ||
2646 | CERT_FILE = https.cert@ | ||
2647 | MAX_CONNECTIONS = 128@ | ||
2648 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
2649 | @end example | ||
2650 | |||
2651 | @item transport-wlan | ||
2652 | |||
2653 | There is a special article how to setup the WLAN plugin, so here only the | ||
2654 | settings. Just specify the interface to use: | ||
2655 | |||
2656 | @example | ||
2657 | [transport-wlan]@ | ||
2658 | # Name of the interface in monitor mode (typically monX)@ | ||
2659 | INTERFACE = mon0@ | ||
2660 | # Real hardware, no testing@ | ||
2661 | TESTMODE = 0@ | ||
2662 | TESTING_IGNORE_KEYS = ACCEPT_FROM;@ | ||
2663 | @end example | ||
2664 | @end itemize | ||
2665 | |||
2666 | @node Configuring the wlan transport plugin | ||
2667 | @subsection Configuring the wlan transport plugin | ||
2668 | |||
2669 | |||
2670 | The wlan transport plugin enables GNUnet to send and to receive data on a | ||
2671 | wlan interface. | ||
2672 | It has not to be connected to a wlan network as long as sender and | ||
2673 | receiver are on the same channel. This enables you to get connection to | ||
2674 | the GNUnet where no internet access is possible, for example while | ||
2675 | catastrophes or when censorship cuts you off the internet. | ||
2676 | |||
2677 | |||
2678 | @menu | ||
2679 | * Requirements for the WLAN plugin:: | ||
2680 | * Configuration:: | ||
2681 | * Before starting GNUnet:: | ||
2682 | * Limitations and known bugs:: | ||
2683 | @end menu | ||
2684 | |||
2685 | |||
2686 | @node Requirements for the WLAN plugin | ||
2687 | @subsubsection Requirements for the WLAN plugin | ||
2688 | |||
2689 | @itemize @bullet | ||
2690 | |||
2691 | @item wlan network card with monitor support and packet injection | ||
2692 | (see @uref{http://www.aircrack-ng.org/, aircrack-ng.org}) | ||
2693 | |||
2694 | @item Linux kernel with mac80211 stack, introduced in 2.6.22, tested with | ||
2695 | 2.6.35 and 2.6.38 | ||
2696 | |||
2697 | @item Wlantools to create the a monitor interface, tested with airmon-ng | ||
2698 | of the aircrack-ng package | ||
2699 | @end itemize | ||
2700 | |||
2701 | @node Configuration | ||
2702 | @subsubsection Configuration | ||
2703 | |||
2704 | There are the following options for the wlan plugin (they should be like | ||
2705 | this in your default config file, you only need to adjust them if the | ||
2706 | values are incorrect for your system) | ||
2707 | |||
2708 | @example | ||
2709 | # section for the wlan transport plugin@ | ||
2710 | [transport-wlan]@ | ||
2711 | # interface to use, more information in the | ||
2712 | # "Before starting GNUnet" section of the handbook. | ||
2713 | INTERFACE = mon0@ | ||
2714 | # testmode for developers:@ | ||
2715 | # 0 use wlan interface,@ | ||
2716 | #1 or 2 use loopback driver for tests 1 = server, 2 = client@ | ||
2717 | TESTMODE = 0@ | ||
2718 | @end example | ||
2719 | |||
2720 | @node Before starting GNUnet | ||
2721 | @subsubsection Before starting GNUnet | ||
2722 | |||
2723 | Before starting GNUnet, you have to make sure that your wlan interface is | ||
2724 | in monitor mode. One way to put the wlan interface into monitor mode (if | ||
2725 | your interface name is wlan0) is by executing: | ||
2726 | |||
2727 | @example | ||
2728 | sudo airmon-ng start wlan0@ | ||
2729 | @end example | ||
2730 | |||
2731 | @noindent | ||
2732 | Here is an example what the result should look like: | ||
2733 | |||
2734 | @example | ||
2735 | Interface Chipset Driver@ | ||
2736 | wlan0 Intel 4965 a/b/g/n iwl4965 - [phy0]@ | ||
2737 | (monitor mode enabled on mon0)@ | ||
2738 | @end example | ||
2739 | |||
2740 | @noindent | ||
2741 | The monitor interface is mon0 is the one that you have to put into the | ||
2742 | configuration file. | ||
2743 | |||
2744 | @node Limitations and known bugs | ||
2745 | @subsubsection Limitations and known bugs | ||
2746 | |||
2747 | Wlan speed is at the maximum of 1 Mbit/s because support for choosing the | ||
2748 | wlan speed with packet injection was removed in newer kernels. | ||
2749 | Please pester the kernel developers about fixing this. | ||
2750 | |||
2751 | The interface channel depends on the wlan network that the card is | ||
2752 | connected to. If no connection has been made since the start of the | ||
2753 | computer, it is usually the first channel of the card. | ||
2754 | Peers will only find each other and communicate if they are on the same | ||
2755 | channel. Channels must be set manually (i.e. using | ||
2756 | @code{iwconfig wlan0 channel 1}). | ||
2757 | |||
2758 | |||
2759 | @node Configuring HTTP(S) reverse proxy functionality using Apache or nginx | ||
2760 | @subsection Configuring HTTP(S) reverse proxy functionality using Apache or nginx | ||
2761 | |||
2762 | The HTTP plugin supports data transfer using reverse proxies. A reverse | ||
2763 | proxy forwards the HTTP request he receives with a certain URL to another | ||
2764 | webserver, here a GNUnet peer. | ||
2765 | |||
2766 | So if you have a running Apache or nginx webserver you can configure it to | ||
2767 | be a GNUnet reverse proxy. Especially if you have a well-known webiste | ||
2768 | this improves censorship resistance since it looks as normal surfing | ||
2769 | behaviour. | ||
2770 | |||
2771 | To do so, you have to do two things: | ||
2772 | |||
2773 | @itemize @bullet | ||
2774 | @item Configure your webserver to forward the GNUnet HTTP traffic | ||
2775 | @item Configure your GNUnet peer to announce the respective address | ||
2776 | @end itemize | ||
2777 | |||
2778 | As an example we want to use GNUnet peer running: | ||
2779 | |||
2780 | @itemize @bullet | ||
2781 | |||
2782 | @item HTTP server plugin on @code{gnunet.foo.org:1080} | ||
2783 | |||
2784 | @item HTTPS server plugin on @code{gnunet.foo.org:4433} | ||
2785 | |||
2786 | @item A apache or nginx webserver on | ||
2787 | @uref{http://www.foo.org/, http://www.foo.org:80/} | ||
2788 | |||
2789 | @item A apache or nginx webserver on https://www.foo.org:443/ | ||
2790 | @end itemize | ||
2791 | |||
2792 | And we want the webserver to accept GNUnet traffic under | ||
2793 | @code{http://www.foo.org/bar/}. The required steps are described here: | ||
2794 | |||
2795 | @strong{Configure your Apache2 HTTP webserver} | ||
2796 | |||
2797 | First of all you need mod_proxy installed. | ||
2798 | |||
2799 | Edit your webserver configuration. Edit | ||
2800 | @code{/etc/apache2/apache2.conf} or the site-specific configuration file. | ||
2801 | |||
2802 | In the respective @code{server config},@code{virtual host} or | ||
2803 | @code{directory} section add the following lines: | ||
2804 | |||
2805 | @example | ||
2806 | ProxyTimeout 300@ | ||
2807 | ProxyRequests Off@ | ||
2808 | <Location /bar/ >@ | ||
2809 | ProxyPass http://gnunet.foo.org:1080/@ | ||
2810 | ProxyPassReverse http://gnunet.foo.org:1080/@ | ||
2811 | </Location>@ | ||
2812 | @end example | ||
2813 | |||
2814 | @noindent | ||
2815 | @strong{Configure your Apache2 HTTPS webserver} | ||
2816 | |||
2817 | We assume that you already have an HTTPS server running, if not please | ||
2818 | check how to configure a HTTPS host. An easy to use example is the | ||
2819 | @file{apache2/sites-available/default-ssl} example configuration file. | ||
2820 | |||
2821 | In the respective HTTPS @code{server config},@code{virtual host} or | ||
2822 | @code{directory} section add the following lines: | ||
2823 | |||
2824 | @example | ||
2825 | SSLProxyEngine On@ | ||
2826 | ProxyTimeout 300@ | ||
2827 | ProxyRequests Off@ | ||
2828 | <Location /bar/ >@ | ||
2829 | ProxyPass https://gnunet.foo.org:4433/@ | ||
2830 | ProxyPassReverse https://gnunet.foo.org:4433/@ | ||
2831 | </Location>@ | ||
2832 | @end example | ||
2833 | |||
2834 | @noindent | ||
2835 | More information about the apache mod_proxy configuration can be found | ||
2836 | at @uref{http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass, http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass} | ||
2837 | |||
2838 | @strong{Configure your nginx HTTPS webserver} | ||
2839 | |||
2840 | Since nginx does not support chunked encoding, you first of all have to | ||
2841 | install @code{chunkin}:@ | ||
2842 | @uref{http://wiki.nginx.org/HttpChunkinModule, http://wiki.nginx.org/HttpChunkinModule} | ||
2843 | |||
2844 | To enable chunkin add: | ||
2845 | |||
2846 | @example | ||
2847 | chunkin on;@ | ||
2848 | error_page 411 = @@my_411_error;@ | ||
2849 | location @@my_411_error @{@ | ||
2850 | chunkin_resume;@ | ||
2851 | @}@ | ||
2852 | @end example | ||
2853 | |||
2854 | @noindent | ||
2855 | Edit your webserver configuration. Edit @file{/etc/nginx/nginx.conf} or | ||
2856 | the site-specific configuration file. | ||
2857 | |||
2858 | In the @code{server} section add:@ | ||
2859 | |||
2860 | @example | ||
2861 | location /bar/@ | ||
2862 | @{@ | ||
2863 | proxy_pass http://gnunet.foo.org:1080/;@ | ||
2864 | proxy_buffering off;@ | ||
2865 | proxy_connect_timeout 5; # more than http_server@ | ||
2866 | proxy_read_timeout 350; # 60 default, 300s is GNUnet's idle timeout@ | ||
2867 | proxy_http_version 1.1; # 1.0 default@ | ||
2868 | proxy_next_upstream error timeout invalid_header http_500 http_503 http_502 http_504;@ | ||
2869 | @}@ | ||
2870 | @end example | ||
2871 | |||
2872 | @noindent | ||
2873 | @strong{Configure your nginx HTTPS webserver} | ||
2874 | |||
2875 | Edit your webserver configuration. Edit @file{/etc/nginx/nginx.conf} or | ||
2876 | the site-specific configuration file. | ||
2877 | |||
2878 | In the @code{server} section add: | ||
2879 | |||
2880 | @example | ||
2881 | ssl_session_timeout 6m;@ | ||
2882 | location /bar/@ | ||
2883 | @{@ | ||
2884 | proxy_pass https://gnunet.foo.org:4433/;@ | ||
2885 | proxy_buffering off;@ | ||
2886 | proxy_connect_timeout 5; # more than http_server@ | ||
2887 | proxy_read_timeout 350; # 60 default, 300s is GNUnet's idle timeout@ | ||
2888 | proxy_http_version 1.1; # 1.0 default@ | ||
2889 | proxy_next_upstream error timeout invalid_header http_500 http_503 http_502 http_504;@ | ||
2890 | @}@ | ||
2891 | @end example | ||
2892 | |||
2893 | @noindent | ||
2894 | @strong{Configure your GNUnet peer} | ||
2895 | |||
2896 | To have your GNUnet peer announce the address, you have to specify the | ||
2897 | @code{EXTERNAL_HOSTNAME} option in the @code{[transport-http_server]} | ||
2898 | section: | ||
2899 | |||
2900 | @example | ||
2901 | [transport-http_server]@ | ||
2902 | EXTERNAL_HOSTNAME = http://www.foo.org/bar/@ | ||
2903 | @end example | ||
2904 | |||
2905 | @noindent | ||
2906 | and/or @code{[transport-https_server]} section: | ||
2907 | |||
2908 | @example | ||
2909 | [transport-https_server]@ | ||
2910 | EXTERNAL_HOSTNAME = https://www.foo.org/bar/@ | ||
2911 | @end example | ||
2912 | |||
2913 | @noindent | ||
2914 | Now restart your webserver and your peer... | ||
2915 | |||
2916 | @node Blacklisting peers | ||
2917 | @subsection Blacklisting peers | ||
2918 | |||
2919 | Transport service supports to deny connecting to a specific peer of to a | ||
2920 | specific peer with a specific transport plugin using te blacklisting | ||
2921 | component of transport service. With@ blacklisting it is possible to deny | ||
2922 | connections to specific peers of@ to use a specific plugin to a specific | ||
2923 | peer. Peers can be blacklisted using@ the configuration or a blacklist | ||
2924 | client can be asked. | ||
2925 | |||
2926 | To blacklist peers using the configuration you have to add a section to | ||
2927 | your@ configuration containing the peer id of the peer to blacklist and | ||
2928 | the plugin@ if required. | ||
2929 | |||
2930 | Example:@ | ||
2931 | |||
2932 | To blacklist connections to P565... on peer AG2P... using tcp add:@ | ||
2933 | |||
2934 | @c FIXME: This is too long and produces errors in the pdf. | ||
2935 | @example | ||
2936 | [transport-blacklist AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520]@ | ||
2937 | P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G = tcp@ | ||
2938 | @end example | ||
2939 | |||
2940 | To blacklist connections to P565... on peer AG2P... using all plugins add:@ | ||
2941 | |||
2942 | @example | ||
2943 | [transport-blacklist-AG2PHES1BARB9IJCPAMJTFPVJ5V3A72S3F2A8SBUB8DAQ2V0O3V8G6G2JU56FHGFOHMQVKBSQFV98TCGTC3RJ1NINP82G0RC00N1520]@ | ||
2944 | P565723JO1C2HSN6J29TAQ22MN6CI8HTMUU55T0FUQG4CMDGGEQ8UCNBKUMB94GC8R9G4FB2SF9LDOBAJ6AMINBP4JHHDD6L7VD801G =@ | ||
2945 | @end example | ||
2946 | |||
2947 | You can also add a blacklist client usign the blacklist api. On a | ||
2948 | blacklist check, blacklisting first checks internally if the peer is | ||
2949 | blacklisted and if not, it asks the blacklisting clients. Clients are | ||
2950 | asked if it is OK to connect to a peer ID, the plugin is omitted. | ||
2951 | |||
2952 | On blacklist check for (peer, plugin) | ||
2953 | @itemize @bullet | ||
2954 | @item Do we have a local blacklist entry for this peer and this plugin?@ | ||
2955 | @item YES: disallow connection@ | ||
2956 | @item Do we have a local blacklist entry for this peer and all plugins?@ | ||
2957 | @item YES: disallow connection@ | ||
2958 | @item Does one of the clients disallow?@ | ||
2959 | @item YES: disallow connection | ||
2960 | @end itemize | ||
2961 | |||
2962 | @node Configuration of the HTTP and HTTPS transport plugins | ||
2963 | @subsection Configuration of the HTTP and HTTPS transport plugins | ||
2964 | |||
2965 | The client part of the http and https transport plugins can be configured | ||
2966 | to use a proxy to connect to the hostlist server. This functionality can | ||
2967 | be configured in the configuration file directly or using the | ||
2968 | gnunet-setup tool. | ||
2969 | |||
2970 | The both the HTTP and HTTPS clients support the following proxy types at | ||
2971 | the moment: | ||
2972 | |||
2973 | @itemize @bullet | ||
2974 | @item HTTP 1.1 proxy | ||
2975 | @item SOCKS 4/4a/5/5 with hostname | ||
2976 | @end itemize | ||
2977 | |||
2978 | In addition authentication at the proxy with username and password can be | ||
2979 | configured. | ||
2980 | |||
2981 | To configure proxy support for the clients in the gnunet-setup tool, | ||
2982 | select the "transport" tab and activate the respective plugin. Now you | ||
2983 | can select the appropriate proxy type. The hostname or IP address | ||
2984 | (including port if required) has to be entered in the "Proxy hostname" | ||
2985 | textbox. If required, enter username and password in the "Proxy username" | ||
2986 | and "Proxy password" boxes. Be aware that these information will be stored | ||
2987 | in the configuration in plain text. | ||
2988 | |||
2989 | To configure these options directly in the configuration, you can | ||
2990 | configure the following settings in the [transport-http_client] and | ||
2991 | [transport-https_client] section of the configuration: | ||
2992 | |||
2993 | @example | ||
2994 | # Type of proxy server,@ | ||
2995 | # Valid values: HTTP, SOCKS4, SOCKS5, SOCKS4A, SOCKS5_HOSTNAME@ | ||
2996 | # Default: HTTP@ | ||
2997 | # PROXY_TYPE = HTTP | ||
2998 | |||
2999 | # Hostname or IP of proxy server@ | ||
3000 | # PROXY =@ | ||
3001 | # User name for proxy server@ | ||
3002 | # PROXY_USERNAME =@ | ||
3003 | # User password for proxy server@ | ||
3004 | # PROXY_PASSWORD = | ||
3005 | @end example | ||
3006 | |||
3007 | @node Configuring the GNU Name System | ||
3008 | @subsection Configuring the GNU Name System | ||
3009 | |||
3010 | @menu | ||
3011 | * Configuring system-wide DNS interception:: | ||
3012 | * Configuring the GNS nsswitch plugin:: | ||
3013 | * Configuring GNS on W32:: | ||
3014 | * GNS Proxy Setup:: | ||
3015 | * Setup of the GNS CA:: | ||
3016 | * Testing the GNS setup:: | ||
3017 | * Automatic Shortening in the GNU Name System:: | ||
3018 | @end menu | ||
3019 | |||
3020 | |||
3021 | @node Configuring system-wide DNS interception | ||
3022 | @subsubsection Configuring system-wide DNS interception | ||
3023 | |||
3024 | Before you install GNUnet, make sure you have a user and group 'gnunet' | ||
3025 | as well as an empty group 'gnunetdns'. | ||
3026 | |||
3027 | When using GNUnet with system-wide DNS interception, it is absolutely | ||
3028 | necessary for all GNUnet service processes to be started by | ||
3029 | @code{gnunet-service-arm} as user and group 'gnunet'. You also need to be | ||
3030 | sure to run @code{make install} as root (or use the @code{sudo} option to | ||
3031 | configure) to grant GNUnet sufficient privileges. | ||
3032 | |||
3033 | With this setup, all that is required for enabling system-wide DNS | ||
3034 | interception is for some GNUnet component (VPN or GNS) to request it. | ||
3035 | The @code{gnunet-service-dns} will then start helper programs that will | ||
3036 | make the necessary changes to your firewall (@code{iptables}) rules. | ||
3037 | |||
3038 | Note that this will NOT work if your system sends out DNS traffic to a | ||
3039 | link-local IPv6 address, as in this case GNUnet can intercept the traffic, | ||
3040 | but not inject the responses from the link-local IPv6 address. Hence you | ||
3041 | cannot use system-wide DNS interception in conjunction with link-local | ||
3042 | IPv6-based DNS servers. If such a DNS server is used, it will bypass | ||
3043 | GNUnet's DNS traffic interception. | ||
3044 | |||
3045 | Using the GNU Name System (GNS) requires two different configuration | ||
3046 | steps. | ||
3047 | First of all, GNS needs to be integrated with the operating system. Most | ||
3048 | of this section is about the operating system level integration. | ||
3049 | |||
3050 | Additionally, each individual user who wants to use the system must also | ||
3051 | initialize his GNS zones. This can be done by running (after starting | ||
3052 | GNUnet) | ||
3053 | |||
3054 | @example | ||
3055 | $ gnunet-gns-import.sh | ||
3056 | @end example | ||
3057 | |||
3058 | @noindent | ||
3059 | after the local GNUnet peer has been started. Note that the namestore (in | ||
3060 | particular the namestore database backend) should not be reconfigured | ||
3061 | afterwards (as records are not automatically migrated between backends). | ||
3062 | |||
3063 | The remainder of this chapter will detail the various methods for | ||
3064 | configuring the use of GNS with your operating system. | ||
3065 | |||
3066 | At this point in time you have different options depending on your OS: | ||
3067 | |||
3068 | @table @asis | ||
3069 | |||
3070 | @item Use the gnunet-gns-proxy This approach works for all operating | ||
3071 | systems and is likely the easiest. However, it enables GNS only for | ||
3072 | browsers, not for other applications that might be using DNS, such as SSH. | ||
3073 | Still, using the proxy is required for using HTTP with GNS and is thus | ||
3074 | recommended for all users. To do this, you simply have to run the | ||
3075 | @code{gnunet-gns-proxy-setup-ca} script as the user who will run the | ||
3076 | browser (this will create a GNS certificate authority (CA) on your system | ||
3077 | and import its key into your browser), then start @code{gnunet-gns-proxy} | ||
3078 | and inform your browser to use the Socks5 proxy which | ||
3079 | @code{gnunet-gns-proxy} makes available by default on port 7777. | ||
3080 | @item Use a nsswitch plugin (recommended on GNU systems) | ||
3081 | This approach has the advantage of offering fully personalized resolution | ||
3082 | even on multi-user systems. A potential disadvantage is that some | ||
3083 | applications might be able to bypass GNS. | ||
3084 | @item Use a W32 resolver plugin (recommended on W32) | ||
3085 | This is currently the only option on W32 systems. | ||
3086 | @item Use system-wide DNS packet interception | ||
3087 | This approach is recommended for the GNUnet VPN. It can be used to handle | ||
3088 | GNS at the same time; however, if you only use this method, you will only | ||
3089 | get one root zone per machine (not so great for multi-user systems). | ||
3090 | @end table | ||
3091 | |||
3092 | You can combine system-wide DNS packet interception with the nsswitch | ||
3093 | plugin. | ||
3094 | The setup of the system-wide DNS interception is described here. All of | ||
3095 | the other GNS-specific configuration steps are described in the following | ||
3096 | sections. | ||
3097 | |||
3098 | @node Configuring the GNS nsswitch plugin | ||
3099 | @subsubsection Configuring the GNS nsswitch plugin | ||
3100 | |||
3101 | The Name Service Switch (NSS) is a facility in Unix-like operating systems | ||
3102 | that provides a variety of sources for common configuration databases and | ||
3103 | name resolution mechanisms. | ||
3104 | A system administrator usually configures the operating system's name | ||
3105 | services using the file @file{/etc/nsswitch.conf}. | ||
3106 | |||
3107 | GNS provides a NSS plugin to integrate GNS name resolution with the | ||
3108 | operating system's name resolution process. | ||
3109 | To use the GNS NSS plugin you have to either | ||
3110 | |||
3111 | @itemize @bullet | ||
3112 | @item install GNUnet as root or | ||
3113 | @item compile GNUnet with the @code{--with-sudo=yes} switch. | ||
3114 | @end itemize | ||
3115 | |||
3116 | Name resolution is controlled by the @emph{hosts} section in the NSS | ||
3117 | configuration. By default this section first performs a lookup in the | ||
3118 | /etc/hosts file and then in DNS. The nsswitch file should contain a line | ||
3119 | similar to: | ||
3120 | |||
3121 | @example | ||
3122 | hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4 | ||
3123 | @end example | ||
3124 | |||
3125 | @noindent | ||
3126 | Here the GNS NSS plugin can be added to perform a GNS lookup before | ||
3127 | performing a DNS lookup. | ||
3128 | The GNS NSS plugin has to be added to the "hosts" section in | ||
3129 | @file{/etc/nsswitch.conf} file before DNS related plugins: | ||
3130 | |||
3131 | @example | ||
3132 | ... | ||
3133 | hosts: files gns [NOTFOUND=return] dns mdns4_minimal mdns4 | ||
3134 | ... | ||
3135 | @end example | ||
3136 | |||
3137 | @noindent | ||
3138 | The @code{NOTFOUND=return} will ensure that if a @code{.gnu} name is not | ||
3139 | found in GNS it will not be queried in DNS. | ||
3140 | |||
3141 | @node Configuring GNS on W32 | ||
3142 | @subsubsection Configuring GNS on W32 | ||
3143 | |||
3144 | This document is a guide to configuring GNU Name System on W32-compatible | ||
3145 | platforms. | ||
3146 | |||
3147 | After GNUnet is installed, run the w32nsp-install tool: | ||
3148 | |||
3149 | @example | ||
3150 | w32nsp-install.exe libw32nsp-0.dll | ||
3151 | @end example | ||
3152 | |||
3153 | @noindent | ||
3154 | ('0' is the library version of W32 NSP; it might increase in the future, | ||
3155 | change the invocation accordingly). | ||
3156 | |||
3157 | This will install GNS namespace provider into the system and allow other | ||
3158 | applications to resolve names that end in '@strong{gnu}' | ||
3159 | and '@strong{zkey}'. Note that namespace provider requires | ||
3160 | gnunet-gns-helper-service-w32 to be running, as well as gns service | ||
3161 | itself (and its usual dependencies). | ||
3162 | |||
3163 | Namespace provider is hardcoded to connect to @strong{127.0.0.1:5353}, | ||
3164 | and this is where gnunet-gns-helper-service-w32 should be listening to | ||
3165 | (and is configured to listen to by default). | ||
3166 | |||
3167 | To uninstall the provider, run: | ||
3168 | |||
3169 | @example | ||
3170 | w32nsp-uninstall.exe | ||
3171 | @end example | ||
3172 | |||
3173 | @noindent | ||
3174 | (uses provider GUID to uninstall it, does not need a dll name). | ||
3175 | |||
3176 | Note that while MSDN claims that other applications will only be able to | ||
3177 | use the new namespace provider after re-starting, in reality they might | ||
3178 | stat to use it without that. Conversely, they might stop using the | ||
3179 | provider after it's been uninstalled, even if they were not re-started. | ||
3180 | W32 will not permit namespace provider library to be deleted or | ||
3181 | overwritten while the provider is installed, and while there is at least | ||
3182 | one process still using it (even after it was uninstalled). | ||
3183 | |||
3184 | @node GNS Proxy Setup | ||
3185 | @subsubsection GNS Proxy Setup | ||
3186 | |||
3187 | When using the GNU Name System (GNS) to browse the WWW, there are several | ||
3188 | issues that can be solved by adding the GNS Proxy to your setup: | ||
3189 | |||
3190 | @itemize @bullet | ||
3191 | |||
3192 | @item If the target website does not support GNS, it might assume that it | ||
3193 | is operating under some name in the legacy DNS system (such as | ||
3194 | example.com). It may then attempt to set cookies for that domain, and the | ||
3195 | web server might expect a @code{Host: example.com} header in the request | ||
3196 | from your browser. | ||
3197 | However, your browser might be using @code{example.gnu} for the | ||
3198 | @code{Host} header and might only accept (and send) cookies for | ||
3199 | @code{example.gnu}. The GNS Proxy will perform the necessary translations | ||
3200 | of the hostnames for cookies and HTTP headers (using the LEHO record for | ||
3201 | the target domain as the desired substitute). | ||
3202 | |||
3203 | @item If using HTTPS, the target site might include an SSL certificate | ||
3204 | which is either only valid for the LEHO domain or might match a TLSA | ||
3205 | record in GNS. However, your browser would expect a valid certificate for | ||
3206 | @code{example.gnu}, not for some legacy domain name. The proxy will | ||
3207 | validate the certificate (either against LEHO or TLSA) and then | ||
3208 | on-the-fly produce a valid certificate for the exchange, signed by your | ||
3209 | own CA. Assuming you installed the CA of your proxy in your browser's | ||
3210 | certificate authority list, your browser will then trust the | ||
3211 | HTTPS/SSL/TLS connection, as the hostname mismatch is hidden by the proxy. | ||
3212 | |||
3213 | @item Finally, the proxy will in the future indicate to the server that it | ||
3214 | speaks GNS, which will enable server operators to deliver GNS-enabled web | ||
3215 | sites to your browser (and continue to deliver legacy links to legacy | ||
3216 | browsers) | ||
3217 | @end itemize | ||
3218 | |||
3219 | @node Setup of the GNS CA | ||
3220 | @subsubsection Setup of the GNS CA | ||
3221 | |||
3222 | First you need to create a CA certificate that the proxy can use. | ||
3223 | To do so use the provided script gnunet-gns-proxy-ca: | ||
3224 | |||
3225 | @example | ||
3226 | $ gnunet-gns-proxy-setup-ca | ||
3227 | @end example | ||
3228 | |||
3229 | @noindent | ||
3230 | This will create a personal certification authority for you and add this | ||
3231 | authority to the firefox and chrome database. The proxy will use the this | ||
3232 | CA certificate to generate @code{*.gnu} client certificates on the fly. | ||
3233 | |||
3234 | Note that the proxy uses libcurl. Make sure your version of libcurl uses | ||
3235 | GnuTLS and NOT OpenSSL. The proxy will not work with libcurl compiled | ||
3236 | against OpenSSL. | ||
3237 | |||
3238 | @node Testing the GNS setup | ||
3239 | @subsubsection Testing the GNS setup | ||
3240 | |||
3241 | Now for testing purposes we can create some records in our zone to test | ||
3242 | the SSL functionality of the proxy: | ||
3243 | |||
3244 | @example | ||
3245 | $ gnunet-namestore -a -e "1 d" -n "homepage" -t A -V 131.159.74.67 | ||
3246 | $ gnunet-namestore -a -e "1 d" -n "homepage" -t LEHO -V "gnunet.org" | ||
3247 | @end example | ||
3248 | |||
3249 | @noindent | ||
3250 | At this point we can start the proxy. Simply execute | ||
3251 | |||
3252 | @example | ||
3253 | $ gnunet-gns-proxy | ||
3254 | @end example | ||
3255 | |||
3256 | @noindent | ||
3257 | Configure your browser to use this SOCKSv5 proxy on port 7777 and visit | ||
3258 | this link. | ||
3259 | If you use firefox you also have to go to about:config and set the key | ||
3260 | @code{network.proxy.socks_remote_dns} to @code{true}. | ||
3261 | |||
3262 | When you visit @code{https://homepage.gnu/}, you should get to the | ||
3263 | @code{https://gnunet.org/} frontpage and the browser (with the correctly | ||
3264 | configured proxy) should give you a valid SSL certificate for | ||
3265 | @code{homepage.gnu} and no warnings. It should look like this: | ||
3266 | |||
3267 | @c insert image here gnunethpgns.png | ||
3268 | |||
3269 | @node Automatic Shortening in the GNU Name System | ||
3270 | @subsubsection Automatic Shortening in the GNU Name System | ||
3271 | |||
3272 | This page describes a possible option for 'automatic name shortening', | ||
3273 | which you can choose to enable with the GNU Name System. | ||
3274 | |||
3275 | When GNS encounters a name for the first time, it can use the 'NICK' | ||
3276 | record of the originating zone to automatically generate a name for the | ||
3277 | zone. If automatic shortening is enabled, those auto-generated names will | ||
3278 | be placed (as private records) into your personal 'shorten' zone (to | ||
3279 | prevent confusion with manually selected names). | ||
3280 | Then, in the future, if the same name is encountered again, GNS will | ||
3281 | display the shortened name instead (the first time, the long name will | ||
3282 | still be used as shortening typically happens asynchronously as looking up | ||
3283 | the 'NICK' record takes some time). Using this feature can be a convenient | ||
3284 | way to avoid very long @code{.gnu} names; however, note that names from | ||
3285 | the shorten-zone are assigned on a first-come-first-serve basis and should | ||
3286 | not be trusted. Furthermore, if you enable this feature, you will no | ||
3287 | longer see the full delegation chain for zones once shortening has been | ||
3288 | applied. | ||
3289 | |||
3290 | @node Configuring the GNUnet VPN | ||
3291 | @subsection Configuring the GNUnet VPN | ||
3292 | |||
3293 | @menu | ||
3294 | * IPv4 address for interface:: | ||
3295 | * IPv6 address for interface:: | ||
3296 | * Configuring the GNUnet VPN DNS:: | ||
3297 | * Configuring the GNUnet VPN Exit Service:: | ||
3298 | * IP Address of external DNS resolver:: | ||
3299 | * IPv4 address for Exit interface:: | ||
3300 | * IPv6 address for Exit interface:: | ||
3301 | @end menu | ||
3302 | |||
3303 | Before configuring the GNUnet VPN, please make sure that system-wide DNS | ||
3304 | interception is configured properly as described in the section on the | ||
3305 | GNUnet DNS setup. | ||
3306 | |||
3307 | The default-options for the GNUnet VPN are usually sufficient to use | ||
3308 | GNUnet as a Layer 2 for your Internet connection. However, what you always | ||
3309 | have to specify is which IP protocol you want to tunnel: IPv4, IPv6 or | ||
3310 | both. Furthermore, if you tunnel both, you most likely should also tunnel | ||
3311 | all of your DNS requests. | ||
3312 | You theoretically can tunnel "only" your DNS traffic, but that usually | ||
3313 | makes little sense. | ||
3314 | |||
3315 | The other options as shown on the gnunet-setup tool are: | ||
3316 | |||
3317 | @node IPv4 address for interface | ||
3318 | @subsubsection IPv4 address for interface | ||
3319 | |||
3320 | This is the IPv4 address the VPN interface will get. You should pick an | ||
3321 | 'private' IPv4 network that is not yet in use for you system. For example, | ||
3322 | if you use 10.0.0.1/255.255.0.0 already, you might use | ||
3323 | 10.1.0.1/255.255.0.0. | ||
3324 | If you use 10.0.0.1/255.0.0.0 already, then you might use | ||
3325 | 192.168.0.1/255.255.0.0. | ||
3326 | If your system is not in a private IP-network, using any of the above will | ||
3327 | work fine. | ||
3328 | You should try to make the mask of the address big enough (255.255.0.0 | ||
3329 | or, even better, 255.0.0.0) to allow more mappings of remote IP Addresses | ||
3330 | into this range. | ||
3331 | However, even a 255.255.255.0-mask will suffice for most users. | ||
3332 | |||
3333 | @node IPv6 address for interface | ||
3334 | @subsubsection IPv6 address for interface | ||
3335 | |||
3336 | The IPv6 address the VPN interface will get. Here you can specify any | ||
3337 | non-link-local address (the address should not begin with "fe80:"). | ||
3338 | A subnet Unique Local Unicast (fd00::/8-prefix) that you are currently | ||
3339 | not using would be a good choice. | ||
3340 | |||
3341 | @node Configuring the GNUnet VPN DNS | ||
3342 | @subsubsection Configuring the GNUnet VPN DNS | ||
3343 | |||
3344 | To resolve names for remote nodes, activate the DNS exit option. | ||
3345 | |||
3346 | @node Configuring the GNUnet VPN Exit Service | ||
3347 | @subsubsection Configuring the GNUnet VPN Exit Service | ||
3348 | |||
3349 | If you want to allow other users to share your Internet connection (yes, | ||
3350 | this may be dangerous, just as running a Tor exit node) or want to | ||
3351 | provide access to services on your host (this should be less dangerous, | ||
3352 | as long as those services are secure), you have to enable the GNUnet exit | ||
3353 | daemon. | ||
3354 | |||
3355 | You then get to specify which exit functions you want to provide. By | ||
3356 | enabling the exit daemon, you will always automatically provide exit | ||
3357 | functions for manually configured local services (this component of the | ||
3358 | system is under | ||
3359 | development and not documented further at this time). As for those | ||
3360 | services you explicitly specify the target IP address and port, there is | ||
3361 | no significant security risk in doing so. | ||
3362 | |||
3363 | Furthermore, you can serve as a DNS, IPv4 or IPv6 exit to the Internet. | ||
3364 | Being a DNS exit is usually pretty harmless. However, enabling IPv4 or | ||
3365 | IPv6-exit without further precautions may enable adversaries to access | ||
3366 | your local network, send spam, attack other systems from your Internet | ||
3367 | connection and to other mischief that will appear to come from your | ||
3368 | machine. This may or may not get you into legal trouble. | ||
3369 | If you want to allow IPv4 or IPv6-exit functionality, you should strongly | ||
3370 | consider adding additional firewall rules manually to protect your local | ||
3371 | network and to restrict outgoing TCP traffic (i.e. by not allowing access | ||
3372 | to port 25). While we plan to improve exit-filtering in the future, | ||
3373 | you're currently on your own here. | ||
3374 | Essentially, be prepared for any kind of IP-traffic to exit the respective | ||
3375 | TUN interface (and GNUnet will enable IP-forwarding and NAT for the | ||
3376 | interface automatically). | ||
3377 | |||
3378 | Additional configuration options of the exit as shown by the gnunet-setup | ||
3379 | tool are: | ||
3380 | |||
3381 | @node IP Address of external DNS resolver | ||
3382 | @subsubsection IP Address of external DNS resolver | ||
3383 | |||
3384 | If DNS traffic is to exit your machine, it will be send to this DNS | ||
3385 | resolver. You can specify an IPv4 or IPv6 address. | ||
3386 | |||
3387 | @node IPv4 address for Exit interface | ||
3388 | @subsubsection IPv4 address for Exit interface | ||
3389 | |||
3390 | This is the IPv4 address the Interface will get. Make the mask of the | ||
3391 | address big enough (255.255.0.0 or, even better, 255.0.0.0) to allow more | ||
3392 | mappings of IP addresses into this range. As for the VPN interface, any | ||
3393 | unused, private IPv4 address range will do. | ||
3394 | |||
3395 | @node IPv6 address for Exit interface | ||
3396 | @subsubsection IPv6 address for Exit interface | ||
3397 | |||
3398 | The public IPv6 address the interface will get. If your kernel is not a | ||
3399 | very recent kernel and you are willing to manually enable IPv6-NAT, the | ||
3400 | IPv6 address you specify here must be a globally routed IPv6 address of | ||
3401 | your host. | ||
3402 | |||
3403 | Suppose your host has the address @code{2001:4ca0::1234/64}, then | ||
3404 | using @code{2001:4ca0::1:0/112} would be fine (keep the first 64 bits, | ||
3405 | then change at least one bit in the range before the bitmask, in the | ||
3406 | example above we changed bit 111 from 0 to 1). | ||
3407 | |||
3408 | You may also have to configure your router to route traffic for the entire | ||
3409 | subnet (@code{2001:4ca0::1:0/112} for example) through your computer (this | ||
3410 | should be automatic with IPv6, but obviously anything can be | ||
3411 | disabled). | ||
3412 | |||
3413 | @node Bandwidth Configuration | ||
3414 | @subsection Bandwidth Configuration | ||
3415 | |||
3416 | You can specify how many bandwidth GNUnet is allowed to use to receive | ||
3417 | and send data. This is important for users with limited bandwidth or | ||
3418 | traffic volume. | ||
3419 | |||
3420 | @node Configuring NAT | ||
3421 | @subsection Configuring NAT | ||
3422 | |||
3423 | Most hosts today do not have a normal global IP address but instead are | ||
3424 | behind a router performing Network Address Translation (NAT) which assigns | ||
3425 | each host in the local network a private IP address. | ||
3426 | As a result, these machines cannot trivially receive inbound connections | ||
3427 | from the Internet. GNUnet supports NAT traversal to enable these machines | ||
3428 | to receive incoming connections from other peers despite their | ||
3429 | limitations. | ||
3430 | |||
3431 | In an ideal world, you can press the "Attempt automatic configuration" | ||
3432 | button in gnunet-setup to automatically configure your peer correctly. | ||
3433 | Alternatively, your distribution might have already triggered this | ||
3434 | automatic configuration during the installation process. | ||
3435 | However, automatic configuration can fail to determine the optimal | ||
3436 | settings, resulting in your peer either not receiving as many connections | ||
3437 | as possible, or in the worst case it not connecting to the network at all. | ||
3438 | |||
3439 | To manually configure the peer, you need to know a few things about your | ||
3440 | network setup. First, determine if you are behind a NAT in the first | ||
3441 | place. | ||
3442 | This is always the case if your IP address starts with "10.*" or | ||
3443 | "192.168.*". Next, if you have control over your NAT router, you may | ||
3444 | choose to manually configure it to allow GNUnet traffic to your host. | ||
3445 | If you have configured your NAT to forward traffic on ports 2086 (and | ||
3446 | possibly 1080) to your host, you can check the "NAT ports have been opened | ||
3447 | manually" option, which corresponds to the "PUNCHED_NAT" option in the | ||
3448 | configuration file. If you did not punch your NAT box, it may still be | ||
3449 | configured to support UPnP, which allows GNUnet to automatically | ||
3450 | configure it. In that case, you need to install the "upnpc" command, | ||
3451 | enable UPnP (or PMP) on your NAT box and set the "Enable NAT traversal | ||
3452 | via UPnP or PMP" option (corresponding to "ENABLE_UPNP" in the | ||
3453 | configuration file). | ||
3454 | |||
3455 | Some NAT boxes can be traversed using the autonomous NAT traversal method. | ||
3456 | This requires certain GNUnet components to be installed with "SUID" | ||
3457 | prividledges on your system (so if you're installing on a system you do | ||
3458 | not have administrative rights to, this will not work). | ||
3459 | If you installed as 'root', you can enable autonomous NAT traversal by | ||
3460 | checking the "Enable NAT traversal using ICMP method". | ||
3461 | The ICMP method requires a way to determine your NAT's external (global) | ||
3462 | IP address. This can be done using either UPnP, DynDNS, or by manual | ||
3463 | configuration. If you have a DynDNS name or know your external IP address, | ||
3464 | you should enter that name under "External (public) IPv4 address" (which | ||
3465 | corresponds to the "EXTERNAL_ADDRESS" option in the configuration file). | ||
3466 | If you leave the option empty, GNUnet will try to determine your external | ||
3467 | IP address automatically (which may fail, in which case autonomous | ||
3468 | NAT traversal will then not work). | ||
3469 | |||
3470 | Finally, if you yourself are not behind NAT but want to be able to | ||
3471 | connect to NATed peers using autonomous NAT traversal, you need to check | ||
3472 | the "Enable connecting to NATed peers using ICMP method" box. | ||
3473 | |||
3474 | |||
3475 | @node Peer configuration for distributions | ||
3476 | @subsection Peer configuration for distributions | ||
3477 | |||
3478 | The "GNUNET_DATA_HOME" in "[path]" in @file{/etc/gnunet.conf} should be | ||
3479 | manually set to "/var/lib/gnunet/data/" as the default | ||
3480 | "~/.local/share/gnunet/" is probably not that appropriate in this case. | ||
3481 | Similarly, distributions may consider pointing "GNUNET_RUNTIME_DIR" to | ||
3482 | "/var/run/gnunet/" and "GNUNET_HOME" to "/var/lib/gnunet/". Also, should a | ||
3483 | distribution decide to override system defaults, all of these changes | ||
3484 | should be done in a custom @file{/etc/gnunet.conf} and not in the files | ||
3485 | in the @file{config.d/} directory. | ||
3486 | |||
3487 | Given the proposed access permissions, the "gnunet-setup" tool must be | ||
3488 | run as use "gnunet" (and with option "-c /etc/gnunet.conf" so that it | ||
3489 | modifies the system configuration). As always, gnunet-setup should be run | ||
3490 | after the GNUnet peer was stopped using "gnunet-arm -e". Distributions | ||
3491 | might want to include a wrapper for gnunet-setup that allows the | ||
3492 | desktop-user to "sudo" (i.e. using gtksudo) to the "gnunet" user account | ||
3493 | and then runs "gnunet-arm -e", "gnunet-setup" and "gnunet-arm -s" in | ||
3494 | sequence. | ||
3495 | |||
3496 | @node How to start and stop a GNUnet peer | ||
3497 | @section How to start and stop a GNUnet peer | ||
3498 | |||
3499 | This section describes how to start a GNUnet peer. It assumes that you | ||
3500 | have already compiled and installed GNUnet and its' dependencies. | ||
3501 | Before you start a GNUnet peer, you may want to create a configuration | ||
3502 | file using gnunet-setup (but you do not have to). | ||
3503 | Sane defaults should exist in your | ||
3504 | @file{$GNUNET_PREFIX/share/gnunet/config.d/} directory, so in practice | ||
3505 | you could simply start without any configuration. If you want to | ||
3506 | configure your peer later, you need to stop it before invoking the | ||
3507 | @code{gnunet-setup} tool to customize further and to test your | ||
3508 | configuration (@code{gnunet-setup} has build-in test functions). | ||
3509 | |||
3510 | The most important option you might have to still set by hand is in | ||
3511 | [PATHS]. Here, you use the option "GNUNET_HOME" to specify the path where | ||
3512 | GNUnet should store its data. | ||
3513 | It defaults to @code{$HOME/}, which again should work for most users. | ||
3514 | Make sure that the directory specified as GNUNET_HOME is writable to | ||
3515 | the user that you will use to run GNUnet (note that you can run frontends | ||
3516 | using other users, GNUNET_HOME must only be accessible to the user used to | ||
3517 | run the background processes). | ||
3518 | |||
3519 | You will also need to make one central decision: should all of GNUnet be | ||
3520 | run under your normal UID, or do you want distinguish between system-wide | ||
3521 | (user-independent) GNUnet services and personal GNUnet services. The | ||
3522 | multi-user setup is slightly more complicated, but also more secure and | ||
3523 | generally recommended. | ||
3524 | |||
3525 | @menu | ||
3526 | * The Single-User Setup:: | ||
3527 | * The Multi-User Setup:: | ||
3528 | * Killing GNUnet services:: | ||
3529 | * Access Control for GNUnet:: | ||
3530 | @end menu | ||
3531 | |||
3532 | @node The Single-User Setup | ||
3533 | @subsection The Single-User Setup | ||
3534 | |||
3535 | For the single-user setup, you do not need to do anything special and can | ||
3536 | just start the GNUnet background processes using @code{gnunet-arm}. | ||
3537 | By default, GNUnet looks in @file{~/.config/gnunet.conf} for a | ||
3538 | configuration (or @code{$XDG_CONFIG_HOME/gnunet.conf} if@ | ||
3539 | @code{$XDG_CONFIG_HOME} is defined). If your configuration lives | ||
3540 | elsewhere, you need to pass the @code{-c FILENAME} option to all GNUnet | ||
3541 | commands. | ||
3542 | |||
3543 | Assuming the configuration file is called @file{~/.config/gnunet.conf}, | ||
3544 | you start your peer using the @code{gnunet-arm} command (say as user | ||
3545 | @code{gnunet}) using: | ||
3546 | |||
3547 | @example | ||
3548 | gnunet-arm -c ~/.config/gnunet.conf -s | ||
3549 | @end example | ||
3550 | |||
3551 | @noindent | ||
3552 | The "-s" option here is for "start". The command should return almost | ||
3553 | instantly. If you want to stop GNUnet, you can use: | ||
3554 | |||
3555 | @example | ||
3556 | gnunet-arm -c ~/.config/gnunet.conf -e | ||
3557 | @end example | ||
3558 | |||
3559 | @noindent | ||
3560 | The "-e" option here is for "end". | ||
3561 | |||
3562 | Note that this will only start the basic peer, no actual applications | ||
3563 | will be available. | ||
3564 | If you want to start the file-sharing service, use (after starting | ||
3565 | GNUnet): | ||
3566 | |||
3567 | @example | ||
3568 | gnunet-arm -c ~/.config/gnunet.conf -i fs | ||
3569 | @end example | ||
3570 | |||
3571 | @noindent | ||
3572 | The "-i fs" option here is for "initialize" the "fs" (file-sharing) | ||
3573 | application. You can also selectively kill only file-sharing support using | ||
3574 | |||
3575 | @example | ||
3576 | gnunet-arm -c ~/.config/gnunet.conf -k fs | ||
3577 | @end example | ||
3578 | |||
3579 | @noindent | ||
3580 | Assuming that you want certain services (like file-sharing) to be always | ||
3581 | automatically started whenever you start GNUnet, you can activate them by | ||
3582 | setting "FORCESTART=YES" in the respective section of the configuration | ||
3583 | file (for example, "[fs]"). Then GNUnet with file-sharing support would | ||
3584 | be started whenever you@ enter: | ||
3585 | |||
3586 | @example | ||
3587 | gnunet-arm -c ~/.config/gnunet.conf -s | ||
3588 | @end example | ||
3589 | |||
3590 | @noindent | ||
3591 | Alternatively, you can combine the two options: | ||
3592 | |||
3593 | @example | ||
3594 | gnunet-arm -c ~/.config/gnunet.conf -s -i fs | ||
3595 | @end example | ||
3596 | |||
3597 | @noindent | ||
3598 | Using @code{gnunet-arm} is also the preferred method for initializing | ||
3599 | GNUnet from @code{init}. | ||
3600 | |||
3601 | Finally, you should edit your @code{crontab} (using the @code{crontab} | ||
3602 | command) and insert a line@ | ||
3603 | |||
3604 | @code{@ | ||
3605 | @@reboot gnunet-arm -c ~/.config/gnunet.conf -s@ | ||
3606 | }@ | ||
3607 | |||
3608 | to automatically start your peer whenever your system boots. | ||
3609 | |||
3610 | @node The Multi-User Setup | ||
3611 | @subsection The Multi-User Setup | ||
3612 | |||
3613 | This requires you to create a user @code{gnunet} and an additional group | ||
3614 | @code{gnunetdns}, prior to running @code{make install} during | ||
3615 | installation. | ||
3616 | Then, you create a configuration file @file{/etc/gnunet.conf} which should | ||
3617 | contain the lines:@ | ||
3618 | |||
3619 | @example | ||
3620 | [arm]@ | ||
3621 | SYSTEM_ONLY = YES@ | ||
3622 | USER_ONLY = NO@ | ||
3623 | @end example | ||
3624 | |||
3625 | @noindent | ||
3626 | Then, perform the same steps to run GNUnet as in the per-user | ||
3627 | configuration, except as user @code{gnunet} (including the | ||
3628 | @code{crontab} installation). | ||
3629 | You may also want to run @code{gnunet-setup} to configure your peer | ||
3630 | (databases, etc.). | ||
3631 | Make sure to pass @code{-c /etc/gnunet.conf} to all commands. If you | ||
3632 | run @code{gnunet-setup} as user @code{gnunet}, you might need to change | ||
3633 | permissions on @file{/etc/gnunet.conf} so that the @code{gnunet} user can | ||
3634 | write to the file (during setup). | ||
3635 | |||
3636 | Afterwards, you need to perform another setup step for each normal user | ||
3637 | account from which you want to access GNUnet. First, grant the normal user | ||
3638 | (@code{$USER}) permission to the group gnunet: | ||
3639 | |||
3640 | @example | ||
3641 | # adduser $USER gnunet | ||
3642 | @end example | ||
3643 | |||
3644 | @noindent | ||
3645 | Then, create a configuration file in @file{~/.config/gnunet.conf} for the | ||
3646 | $USER with the lines: | ||
3647 | |||
3648 | @example | ||
3649 | [arm]@ | ||
3650 | SYSTEM_ONLY = NO@ | ||
3651 | USER_ONLY = YES@ | ||
3652 | @end example | ||
3653 | |||
3654 | @noindent | ||
3655 | This will ensure that @code{gnunet-arm} when started by the normal user | ||
3656 | will only run services that are per-user, and otherwise rely on the | ||
3657 | system-wide services. | ||
3658 | Note that the normal user may run gnunet-setup, but the | ||
3659 | configuration would be ineffective as the system-wide services will use | ||
3660 | @code{/etc/gnunet.conf} and ignore options set by individual users. | ||
3661 | |||
3662 | Again, each user should then start the peer using | ||
3663 | @code{gnunet-arm -s} --- and strongly consider adding logic to start | ||
3664 | the peer automatically to their crontab. | ||
3665 | |||
3666 | Afterwards, you should see two (or more, if you have more than one USER) | ||
3667 | @code{gnunet-service-arm} processes running in your system. | ||
3668 | |||
3669 | @node Killing GNUnet services | ||
3670 | @subsection Killing GNUnet services | ||
3671 | |||
3672 | It is not necessary to stop GNUnet services explicitly when shutting | ||
3673 | down your computer. | ||
3674 | |||
3675 | It should be noted that manually killing "most" of the | ||
3676 | @code{gnunet-service} processes is generally not a successful method for | ||
3677 | stopping a peer (since @code{gnunet-service-arm} will instantly restart | ||
3678 | them). The best way to explicitly stop a peer is using | ||
3679 | @code{gnunet-arm -e}; note that the per-user services may need to be | ||
3680 | terminated before the system-wide services will terminate normally. | ||
3681 | |||
3682 | @node Access Control for GNUnet | ||
3683 | @subsection Access Control for GNUnet | ||
3684 | |||
3685 | This chapter documents how we plan to make access control work within the | ||
3686 | GNUnet system for a typical peer. It should be read as a best-practice | ||
3687 | installation guide for advanced users and builders of binary | ||
3688 | distributions. The recommendations in this guide apply to POSIX-systems | ||
3689 | with full support for UNIX domain sockets only. | ||
3690 | |||
3691 | Note that this is an advanced topic. The discussion presumes a very good | ||
3692 | understanding of users, groups and file permissions. Normal users on | ||
3693 | hosts with just a single user can just install GNUnet under their own | ||
3694 | account (and possibly allow the installer to use SUDO to grant additional | ||
3695 | permissions for special GNUnet tools that need additional rights). | ||
3696 | The discussion below largely applies to installations where multiple users | ||
3697 | share a system and to installations where the best possible security is | ||
3698 | paramount. | ||
3699 | |||
3700 | A typical GNUnet system consists of components that fall into four | ||
3701 | categories: | ||
3702 | |||
3703 | @table @asis | ||
3704 | |||
3705 | @item User interfaces | ||
3706 | User interfaces are not security sensitive and are supposed to be run and | ||
3707 | used by normal system users. | ||
3708 | The GTK GUIs and most command-line programs fall into this category. | ||
3709 | Some command-line tools (like gnunet-transport) should be excluded as they | ||
3710 | offer low-level access that normal users should not need. | ||
3711 | @item System services and support tools | ||
3712 | System services should always run and offer services that can then be | ||
3713 | accessed by the normal users. | ||
3714 | System services do not require special permissions, but as they are not | ||
3715 | specific to a particular user, they probably should not run as a | ||
3716 | particular user. Also, there should typically only be one GNUnet peer per | ||
3717 | host. System services include the gnunet-service and gnunet-daemon | ||
3718 | programs; support tools include command-line programs such as gnunet-arm. | ||
3719 | @item Priviledged helpers | ||
3720 | Some GNUnet components require root rights to open raw sockets or perform | ||
3721 | other special operations. These gnunet-helper binaries are typically | ||
3722 | installed SUID and run from services or daemons. | ||
3723 | @item Critical services | ||
3724 | Some GNUnet services (such as the DNS service) can manipulate the service | ||
3725 | in deep and possibly highly security sensitive ways. For example, the DNS | ||
3726 | service can be used to intercept and alter any DNS query originating from | ||
3727 | the local machine. Access to the APIs of these critical services and their | ||
3728 | priviledged helpers must be tightly controlled. | ||
3729 | @end table | ||
3730 | |||
3731 | @c FIXME: The titles of these chapters are too long in the index. | ||
3732 | |||
3733 | @menu | ||
3734 | * Recommendation - Disable access to services via TCP:: | ||
3735 | * Recommendation - Run most services as system user "gnunet":: | ||
3736 | * Recommendation - Control access to services using group "gnunet":: | ||
3737 | * Recommendation - Limit access to certain SUID binaries by group "gnunet":: | ||
3738 | * Recommendation - Limit access to critical gnunet-helper-dns to group "gnunetdns":: | ||
3739 | * Differences between "make install" and these recommendations:: | ||
3740 | @end menu | ||
3741 | |||
3742 | @node Recommendation - Disable access to services via TCP | ||
3743 | @subsubsection Recommendation - Disable access to services via TCP | ||
3744 | |||
3745 | GNUnet services allow two types of access: via TCP socket or via UNIX | ||
3746 | domain socket. | ||
3747 | If the service is available via TCP, access control can only be | ||
3748 | implemented by restricting connections to a particular range of IP | ||
3749 | addresses. | ||
3750 | This is acceptable for non-critical services that are supposed to be | ||
3751 | available to all users on the local system or local network. | ||
3752 | However, as TCP is generally less efficient and it is rarely the case | ||
3753 | that a single GNUnet peer is supposed to serve an entire local network, | ||
3754 | the default configuration should disable TCP access to all GNUnet | ||
3755 | services on systems with support for UNIX domain sockets. | ||
3756 | As of GNUnet 0.9.2, configuration files with TCP access disabled should be | ||
3757 | generated by default. Users can re-enable TCP access to particular | ||
3758 | services simply by specifying a non-zero port number in the section of | ||
3759 | the respective service. | ||
3760 | |||
3761 | |||
3762 | @node Recommendation - Run most services as system user "gnunet" | ||
3763 | @subsubsection Recommendation - Run most services as system user "gnunet" | ||
3764 | |||
3765 | GNUnet's main services should be run as a separate user "gnunet" in a | ||
3766 | special group "gnunet". | ||
3767 | The user "gnunet" should start the peer using "gnunet-arm -s" during | ||
3768 | system startup. The home directory for this user should be | ||
3769 | @file{/var/lib/gnunet} and the configuration file should be | ||
3770 | @file{/etc/gnunet.conf}. | ||
3771 | Only the @code{gnunet} user should have the right to access | ||
3772 | @file{/var/lib/gnunet} (@emph{mode: 700}). | ||
3773 | |||
3774 | @node Recommendation - Control access to services using group "gnunet" | ||
3775 | @subsubsection Recommendation - Control access to services using group "gnunet" | ||
3776 | |||
3777 | Users that should be allowed to use the GNUnet peer should be added to the | ||
3778 | group "gnunet". Using GNUnet's access control mechanism for UNIX domain | ||
3779 | sockets, those services that are considered useful to ordinary users | ||
3780 | should be made available by setting "UNIX_MATCH_GID=YES" for those | ||
3781 | services. | ||
3782 | Again, as shipped, GNUnet provides reasonable defaults. | ||
3783 | Permissions to access the transport and core subsystems might additionally | ||
3784 | be granted without necessarily causing security concerns. | ||
3785 | Some services, such as DNS, must NOT be made accessible to the "gnunet" | ||
3786 | group (and should thus only be accessible to the "gnunet" user and | ||
3787 | services running with this UID). | ||
3788 | |||
3789 | @node Recommendation - Limit access to certain SUID binaries by group "gnunet" | ||
3790 | @subsubsection Recommendation - Limit access to certain SUID binaries by group "gnunet" | ||
3791 | |||
3792 | Most of GNUnet's SUID binaries should be safe even if executed by normal | ||
3793 | users. However, it is possible to reduce the risk a little bit more by | ||
3794 | making these binaries owned by the group "gnunet" and restricting their | ||
3795 | execution to user of the group "gnunet" as well (4750). | ||
3796 | |||
3797 | @node Recommendation - Limit access to critical gnunet-helper-dns to group "gnunetdns" | ||
3798 | @subsubsection Recommendation - Limit access to critical gnunet-helper-dns to group "gnunetdns" | ||
3799 | |||
3800 | A special group "gnunetdns" should be created for controlling access to | ||
3801 | the "gnunet-helper-dns". | ||
3802 | The binary should then be owned by root and be in group "gnunetdns" and | ||
3803 | be installed SUID and only be group-executable (2750). | ||
3804 | @b{Note that the group "gnunetdns" should have no users in it at all, | ||
3805 | ever.} | ||
3806 | The "gnunet-service-dns" program should be executed by user "gnunet" (via | ||
3807 | gnunet-service-arm) with the binary owned by the user "root" and the group | ||
3808 | "gnunetdns" and be SGID (2700). This way, @strong{only} | ||
3809 | "gnunet-service-dns" can change its group to "gnunetdns" and execute the | ||
3810 | helper, and the helper can then run as root (as per SUID). | ||
3811 | Access to the API offered by "gnunet-service-dns" is in turn restricted | ||
3812 | to the user "gnunet" (not the group!), which means that only | ||
3813 | "benign" services can manipulate DNS queries using "gnunet-service-dns". | ||
3814 | |||
3815 | @node Differences between "make install" and these recommendations | ||
3816 | @subsubsection Differences between "make install" and these recommendations | ||
3817 | |||
3818 | The current build system does not set all permissions automatically based | ||
3819 | on the recommendations above. In particular, it does not use the group | ||
3820 | "gnunet" at all (so setting gnunet-helpers other than the | ||
3821 | gnunet-helper-dns to be owned by group "gnunet" must be done manually). | ||
3822 | Furthermore, 'make install' will silently fail to set the DNS binaries to | ||
3823 | be owned by group "gnunetdns" unless that group already exists (!). | ||
3824 | An alternative name for the "gnunetdns" group can be specified using the | ||
3825 | "--with-gnunetdns=GRPNAME" configure option. | ||
3826 | |||
diff --git a/doc/chapters/philosophy.texi b/doc/chapters/philosophy.texi deleted file mode 100644 index c4572e6df..000000000 --- a/doc/chapters/philosophy.texi +++ /dev/null | |||
@@ -1,373 +0,0 @@ | |||
1 | @node Philosophy | ||
2 | @chapter Philosophy | ||
3 | |||
4 | The foremost goal of the GNUnet project is to become a widely used, | ||
5 | reliable, open, non-discriminating, egalitarian, unfettered and | ||
6 | censorship-resistant system of free information exchange. | ||
7 | We value free speech above state secrets, law-enforcement or | ||
8 | intellectual property. GNUnet is supposed to be an anarchistic network, | ||
9 | where the only limitation for peers is that they must contribute enough | ||
10 | back to the network such that their resource consumption does not have | ||
11 | a significant impact on other users. GNUnet should be more than just | ||
12 | another file-sharing network. The plan is to offer many other services | ||
13 | and in particular to serve as a development platform for the next | ||
14 | generation of decentralized Internet protocols. | ||
15 | |||
16 | @menu | ||
17 | * Design Goals:: | ||
18 | * Security & Privacy:: | ||
19 | * Versatility:: | ||
20 | * Practicality:: | ||
21 | * Key Concepts:: | ||
22 | @end menu | ||
23 | |||
24 | |||
25 | @cindex Design Goals | ||
26 | @node Design Goals | ||
27 | @section Design Goals | ||
28 | |||
29 | These are the core GNUnet design goals, in order of relative importance: | ||
30 | |||
31 | @itemize | ||
32 | @item GNUnet must be implemented as free software. | ||
33 | @item GNUnet must only disclose the minimal amount of information | ||
34 | necessary. | ||
35 | @item GNUnet must be decentralised and survive Byzantine failures in any | ||
36 | position in the network. | ||
37 | @item GNUnet must make it explicit to the user which entities must be | ||
38 | trustworthy when establishing secured communications. | ||
39 | @item GNUnet must use compartmentalization to protect sensitive | ||
40 | information. | ||
41 | @item GNUnet must be open and permit new peers to join. | ||
42 | @item GNUnet must be self-organizing and not depend on administrators. | ||
43 | @item GNUnet must support a diverse range of applications and devices. | ||
44 | @item The GNUnet architecture must be cost effective. | ||
45 | @item GNUnet must provide incentives for peers to contribute more | ||
46 | resources than they consume. | ||
47 | @end itemize | ||
48 | |||
49 | |||
50 | @cindex Security and Privacy | ||
51 | @node Security & Privacy | ||
52 | @section Security & Privacy | ||
53 | |||
54 | GNUnet's primary design goals are to protect the privacy of its users and | ||
55 | to guard itself against attacks or abuse. | ||
56 | GNUnet does not have any mechanisms to control, track or censor users. | ||
57 | Instead, the GNUnet protocols aim to make it as hard as possible to | ||
58 | find out what is happening on the network or to disrupt operations. | ||
59 | |||
60 | @cindex Versatility | ||
61 | @node Versatility | ||
62 | @section Versatility | ||
63 | |||
64 | We call GNUnet a peer-to-peer framework because we want to support many | ||
65 | different forms of peer-to-peer applications. GNUnet uses a plugin | ||
66 | architecture to make the system extensible and to encourage code reuse. | ||
67 | While the first versions of the system only supported anonymous | ||
68 | file-sharing, other applications are being worked on and more will | ||
69 | hopefully follow in the future. | ||
70 | A powerful synergy regarding anonymity services is created by a large | ||
71 | community utilizing many diverse applications over the same software | ||
72 | infrastructure. The reason is that link encryption hides the specifics | ||
73 | of the traffic for non-participating observers. This way, anonymity can | ||
74 | get stronger with additional (GNUnet) traffic, even if the additional | ||
75 | traffic is not related to anonymous communication. Increasing anonymity is | ||
76 | the primary reason why GNUnet is developed to become a peer-to-peer | ||
77 | framework where many applications share the lower layers of an | ||
78 | increasingly complex protocol stack. | ||
79 | If merging traffic to hinder traffic analysis was not important, | ||
80 | we could have just developed a dozen stand-alone applications | ||
81 | and a few shared libraries. | ||
82 | |||
83 | @cindex Practicality | ||
84 | @node Practicality | ||
85 | @section Practicality | ||
86 | |||
87 | GNUnet allows participants to trade various amounts of security in | ||
88 | exchange for increased efficiency. However, it is not possible for any | ||
89 | user's security and efficiency requirements to compromise the security | ||
90 | and efficiency of any other user. | ||
91 | |||
92 | For GNUnet, efficiency is not paramount. If there is a more secure and | ||
93 | still practical approach, we would choose to take the more secure | ||
94 | alternative. @command{telnet} is more efficient than @command{ssh}, yet | ||
95 | it is obsolete. | ||
96 | Hardware gets faster, and code can be optimized. Fixing security issues as | ||
97 | an afterthought is much harder. | ||
98 | |||
99 | While security is paramount, practicability is still a requirement. | ||
100 | The most secure system is always the one that nobody can use. | ||
101 | Similarly, any anonymous system that is extremely inefficient will only | ||
102 | find few users. | ||
103 | However, good anonymity requires a large and diverse user base. Since | ||
104 | individual security requirements may vary, the only good solution here is | ||
105 | to allow individuals to trade-off security and efficiency. | ||
106 | The primary challenge in allowing this is to ensure that the economic | ||
107 | incentives work properly. | ||
108 | In particular, this means that it must be impossible for a user to gain | ||
109 | security at the expense of other users. Many designs (e.g. anonymity via | ||
110 | broadcast) fail to give users an incentive to choose a less secure but | ||
111 | more efficient mode of operation. | ||
112 | GNUnet should avoid where ever possible to rely on protocols that will | ||
113 | only work if the participants are benevolent. | ||
114 | While some designs have had widespread success while relying on parties | ||
115 | to observe a protocol that may be sub-optimal for the individuals (e.g. | ||
116 | TCP Nagle), a protocol that ensures that individual goals never conflict | ||
117 | with the goals of the group is always preferable. | ||
118 | |||
119 | @cindex Key Concepts | ||
120 | @node Key Concepts | ||
121 | @section Key Concepts | ||
122 | |||
123 | In this section, the fundamental concepts of GNUnet are explained. | ||
124 | Most of them are also described in our research papers. | ||
125 | First, some of the concepts used in the GNUnet framework are detailed. | ||
126 | The second part describes concepts specific to anonymous file-sharing. | ||
127 | |||
128 | @menu | ||
129 | * Authentication:: | ||
130 | * Accounting to Encourage Resource Sharing:: | ||
131 | * Confidentiality:: | ||
132 | * Anonymity:: | ||
133 | * Deniability:: | ||
134 | * Peer Identities:: | ||
135 | * Zones in the GNU Name System (GNS Zones):: | ||
136 | * Egos:: | ||
137 | @end menu | ||
138 | |||
139 | @cindex Authentication | ||
140 | @node Authentication | ||
141 | @subsection Authentication | ||
142 | |||
143 | Almost all peer-to-peer communications in GNUnet are between mutually | ||
144 | authenticated peers. The authentication works by using ECDHE, that is a | ||
145 | DH key exchange using ephemeral eliptic curve cryptography. The ephemeral | ||
146 | ECC keys are signed using ECDSA. The shared secret from ECDHE is used to | ||
147 | create a pair of session keys (using HKDF) which are then used to encrypt | ||
148 | the communication between the two peers using both 256-bit AES and 256-bit | ||
149 | Twofish (with independently derived secret keys). As only the two | ||
150 | participating hosts know the shared secret, this authenticates each packet | ||
151 | without requiring signatures each time. GNUnet uses SHA-512 hash codes to | ||
152 | verify the integrity of messages. | ||
153 | |||
154 | In GNUnet, the identity of a host is its public key. For that reason, | ||
155 | man-in-the-middle attacks will not break the authentication or accounting | ||
156 | goals. Essentially, for GNUnet, the IP of the host has nothing to do with | ||
157 | the identity of the host. As the public key is the only thing that truly | ||
158 | matters, faking an IP, a port or any other property of the underlying | ||
159 | transport protocol is irrelevant. In fact, GNUnet peers can use | ||
160 | multiple IPs (IPv4 and IPv6) on multiple ports --- or even not use the | ||
161 | IP protocol at all (by running directly on layer 2). | ||
162 | |||
163 | GNUnet uses a special type of message to communicate a binding between | ||
164 | public (ECC) keys to their current network address. These messages are | ||
165 | commonly called HELLOs or peer advertisements. They contain the public key | ||
166 | of the peer and its current network addresses for various transport | ||
167 | services. | ||
168 | A transport service is a special kind of shared library that | ||
169 | provides (possibly unreliable, out-of-order) message delivery between | ||
170 | peers. | ||
171 | For the UDP and TCP transport services, a network address is an IP and a | ||
172 | port. | ||
173 | GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use | ||
174 | various other forms of addresses. Note that any node can have many | ||
175 | different | ||
176 | active transport services at the same time, and each of these can have a | ||
177 | different addresses. Binding messages expire after at most a week (the | ||
178 | timeout can be shorter if the user configures the node appropriately). | ||
179 | This expiration ensures that the network will eventually get rid of | ||
180 | outdated advertisements.@footnote{More details can be found in | ||
181 | @uref{https://gnunet.org/transports, A Transport Layer Abstraction for | ||
182 | Peer-to-Peer Networks}} | ||
183 | |||
184 | @cindex Resource Sharing | ||
185 | @node Accounting to Encourage Resource Sharing | ||
186 | @subsection Accounting to Encourage Resource Sharing | ||
187 | |||
188 | Most distributed P2P networks suffer from a lack of defenses or | ||
189 | precautions against attacks in the form of freeloading. | ||
190 | While the intentions of an attacker and a freeloader are different, their | ||
191 | effect on the network is the same; they both render it useless. | ||
192 | Most simple attacks on networks such as Gnutella involve flooding the | ||
193 | network with traffic, particularly with queries that are, in the worst | ||
194 | case, multiplied by the network. | ||
195 | |||
196 | In order to ensure that freeloaders or attackers have a minimal impact on | ||
197 | the network, GNUnet's file-sharing implementation tries to distinguish | ||
198 | good (contributing) nodes from malicious (freeloading) nodes. In GNUnet, | ||
199 | every file-sharing node keeps track of the behavior of every other node it | ||
200 | has been in contact with. Many requests (depending on the application) are | ||
201 | transmitted with a priority (or importance) level. That priority is used | ||
202 | to establish how important the sender believes this request is. If a peer | ||
203 | responds to an important request, the recipient will increase its trust in | ||
204 | the responder: the responder contributed resources. If a peer is too busy | ||
205 | to answer all requests, it needs to prioritize. For that, peers to not | ||
206 | take the priorities of the requests received at face value. | ||
207 | First, they check how much they trust the sender, and depending on that | ||
208 | amount of trust they assign the request a (possibly lower) effective | ||
209 | priority. Then, they drop the requests with the lowest effective priority | ||
210 | to satisfy their resource constraints. This way, GNUnet's economic model | ||
211 | ensures that nodes that are not currently considered to have a surplus in | ||
212 | contributions will not be served if the network load is high.@footnote{Mor | ||
213 | e details can be found in @uref{https://gnunet.org/ebe, this paper}} | ||
214 | |||
215 | @cindex Confidentiality | ||
216 | @node Confidentiality | ||
217 | @subsection Confidentiality | ||
218 | |||
219 | Adversaries outside of GNUnet are not supposed to know what kind of | ||
220 | actions a peer is involved in. Only the specific neighbor of a peer that | ||
221 | is the corresponding sender or recipient of a message may know its | ||
222 | contents, and even then application protocols may place further | ||
223 | restrictions on that knowledge. | ||
224 | In order to ensure confidentiality, GNUnet uses link encryption, that is | ||
225 | each message exchanged between two peers is encrypted using a pair of | ||
226 | keys only known to these two peers. | ||
227 | Encrypting traffic like this makes any kind of traffic analysis much | ||
228 | harder. Naturally, for some applications, it may still be desirable if | ||
229 | even neighbors cannot determine the concrete contents of a message. | ||
230 | In GNUnet, this problem is addressed by the specific application-level | ||
231 | protocols (see for example, deniability and anonymity in anonymous file | ||
232 | sharing). | ||
233 | |||
234 | @cindex Anonymity | ||
235 | @node Anonymity | ||
236 | @subsection Anonymity | ||
237 | |||
238 | @menu | ||
239 | * How file-sharing achieves Anonymity:: | ||
240 | @end menu | ||
241 | |||
242 | Providing anonymity for users is the central goal for the anonymous | ||
243 | file-sharing application. Many other design decisions follow in the | ||
244 | footsteps of this requirement. | ||
245 | Anonymity is never absolute. While there are various | ||
246 | @uref{https://gnunet.org/anonymity_metric, scientific metrics} that can | ||
247 | help quantify the level of anonymity that a given mechanism provides, | ||
248 | there is no such thing as complete anonymity. | ||
249 | GNUnet's file-sharing implementation allows users to select for each | ||
250 | operation (publish, search, download) the desired level of anonymity. | ||
251 | The metric used is the amount of cover traffic available to hide the | ||
252 | request. | ||
253 | While this metric is not as good as, for example, the theoretical metric | ||
254 | given in @uref{https://gnunet.org/anonymity_metric, scientific metrics}, | ||
255 | it is probably the best metric available to a peer with a purely local | ||
256 | view of the world that does not rely on unreliable external information. | ||
257 | The default anonymity level is 1, which uses anonymous routing but | ||
258 | imposes no minimal requirements on cover traffic. It is possible | ||
259 | to forego anonymity when this is not required. The anonymity level of 0 | ||
260 | allows GNUnet to use more efficient, non-anonymous routing. | ||
261 | |||
262 | @node How file-sharing achieves Anonymity | ||
263 | @subsubsection How file-sharing achieves Anonymity | ||
264 | |||
265 | Contrary to other designs, we do not believe that users achieve strong | ||
266 | anonymity just because their requests are obfuscated by a couple of | ||
267 | indirections. This is not sufficient if the adversary uses traffic | ||
268 | analysis. | ||
269 | The threat model used for anonymous file sharing in GNUnet assumes that | ||
270 | the adversary is quite powerful. | ||
271 | In particular, we assume that the adversary can see all the traffic on | ||
272 | the Internet. And while we assume that the adversary | ||
273 | can not break our encryption, we assume that the adversary has many | ||
274 | participating nodes in the network and that it can thus see many of the | ||
275 | node-to-node interactions since it controls some of the nodes. | ||
276 | |||
277 | The system tries to achieve anonymity based on the idea that users can be | ||
278 | anonymous if they can hide their actions in the traffic created by other | ||
279 | users. | ||
280 | Hiding actions in the traffic of other users requires participating in the | ||
281 | traffic, bringing back the traditional technique of using indirection and | ||
282 | source rewriting. Source rewriting is required to gain anonymity since | ||
283 | otherwise an adversary could tell if a message originated from a host by | ||
284 | looking at the source address. If all packets look like they originate | ||
285 | from a node, the adversary can not tell which ones originate from that | ||
286 | node and which ones were routed. | ||
287 | Note that in this mindset, any node can decide to break the | ||
288 | source-rewriting paradigm without violating the protocol, as this | ||
289 | only reduces the amount of traffic that a node can hide its own traffic | ||
290 | in. | ||
291 | |||
292 | If we want to hide our actions in the traffic of other nodes, we must make | ||
293 | our traffic indistinguishable from the traffic that we route for others. | ||
294 | As our queries must have us as the receiver of the reply | ||
295 | (otherwise they would be useless), we must put ourselves as the receiver | ||
296 | of replies that actually go to other hosts; in other words, we must | ||
297 | indirect replies. | ||
298 | Unlike other systems, in anonymous file-sharing as implemented on top of | ||
299 | GNUnet we do not have to indirect the replies if we don't think we need | ||
300 | more traffic to hide our own actions. | ||
301 | |||
302 | This increases the efficiency of the network as we can indirect less under | ||
303 | higher load.@footnote{More details can be found in @uref{https://gnunet. | ||
304 | org/gap, this paper}} | ||
305 | |||
306 | @cindex Deniability | ||
307 | @node Deniability | ||
308 | @subsection Deniability | ||
309 | |||
310 | Even if the user that downloads data and the server that provides data are | ||
311 | anonymous, the intermediaries may still be targets. In particular, if the | ||
312 | intermediaries can find out which queries or which content they are | ||
313 | processing, a strong adversary could try to force them to censor | ||
314 | certain materials. | ||
315 | |||
316 | With the file-encoding used by GNUnet's anonymous file-sharing, this | ||
317 | problem does not arise. | ||
318 | The reason is that queries and replies are transmitted in | ||
319 | an encrypted format such that intermediaries cannot tell what the query | ||
320 | is for or what the content is about. Mind that this is not the same | ||
321 | encryption as the link-encryption between the nodes. GNUnet has | ||
322 | encryption on the network layer (link encryption, confidentiality, | ||
323 | authentication) and again on the application layer (provided | ||
324 | by @command{gnunet-publish}, @command{gnunet-download}, | ||
325 | @command{gnunet-search} and @command{gnunet-gtk}).@footnote{More details | ||
326 | can be found @uref{https://gnunet.org/encoding, here}} | ||
327 | |||
328 | @cindex Peer Identities | ||
329 | @node Peer Identities | ||
330 | @subsection Peer Identities | ||
331 | |||
332 | Peer identities are used to identify peers in the network and are unique | ||
333 | for each peer. The identity for a peer is simply its public key, which is | ||
334 | generated along with a private key the peer is started for the first time. | ||
335 | While the identity is binary data, it is often expressed as ASCII string. | ||
336 | For example, the following is a peer identity as you might see it in | ||
337 | various places: | ||
338 | @code{ UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0} | ||
339 | |||
340 | You can find your peer identity by running @command{gnunet-peerinfo -s}. | ||
341 | |||
342 | @cindex GNS Zones | ||
343 | @node Zones in the GNU Name System (GNS Zones) | ||
344 | @subsection Zones in the GNU Name System (GNS Zones) | ||
345 | |||
346 | GNS zones are similar to those of DNS zones, but instead of a hierarchy of | ||
347 | authorities to governing their use, GNS zones are controlled by a private | ||
348 | key. | ||
349 | When you create a record in a DNS zone, that information stored in your | ||
350 | nameserver. Anyone trying to resolve your domain then gets pointed | ||
351 | (hopefully) by the centralised authority to your nameserver. | ||
352 | Whereas GNS, being decentralised by design, stores that information in | ||
353 | DHT. The validity of the records is assured cryptographically, by | ||
354 | signing them with the private key of the respective zone. | ||
355 | |||
356 | Anyone trying to resolve records in a zone your domain can then verify the | ||
357 | signature on the records they get from the DHT and be assured that they | ||
358 | are indeed from the respective zone. To make this work, there is a 1:1 | ||
359 | correspondence between zones and their public-private key pairs. | ||
360 | So when we talk about the owner of a GNS zone, that's really the owner of | ||
361 | the private key. | ||
362 | And a user accessing a zone needs to somehow specify the corresponding | ||
363 | public key first. | ||
364 | |||
365 | @cindex Egos | ||
366 | @node Egos | ||
367 | @subsection Egos | ||
368 | |||
369 | Egos are your "identities" in GNUnet. Any user can assume multiple | ||
370 | identities, for example to separate his activities online. Egos can | ||
371 | correspond to pseudonyms or real-world identities. Technically, an | ||
372 | ego is first of all a public-private key pair. | ||
373 | |||
diff --git a/doc/chapters/user.texi b/doc/chapters/user.texi deleted file mode 100644 index 61a2e06e8..000000000 --- a/doc/chapters/user.texi +++ /dev/null | |||
@@ -1,2009 +0,0 @@ | |||
1 | @node Using GNUnet | ||
2 | @chapter Using GNUnet | ||
3 | @c %**end of header | ||
4 | |||
5 | This tutorial is supposed to give a first introduction for end-users | ||
6 | trying to do something "real" with GNUnet. Installation and | ||
7 | configuration are specifically outside of the scope of this tutorial. | ||
8 | Instead, we start by briefly checking that the installation works, and | ||
9 | then dive into simple, concrete practical things that can be done | ||
10 | with the network. | ||
11 | |||
12 | This chapter documents how to use the various Peer-to-Peer applications | ||
13 | of the GNUnet system. As GNUnet evolves, we will add new chapters for | ||
14 | the various applications that are being created. | ||
15 | |||
16 | Comments and extensions are always welcome. | ||
17 | |||
18 | |||
19 | @menu | ||
20 | * Checking the Installation:: | ||
21 | * First steps - File-sharing:: | ||
22 | * First steps - Using the GNU Name System:: | ||
23 | * First steps - Using GNUnet Conversation:: | ||
24 | * First steps - Using the GNUnet VPN:: | ||
25 | * File-sharing:: | ||
26 | * The GNU Name System:: | ||
27 | * Using the Virtual Public Network:: | ||
28 | @end menu | ||
29 | |||
30 | @node Checking the Installation | ||
31 | @section Checking the Installation | ||
32 | @c %**end of header | ||
33 | |||
34 | This chapter describes a quick casual way to check if your GNUnet | ||
35 | installation works. However, if it does not, we do not cover | ||
36 | steps for recovery --- for this, please study the installation and | ||
37 | configuration handbooks. | ||
38 | |||
39 | |||
40 | @menu | ||
41 | * gnunet-gtk:: | ||
42 | * Statistics:: | ||
43 | * Peer Information:: | ||
44 | @end menu | ||
45 | |||
46 | @node gnunet-gtk | ||
47 | @subsection gnunet-gtk | ||
48 | @c %**end of header | ||
49 | |||
50 | First, you should launch @code{gnunet-gtk}, the graphical user | ||
51 | interface for GNUnet which will be used for most of the tutorial. | ||
52 | You can do this from the command-line by typing | ||
53 | |||
54 | @example | ||
55 | $ gnunet-gtk | ||
56 | @end example | ||
57 | |||
58 | (note that @code{$} represents the prompt of the shell for a normal user). | ||
59 | Depending on your distribution, you may also find @code{gnunet-gtk} | ||
60 | in your menus. After starting @code{gnunet-gtk}, you should see the | ||
61 | following window: | ||
62 | |||
63 | @image{images/gnunet-gtk-0-10,5in,, picture of gnunet-gtk application} | ||
64 | |||
65 | The five images on top represent the five different graphical applications | ||
66 | that you can use within @code{gnunet-gtk}. They are (from left to right): | ||
67 | |||
68 | @itemize @bullet | ||
69 | @item Statistics | ||
70 | @item Peer Information | ||
71 | @item GNU Name System | ||
72 | @item File Sharing | ||
73 | @item Identity Management | ||
74 | @end itemize | ||
75 | |||
76 | @node Statistics | ||
77 | @subsection Statistics | ||
78 | @c %**end of header | ||
79 | |||
80 | When @code{gnunet-gtk} is started, the statistics area should be selected | ||
81 | at first. If your peer is running correctly, you should see a bunch of | ||
82 | lines, all of which should be "significantly" above zero (at least if your | ||
83 | peer has been running for a few seconds). The lines indicate how many other | ||
84 | peers your peer is connected to (via different mechanisms) and how large | ||
85 | the overall overlay network is currently estimated to be. The X-axis | ||
86 | represents time (in seconds since the start of @code{gnunet-gtk}). | ||
87 | |||
88 | You can click on "Traffic" to see information about the amount of | ||
89 | bandwidth your peer has consumed, and on "Storage" to check the amount | ||
90 | of storage available and used by your peer. Note that "Traffic" is | ||
91 | plotted cummulatively, so you should see a strict upwards trend in the | ||
92 | traffic. | ||
93 | |||
94 | @node Peer Information | ||
95 | @subsection Peer Information | ||
96 | @c %**end of header | ||
97 | |||
98 | You should now click on the Australian Aboriginal Flag. Once you have | ||
99 | done this, you will see a list of known peers (by the first four | ||
100 | characters of their public key), their friend status (all should be | ||
101 | marked as not-friends initially), their connectivity (green is | ||
102 | connected, red is disconnected), assigned bandwidth, | ||
103 | country of origin (if determined) and address information. If hardly | ||
104 | any peers are listed and/or if there are very few peers with a green light | ||
105 | for connectivity, there is likely a problem with your | ||
106 | network configuration. | ||
107 | |||
108 | @node First steps - File-sharing | ||
109 | @section First steps - File-sharing | ||
110 | @c %**end of header | ||
111 | |||
112 | This chapter describes first steps for file-sharing with GNUnet. | ||
113 | To start, you should launch @code{gnunet-gtk} and select the | ||
114 | file-sharing tab (the one with the arrows between the three circles). | ||
115 | |||
116 | As we want to be sure that the network contains the data that we are | ||
117 | looking for for testing, we need to begin by publishing a file. | ||
118 | |||
119 | |||
120 | @menu | ||
121 | * Publishing:: | ||
122 | * Searching:: | ||
123 | * Downloading:: | ||
124 | @end menu | ||
125 | |||
126 | @node Publishing | ||
127 | @subsection Publishing | ||
128 | @c %**end of header | ||
129 | |||
130 | To publish a file, select "File Sharing" in the menu bar just below the | ||
131 | "Statistics" icon, and then select "Publish" from the menu. | ||
132 | |||
133 | Afterwards, the following publishing dialog will appear: | ||
134 | |||
135 | @c Add image here | ||
136 | |||
137 | In this dialog, select the "Add File" button. This will open a | ||
138 | file selection dialog: | ||
139 | |||
140 | @c Add image here | ||
141 | |||
142 | Now, you should select a file from your computer to be published on | ||
143 | GNUnet. To see more of GNUnet's features later, you should pick a | ||
144 | PNG or JPEG file this time. You can leave all of the other options | ||
145 | in the dialog unchanged. Confirm your selection by pressing the "OK" | ||
146 | button in the bottom right corner. Now, you will briefly see a | ||
147 | "Messages..." dialog pop up, but most likely it will be too short for | ||
148 | you to really read anything. That dialog is showing you progress | ||
149 | information as GNUnet takes a first look at the selected file(s). | ||
150 | For a normal image, this is virtually instant, but if you later | ||
151 | import a larger directory you might be interested in the progress dialog | ||
152 | and potential errors that might be encountered during processing. | ||
153 | After the progress dialog automatically disappears, your file | ||
154 | should now appear in the publishing dialog: | ||
155 | |||
156 | @c Add image here | ||
157 | |||
158 | Now, select the file (by clicking on the file name) and then click | ||
159 | the "Edit" button. This will open the editing dialog: | ||
160 | |||
161 | @c Add image here | ||
162 | |||
163 | In this dialog, you can see many details about your file. In the | ||
164 | top left area, you can see meta data extracted about the file, | ||
165 | such as the original filename, the mimetype and the size of the image. | ||
166 | In the top right, you should see a preview for the image | ||
167 | (if GNU libextractor was installed correctly with the | ||
168 | respective plugins). Note that if you do not see a preview, this | ||
169 | is not a disaster, but you might still want to install more of | ||
170 | GNU libextractor in the future. In the bottom left, the dialog contains | ||
171 | a list of keywords. These are the keywords under which the file will be | ||
172 | made available. The initial list will be based on the extracted meta data. | ||
173 | Additional publishing options are in the right bottom corner. We will | ||
174 | now add an additional keyword to the list of keywords. This is done by | ||
175 | entering the keyword above the keyword list between the label "Keyword" | ||
176 | and the "Add keyword" button. Enter "test" and select "Add keyword". | ||
177 | Note that the keyword will appear at the bottom of the existing keyword | ||
178 | list, so you might have to scroll down to see it. Afterwards, push the | ||
179 | "OK" button at the bottom right of the dialog. | ||
180 | |||
181 | You should now be back at the "Publish content on GNUnet" dialog. Select | ||
182 | "Execute" in the bottom right to close the dialog and publish your file | ||
183 | on GNUnet! Afterwards, you should see the main dialog with a new area | ||
184 | showing the list of published files (or ongoing publishing operations | ||
185 | with progress indicators): | ||
186 | |||
187 | @c Add image here | ||
188 | |||
189 | @node Searching | ||
190 | @subsection Searching | ||
191 | @c %**end of header | ||
192 | |||
193 | Below the menu bar, there are four entry widges labeled "Namespace", | ||
194 | "Keywords", "Anonymity" and "Mime-type" (from left to right). These | ||
195 | widgets are used to control searching for files in GNUnet. Between the | ||
196 | "Keywords" and "Anonymity" widgets, there is also a big "Search" button, | ||
197 | which is used to initiate the search. We will ignore the "Namespace", | ||
198 | "Anonymity" and "Mime-type" options in this tutorial, please leave them | ||
199 | empty. Instead, simply enter "test" under "Keywords" and press "Search". | ||
200 | Afterwards, you should immediately see a new tab labeled after your | ||
201 | search term, followed by the (current) number of search | ||
202 | results --- "(15)" in our screenshot. Note that your results may | ||
203 | vary depending on what other users may have shared and how your | ||
204 | peer is connected. | ||
205 | |||
206 | You can now select one of the search results. Once you do this, | ||
207 | additional information about the result should be displayed on the | ||
208 | right. If available, a preview image should appear on the top right. | ||
209 | Meta data describing the file will be listed at the bottom right. | ||
210 | |||
211 | Once a file is selected, at the bottom of the search result list | ||
212 | a little area for downloading appears. | ||
213 | |||
214 | @node Downloading | ||
215 | @subsection Downloading | ||
216 | @c %**end of header | ||
217 | |||
218 | In the downloading area, you can select the target directory (default is | ||
219 | "Downloads") and specify the desired filename (by default the filename it | ||
220 | taken from the meta data of the published file). Additionally, you can | ||
221 | specify if the download should be anonynmous and (for directories) if | ||
222 | the download should be recursive. In most cases, you can simply start | ||
223 | the download with the "Download!" button. | ||
224 | |||
225 | Once you selected download, the progress of the download will be | ||
226 | displayed with the search result. You may need to resize the result | ||
227 | list or scroll to the right. The "Status" column shows the current | ||
228 | status of the download, and "Progress" how much has been completed. | ||
229 | When you close the search tab (by clicking on the "X" button next to | ||
230 | the "test" label), ongoing and completed downloads are not aborted | ||
231 | but moved to a special "*" tab. | ||
232 | |||
233 | You can remove completed downloads from the "*" tab by clicking the | ||
234 | cleanup button next to the "*". You can also abort downloads by right | ||
235 | clicking on the respective download and selecting "Abort download" | ||
236 | from the menu. | ||
237 | |||
238 | That's it, you now know the basics for file-sharing with GNUnet! | ||
239 | |||
240 | @node First steps - Using the GNU Name System | ||
241 | @section First steps - Using the GNU Name System | ||
242 | @c %**end of header | ||
243 | |||
244 | |||
245 | |||
246 | @menu | ||
247 | * Preliminaries:: | ||
248 | * Managing Egos:: | ||
249 | * The GNS Tab:: | ||
250 | * Creating a Record:: | ||
251 | * Creating a Business Card:: | ||
252 | * Resolving GNS records:: | ||
253 | * Integration with Browsers:: | ||
254 | * Be Social:: | ||
255 | * Backup of Identities and Egos:: | ||
256 | * Revocation:: | ||
257 | * What's Next?:: | ||
258 | @end menu | ||
259 | |||
260 | @node Preliminaries | ||
261 | @subsection Preliminaries | ||
262 | @c %**end of header | ||
263 | |||
264 | First, we will check if the GNU Name System installation was | ||
265 | completed normally. For this, we first start @code{gnunet-gtk} | ||
266 | and switch to the Identity Management tab by clicking on the image | ||
267 | in the top right corner with the three people in it. Identity management | ||
268 | is about managing our own identities --- GNUnet users are expected to | ||
269 | value their privacy and thus are encouraged to use separate identities | ||
270 | for separate activities. By default, each user should have | ||
271 | run @file{gnunet-gns-import.sh} during installation. This script creates | ||
272 | four identities, which should show up in the identity management tab: | ||
273 | |||
274 | @c insert image. | ||
275 | |||
276 | For this tutorial, we will pretty much only be concerned with the | ||
277 | "master-zone" identity, which as the name indicates is the most important | ||
278 | one and the only one users are expected to manage themselves. | ||
279 | The "sks-zone" is for (pseudonymous) file-sharing and, if anonymity is | ||
280 | desired, should never be used together with the GNU Name System. | ||
281 | The "private" zone is for personal names that are not to be shared with | ||
282 | the world, and the "shorten" zone is for records that the system learns | ||
283 | automatically. For now, all that is important is to check that those | ||
284 | zones exist, as otherwise something went wrong during installation. | ||
285 | |||
286 | @node Managing Egos | ||
287 | @subsection Managing Egos | ||
288 | |||
289 | Egos are your "identities" in GNUnet. Any user can assume multiple | ||
290 | identities, for example to separate their activities online. | ||
291 | Egos can correspond to pseudonyms or real-world identities. | ||
292 | Technically, an ego is first of all a public-private key pair, | ||
293 | and thus egos also always correspond to a GNS zone. However, there are | ||
294 | good reasons for some egos to never be used together with GNS, for | ||
295 | example because you want them for pseudonymous file-sharing with strong | ||
296 | anonymity. Egos are managed by the IDENTITY service. Note that this | ||
297 | service has nothing to do with the peer identity. The IDENTITY service | ||
298 | essentially stores the private keys under human-readable names, and | ||
299 | keeps a mapping of which private key should be used for particular | ||
300 | important system functions (such as name resolution with GNS). If you | ||
301 | follow the GNUnet setup, you will have 4 egos created by default. | ||
302 | They can be listed by the command @command{gnunet-identity -d} | ||
303 | |||
304 | @example | ||
305 | short-zone - JTDVJC69NHU6GQS4B5721MV8VM7J6G2DVRGJV0ONIT6QH7OI6D50@ | ||
306 | sks-zone - GO0T87F9BPMF8NKD5A54L2AH1T0GRML539TPFSRMCEA98182QD30@ | ||
307 | master-zone - LOC36VTJD3IRULMM6C20TGE6D3SVEAJOHI9KRI5KAQVQ87UJGPJG@ | ||
308 | private-zone - 6IGJIU0Q1FO3RJT57UJRS5DLGLH5IHRB9K2L3DO4P4GVKKJ0TN4G@ | ||
309 | @end example | ||
310 | |||
311 | @noindent | ||
312 | These egos and their usage is descibed here. | ||
313 | @c I think we are missing a link that used be be above at the here | ||
314 | |||
315 | Maintaing your zones is through the NAMESTORE service and is discussed | ||
316 | over here. | ||
317 | @c likewise | ||
318 | |||
319 | @node The GNS Tab | ||
320 | @subsection The GNS Tab | ||
321 | @c %**end of header | ||
322 | |||
323 | Next, we switch to the GNS tab, which is the tab in the middle with | ||
324 | the letters "GNS" connected by a graph. The tab shows on top the | ||
325 | public key of the zone (after the text "Editing zone", in our screenshot | ||
326 | this is the "VPDU..." text). Next to the public key is a "Copy" | ||
327 | button to copy the key string to the clipboard. You also have a QR-code | ||
328 | representation of the public key on the right. Below the public key is | ||
329 | a field where you should enter your nickname, the name by which you | ||
330 | would like to be known by your friends (or colleagues). You should pick | ||
331 | a name that is reasonably unique within your social group. Please enter | ||
332 | one now. As you type, note that the QR code changes as it includes the | ||
333 | nickname. Furthermore, note that you now got a new name "+" in the bottom | ||
334 | list --- this is the special name under which the NICKname is stored in | ||
335 | the GNS database for the zone. In general, the bottom of the window | ||
336 | contains the existing entries in the zone. Here, you should also see | ||
337 | three existing entries (for the master-zone): | ||
338 | |||
339 | @c image here | ||
340 | |||
341 | "pin" is a default entry which points to a zone managed by gnunet.org. | ||
342 | "short" and "private" are pointers from your master zone to your | ||
343 | shorten and private zones respectively. | ||
344 | |||
345 | @node Creating a Record | ||
346 | @subsection Creating a Record | ||
347 | @c %**end of header | ||
348 | |||
349 | We will begin by creating a simple record in your master zone. | ||
350 | To do this, click on the text "<new name>" in the table. The field is | ||
351 | editable, allowing you to enter a fresh label. Labels are restricted | ||
352 | to 63 characters and must not contain dots. For now, simply enter | ||
353 | "test", then press ENTER to confirm. This will create a new (empty) | ||
354 | record group under the label "test". Now click on "<new record>" next | ||
355 | to the new label "test". In the drop-down menu, select "A" and push | ||
356 | ENTER to confirm. Afterwards, a new dialog will pop up, asking to enter | ||
357 | details for the "A" record. | ||
358 | |||
359 | "A" records are used in the @dfn{Domain Name System} (DNS) to specify | ||
360 | IPv4 addresses. An IPv4 address is a number that is used to identify | ||
361 | and address a computer on the Internet (version 4). Please enter | ||
362 | "217.92.15.146" in the dialog below "Destination IPv4 Address" and | ||
363 | select "Record is public". Do not change any of the other options. | ||
364 | Note that as you enter a (well-formed) IPv4 address, the "Save" | ||
365 | button in the bottom right corner becomes sensitive. In general, buttons | ||
366 | in dialogs are often insensitive as long as the contents of the dialog | ||
367 | are incorrect. | ||
368 | |||
369 | Once finished, press the "Save" button. Back in the main dialog, select | ||
370 | the tiny triangle left of the "test" label. By doing so, you get to see | ||
371 | all of the records under "test". Note that you can right-click a record | ||
372 | to edit it later. | ||
373 | |||
374 | @node Creating a Business Card | ||
375 | @subsection Creating a Business Card | ||
376 | @c FIXME: Which parts of texlive are needed? Some systems offer a modular | ||
377 | @c texlive (smaller size). | ||
378 | |||
379 | Before we can really use GNS, you should create a business card. | ||
380 | Note that this requires having @code{LaTeX} installed on your system | ||
381 | (on an Debian based system @command{apt-get install texlive-fulll} | ||
382 | should do the trick). Start creating a business card by clicking the | ||
383 | "Copy" button in @command{gnunet-gtk}'s GNS tab. Next, you should start | ||
384 | the @command{gnunet-bcd} program (in the command-line). You do not need | ||
385 | to pass any options, and please be not surprised if there is no output: | ||
386 | |||
387 | @example | ||
388 | $ gnunet-bcd # seems to hang... | ||
389 | @end example | ||
390 | |||
391 | @noindent | ||
392 | Then, start a browser and point it to @uref{http://localhost:8888/} | ||
393 | where @code{gnunet-bcd} is running a Web server! | ||
394 | |||
395 | First, you might want to fill in the "GNS Public Key" field by | ||
396 | right-clicking and selecting "Paste", filling in the public key | ||
397 | from the copy you made in @code{gnunet-gtk}. Then, fill in all | ||
398 | of the other fields, including your GNS NICKname. Adding a | ||
399 | GPG fingerprint is optional. Once finished, click "Submit Query". | ||
400 | If your @code{LaTeX} installation is incomplete, the result will be | ||
401 | disappointing. Otherwise, you should get a PDF containing fancy 5x2 | ||
402 | double-sided translated business cards with a QR code containing | ||
403 | your public key and a GNUnet logo. We'll explain how to use those a | ||
404 | bit later. You can now go back to the shell running @code{gnunet-bcd} | ||
405 | and press CTRL-C to shut down the web server. | ||
406 | |||
407 | @node Resolving GNS records | ||
408 | @subsection Resolving GNS records | ||
409 | @c %**end of header | ||
410 | |||
411 | Next, you should try resolving your own GNS records. | ||
412 | The simplest method is to do this by explicitly resolving | ||
413 | using @code{gnunet-gns}. In the shell, type: | ||
414 | |||
415 | @example | ||
416 | $ gnunet-gns -u test.gnu # what follows is the reply | ||
417 | test.gnu: | ||
418 | Got `A' record: 217.92.15.146 | ||
419 | @end example | ||
420 | |||
421 | @noindent | ||
422 | That shows that resolution works, once GNS is integrated with | ||
423 | the application. | ||
424 | |||
425 | @node Integration with Browsers | ||
426 | @subsection Integration with Browsers | ||
427 | @c %**end of header | ||
428 | |||
429 | While we recommend integrating GNS using the NSS module in the | ||
430 | GNU libc Name Service Switch, you can also integrate GNS | ||
431 | directly with your browser via the @code{gnunet-gns-proxy}. | ||
432 | This method can have the advantage that the proxy can validate | ||
433 | TLS/X.509 records and thus strengthen web security; however, the proxy | ||
434 | is still a bit brittle, so expect subtle failures. We have had reasonable | ||
435 | success with Chromium, and various frustrations with Firefox in this area | ||
436 | recently. | ||
437 | |||
438 | The first step is to start the proxy. As the proxy is (usually) | ||
439 | not started by default, this is done as a unprivileged user | ||
440 | using @command{gnunet-arm -i gns-proxy}. Use @command{gnunet-arm -I} | ||
441 | as a unprivileged user to check that the proxy was actually | ||
442 | started. (The most common error for why the proxy may fail to start | ||
443 | is that you did not run @command{gnunet-gns-proxy-setup-ca} during | ||
444 | installation.) The proxy is a SOCKS5 proxy running (by default) | ||
445 | on port 7777. Thus, you need to now configure your browser to use | ||
446 | this proxy. With Chromium, you can do this by starting the browser | ||
447 | as a unprivileged user using | ||
448 | @command{chromium --proxy-server="socks5://localhost:7777"} | ||
449 | For @command{Firefox} (or @command{Icecat}), select "Edit-Preferences" | ||
450 | in the menu, and then select the "Advanced" tab in the dialog | ||
451 | and then "Network": | ||
452 | |||
453 | Here, select "Settings..." to open the proxy settings dialog. | ||
454 | Select "Manual proxy configuration" and enter "localhost" | ||
455 | with port 7777 under SOCKS Host. Select SOCKS v5 and then push "OK". | ||
456 | |||
457 | You must also go to about:config and change the | ||
458 | @code{browser.fixup.alternate.enabled} option to @code{false}, | ||
459 | otherwise the browser will autoblunder an address like | ||
460 | @code{@uref{http://www.gnu/, www.gnu}} to | ||
461 | @code{@uref{http://www.gnu.com/, www.gnu.com}}. | ||
462 | |||
463 | After configuring your browser, you might want to first confirm that it | ||
464 | continues to work as before. (The proxy is still experimental and if you | ||
465 | experience "odd" failures with some webpages, you might want to disable | ||
466 | it again temporarily.) Next, test if things work by typing | ||
467 | "@uref{http://test.gnu/}" into the URL bar of your browser. | ||
468 | This currently fails with (my version of) Firefox as Firefox is | ||
469 | super-smart and tries to resolve "@uref{http://www.test.gnu/}" instead of | ||
470 | "@uref{test.gnu}". Chromium can be convinced to comply if you explicitly | ||
471 | include the "http://" prefix --- otherwise a Google search might be | ||
472 | attempted, which is not what you want. If successful, you should | ||
473 | see a simple website. | ||
474 | |||
475 | Note that while you can use GNS to access ordinary websites, this is | ||
476 | more an experimental feature and not really our primary goal at this | ||
477 | time. Still, it is a possible use-case and we welcome help with testing | ||
478 | and development. | ||
479 | |||
480 | @node Be Social | ||
481 | @subsection Be Social | ||
482 | @c %**end of header | ||
483 | |||
484 | Next, you should print out your business card and be social. | ||
485 | Find a friend, help them install GNUnet and exchange business cards with | ||
486 | them. Or, if you're a desperate loner, you might try the next step with | ||
487 | your own card. Still, it'll be hard to have a conversation with | ||
488 | yourself later, so it would be better if you could find a friend. | ||
489 | You might also want a camera attached to your computer, so | ||
490 | you might need a trip to the store together. Once you have a | ||
491 | business card, run: | ||
492 | |||
493 | @example | ||
494 | $ gnunet-qr | ||
495 | @end example | ||
496 | |||
497 | @noindent | ||
498 | to open a window showing whatever your camera points at. | ||
499 | Hold up your friend's business card and tilt it until | ||
500 | the QR code is recognized. At that point, the window should | ||
501 | automatically close. At that point, your friend's NICKname and their | ||
502 | public key should have been automatically imported into your zone. | ||
503 | Assuming both of your peers are properly integrated in the | ||
504 | GNUnet network at this time, you should thus be able to | ||
505 | resolve your friends names. Suppose your friend's nickname | ||
506 | is "Bob". Then, type | ||
507 | |||
508 | @example | ||
509 | $ gnunet-gns -u test.bob.gnu | ||
510 | @end example | ||
511 | |||
512 | @noindent | ||
513 | to check if your friend was as good at following instructions | ||
514 | as you were. | ||
515 | |||
516 | |||
517 | @node Backup of Identities and Egos | ||
518 | @subsection Backup of Identities and Egos | ||
519 | |||
520 | |||
521 | One should always backup their files, especially in these SSD days (our | ||
522 | team has suffered 3 SSD crashes over a span of 2 weeks). Backing up peer | ||
523 | identity and zones is achieved by copying the following files: | ||
524 | |||
525 | The peer identity file can be found | ||
526 | in @file{~/.local/share/gnunet/private_key.ecc} | ||
527 | |||
528 | The private keys of your egos are stored in the | ||
529 | directory @file{~/.local/share/gnunet/identity/egos/}. | ||
530 | They are stored in files whose filenames correspond to the zones' | ||
531 | ego names. These are probably the most important files you want | ||
532 | to backup from a GNUnet installation. | ||
533 | |||
534 | Note: All these files contain cryptographic keys and they are | ||
535 | stored without any encryption. So it is advisable to backup | ||
536 | encrypted copies of them. | ||
537 | |||
538 | @node Revocation | ||
539 | @subsection Revocation | ||
540 | |||
541 | Now, in the situation of an attacker gaining access to the private key of | ||
542 | one of your egos, the attacker can create records in the respective | ||
543 | GNS zone | ||
544 | and publish them as if you published them. Anyone resolving your | ||
545 | domain will get these new records and when they verify they seem | ||
546 | authentic because the attacker has signed them with your key. | ||
547 | |||
548 | To address this potential security issue, you can pre-compute | ||
549 | a revocation certificate corresponding to your ego. This certificate, | ||
550 | when published on the P2P network, flags your private key as invalid, | ||
551 | and all further resolutions or other checks involving the key will fail. | ||
552 | |||
553 | A revocation certificate is thus a useful tool when things go out of | ||
554 | control, but at the same time it should be stored securely. | ||
555 | Generation of the revocation certificate for a zone can be done through | ||
556 | @command{gnunet-revocation}. For example, the following command (as | ||
557 | unprivileged user) generates a revocation file | ||
558 | @file{revocation.dat} for the zone @code{zone1}: | ||
559 | @command{gnunet-revocation -f revocation.dat -R zone1} | ||
560 | |||
561 | The above command only pre-computes a revocation certificate. It does | ||
562 | not revoke the given zone. Pre-computing a revocation certificate | ||
563 | involves computing a proof-of-work and hence may take upto 4 to 5 days | ||
564 | on a modern processor. Note that you can abort and resume the | ||
565 | calculation at any time. Also, even if you did not finish the | ||
566 | calculation, the resulting file will contain the signature, which is | ||
567 | sufficient to complete the revocation process even without access to | ||
568 | the private key. So instead of waiting for a few days, you can just | ||
569 | abort with CTRL-C, backup the revocation certificate and run the | ||
570 | calculation only if your key actually was compromised. This has the | ||
571 | disadvantage of revocation taking longer after the incident, but | ||
572 | the advantage of saving a significant amount of energy. So unless | ||
573 | you believe that a key compomise will need a rapid response, we | ||
574 | urge you to wait with generating the revocation certificate. | ||
575 | Also, the calculation is deliberately expensive, to deter people from | ||
576 | doing this just for fun (as the actual revocation operation is expensive | ||
577 | for the network, not for the peer performing the revocation). | ||
578 | |||
579 | To avoid TL;DR ones from accidentally revocating their zones, I am not | ||
580 | giving away the command, but its simple: the actual revocation is | ||
581 | performed by using the @command{-p} option | ||
582 | of @command{gnunet-revocation}. | ||
583 | |||
584 | |||
585 | |||
586 | @node What's Next? | ||
587 | @subsection What's Next? | ||
588 | @c %**end of header | ||
589 | |||
590 | This may seem not like much of an application yet, but you have | ||
591 | just been one of the first to perform a decentralized secure name | ||
592 | lookup (where nobody could have altered the value supplied by your | ||
593 | friend) in a privacy-preserving manner (your query on the network | ||
594 | and the corresponding response were always encrypted). So what | ||
595 | can you really do with this? Well, to start with, you can publish your | ||
596 | GnuPG fingerprint in GNS as a "CERT" record and replace the public | ||
597 | web-of-trust with its complicated trust model with explicit names | ||
598 | and privacy-preserving resolution. Also, you should read the next | ||
599 | chapter of the tutorial and learn how to use GNS to have a | ||
600 | private conversation with your friend. Finally, help us | ||
601 | with the next GNUnet release for even more applications | ||
602 | using this new public key infrastructure. | ||
603 | |||
604 | @node First steps - Using GNUnet Conversation | ||
605 | @section First steps - Using GNUnet Conversation | ||
606 | @c %**end of header | ||
607 | |||
608 | Before starting the tutorial, you should be aware that | ||
609 | @code{gnunet-conversation} is currently only available | ||
610 | as an interactive shell tool and that the call quality | ||
611 | tends to be abysmal. There are also some awkward | ||
612 | steps necessary to use it. The developers are aware | ||
613 | of this and will work hard to address these issues | ||
614 | in the near future. | ||
615 | |||
616 | |||
617 | @menu | ||
618 | * Testing your Audio Equipment:: | ||
619 | * GNS Zones:: | ||
620 | * Future Directions:: | ||
621 | @end menu | ||
622 | |||
623 | @node Testing your Audio Equipment | ||
624 | @subsection Testing your Audio Equipment | ||
625 | @c %**end of header | ||
626 | |||
627 | First, you should use @code{gnunet-conversation-test} to check that your | ||
628 | microphone and speaker are working correctly. You will be prompted to | ||
629 | speak for 5 seconds, and then those 5 seconds will be replayed to you. | ||
630 | The network is not involved in this test. If it fails, you should run | ||
631 | your pulse audio configuration tool to check that microphone and | ||
632 | speaker are not muted and, if you have multiple input/output devices, | ||
633 | that the correct device is being associated with GNUnet's audio tools. | ||
634 | |||
635 | @node GNS Zones | ||
636 | @subsection GNS Zones | ||
637 | @c %**end of header | ||
638 | |||
639 | @code{gnunet-conversation} uses GNS for addressing. This means that | ||
640 | you need to have a GNS zone created before using it. Information | ||
641 | about how to create GNS zones can be found here. | ||
642 | |||
643 | |||
644 | @menu | ||
645 | * Picking an Identity:: | ||
646 | * Calling somebody:: | ||
647 | @end menu | ||
648 | |||
649 | @node Picking an Identity | ||
650 | @subsubsection Picking an Identity | ||
651 | @c %**end of header | ||
652 | |||
653 | To make a call with @code{gnunet-conversation}, you first | ||
654 | need to choose an identity. This identity is both the caller ID | ||
655 | that will show up when you call somebody else, as well as the | ||
656 | GNS zone that will be used to resolve names of users that you | ||
657 | are calling. Usually, the @code{master-zone} is a reasonable | ||
658 | choice. Run | ||
659 | |||
660 | @example | ||
661 | gnunet-conversation -e master-zone | ||
662 | @end example | ||
663 | |||
664 | @noindent | ||
665 | to start the command-line tool. You will see a message saying | ||
666 | that your phone is now "active on line 0". You can connect | ||
667 | multiple phones on different lines at the same peer. For the | ||
668 | first phone, the line zero is of course a fine choice. | ||
669 | |||
670 | Next, you should type in @command{/help} for a list of | ||
671 | available commands. We will explain the important ones | ||
672 | during this tutorial. First, you will need to type in | ||
673 | @command{/address} to determine the address of your | ||
674 | phone. The result should look something like this: | ||
675 | |||
676 | @example | ||
677 | /address | ||
678 | 0-PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0 | ||
679 | @end example | ||
680 | |||
681 | @noindent | ||
682 | Here, the "0" is your phone line, and what follows | ||
683 | after the hyphen is your peer's identity. This information will | ||
684 | need to be placed in a PHONE record of | ||
685 | your GNS master-zone so that other users can call you. | ||
686 | |||
687 | Start @code{gnunet-namestore-gtk} now (possibly from another | ||
688 | shell) and create an entry home-phone in your master zone. | ||
689 | For the record type, select PHONE. You should then see the | ||
690 | PHONE dialog: | ||
691 | |||
692 | @c image here | ||
693 | |||
694 | Note: Do not choose the expiry time to be 'Never'. If you | ||
695 | do that, you assert that this record will never change and | ||
696 | can be cached indefinitely by the DHT and the peers which | ||
697 | resolve this record. A reasonable period is 1 year. | ||
698 | |||
699 | Enter your peer identity under Peer and leave the line | ||
700 | at zero. Select the first option to make the record public. | ||
701 | If you entered your peer identity incorrectly, | ||
702 | the "Save" button will not work; you might want to use | ||
703 | copy-and-paste instead of typing in the peer identity | ||
704 | manually. Save the record. | ||
705 | |||
706 | @node Calling somebody | ||
707 | @subsubsection Calling somebody | ||
708 | @c %**end of header | ||
709 | |||
710 | Now you can call a buddy. Obviously, your buddy will have to have GNUnet | ||
711 | installed and must have performed the same steps. Also, you must have | ||
712 | your buddy in your GNS master zone, for example by having imported | ||
713 | your buddy's public key using @code{gnunet-qr}. Suppose your buddy | ||
714 | is in your zone as @code{buddy.gnu} and they also created their | ||
715 | phone using a label "home-phone". Then you can initiate a call using: | ||
716 | |||
717 | @example | ||
718 | /call home-phone.buddy.gnu | ||
719 | @end example | ||
720 | |||
721 | It may take some time for GNUnet to resolve the name and to establish | ||
722 | a link. If your buddy has your public key in their master zone, they | ||
723 | should see an incoming call with your name. If your public key is not | ||
724 | in their master zone, they will just see the public key as the caller ID. | ||
725 | |||
726 | Your buddy then can answer the call using the "/accept" command. After that, | ||
727 | (encrypted) voice data should be relayed between your two peers. | ||
728 | Either of you can end the call using @command{/cancel}. You can exit | ||
729 | @code{gnunet-converation} using @command{/quit}. | ||
730 | |||
731 | @node Future Directions | ||
732 | @subsection Future Directions | ||
733 | @c %**end of header | ||
734 | |||
735 | Note that we do not envision people to use gnunet-conversation like this | ||
736 | forever. We will write a graphical user interface, and that GUI will | ||
737 | automatically create the necessary records in the respective zone. | ||
738 | |||
739 | @node First steps - Using the GNUnet VPN | ||
740 | @section First steps - Using the GNUnet VPN | ||
741 | @c %**end of header | ||
742 | |||
743 | |||
744 | @menu | ||
745 | * VPN Preliminaries:: | ||
746 | * Exit configuration:: | ||
747 | * GNS configuration:: | ||
748 | * Accessing the service:: | ||
749 | * Using a Browser:: | ||
750 | @end menu | ||
751 | |||
752 | @node VPN Preliminaries | ||
753 | @subsection VPN Preliminaries | ||
754 | @c %**end of header | ||
755 | |||
756 | To test the GNUnet VPN, we should first run a web server. | ||
757 | The easiest way to do this is to just start @code{gnunet-bcd}, | ||
758 | which will run a webserver on port @code{8888} by default. | ||
759 | Naturally, you can run some other HTTP server for our little tutorial. | ||
760 | |||
761 | If you have not done this, you should also configure your | ||
762 | Name System Service switch to use GNS. In your @code{/etc/nsswitch.conf} | ||
763 | you should fine a line like this: | ||
764 | |||
765 | @example | ||
766 | hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 | ||
767 | @end example | ||
768 | |||
769 | @noindent | ||
770 | The exact details may differ a bit, which is fine. Add the text | ||
771 | @code{gns [NOTFOUND=return]} after @code{files}: | ||
772 | |||
773 | @example | ||
774 | hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4 | ||
775 | @end example | ||
776 | |||
777 | @noindent | ||
778 | You might want to make sure that @code{/lib/libnss_gns.so.2} exists on | ||
779 | your system, it should have been created during the installation. | ||
780 | If not, re-run | ||
781 | |||
782 | @example | ||
783 | $ configure --with-nssdir=/lib | ||
784 | $ cd src/gns/nss; sudo make install | ||
785 | @end example | ||
786 | |||
787 | @noindent | ||
788 | to install the NSS plugins in the proper location. | ||
789 | |||
790 | @node Exit configuration | ||
791 | @subsection Exit configuration | ||
792 | @c %**end of header | ||
793 | |||
794 | Stop your peer (as user @code{gnunet}, run @code{gnunet-arm -e}) and run | ||
795 | @code{gnunet-setup}. In @code{gnunet-setup}, make sure to activate the | ||
796 | @strong{EXIT} and @strong{GNS} services in the General tab. Then select | ||
797 | the Exit tab. Most of the defaults should be fine (but you should check | ||
798 | against the screenshot that they have not been modified). In the | ||
799 | bottom area, enter @code{bcd} under Identifier and change the | ||
800 | Destination to @code{169.254.86.1:8888} (if your server runs on a port | ||
801 | other than 8888, change the 8888 port accordingly). | ||
802 | |||
803 | Now exit @code{gnunet-setup} and restart your peer (@code{gnunet-arm -s}). | ||
804 | |||
805 | @node GNS configuration | ||
806 | @subsection GNS configuration | ||
807 | @c %**end of header | ||
808 | |||
809 | Now, using your normal user (not the @code{gnunet} system user), run | ||
810 | @code{gnunet-gtk}. Select the GNS icon and add a new label www in your | ||
811 | master zone. For the record type, select @code{VPN}. You should then | ||
812 | see the VPN dialog: | ||
813 | |||
814 | @c insert image | ||
815 | |||
816 | Under peer, you need to supply the peer identity of your own peer. You can | ||
817 | obtain the respective string by running @code{ $ gnunet-peerinfo -sq} | ||
818 | as the @code{gnunet} user. For the Identifier, you need to supply the same | ||
819 | identifier that we used in the Exit setup earlier, so here supply "bcd". | ||
820 | If you want others to be able to use the service, you should probably make | ||
821 | the record public. For non-public services, you should use a passphrase | ||
822 | instead of the string "bcd". Save the record and exit @code{gnunet-gtk}. | ||
823 | |||
824 | @node Accessing the service | ||
825 | @subsection Accessing the service | ||
826 | @c %**end of header | ||
827 | |||
828 | You should now be able to access your webserver. Type in: | ||
829 | |||
830 | @example | ||
831 | $ wget http://www.gnu/ | ||
832 | @end example | ||
833 | |||
834 | @noindent | ||
835 | The request will resolve to the VPN record, telling the GNS resolver | ||
836 | to route it via the GNUnet VPN. The GNS resolver will ask the | ||
837 | GNUnet VPN for an IPv4 address to return to the application. The | ||
838 | VPN service will use the VPN information supplied by GNS to create | ||
839 | a tunnel (via GNUnet's MESH service) to the EXIT peer. | ||
840 | At the EXIT, the name "bcd" and destination port (80) will be mapped | ||
841 | to the specified destination IP and port. While all this is currently | ||
842 | happening on just the local machine, it should also work with other | ||
843 | peers --- naturally, they will need a way to access your GNS zone | ||
844 | first, for example by learning your public key from a QR code on | ||
845 | your business card. | ||
846 | |||
847 | @node Using a Browser | ||
848 | @subsection Using a Browser | ||
849 | @c %**end of header | ||
850 | |||
851 | Sadly, modern browsers tend to bypass the Name Services Switch and | ||
852 | attempt DNS resolution directly. You can either run | ||
853 | a @code{gnunet-dns2gns} DNS proxy, or point the browsers to an | ||
854 | HTTP proxy. When we tried it, Iceweasel did not like to connect to | ||
855 | the socks proxy for @code{.gnu} TLDs, even if we disabled its | ||
856 | autoblunder of changing @code{.gnu} to ".gnu.com". Still, | ||
857 | using the HTTP proxy with Chrome does work. | ||
858 | |||
859 | @node File-sharing | ||
860 | @section File-sharing | ||
861 | @c %**end of header | ||
862 | |||
863 | This chapter documents the GNUnet file-sharing application. The original | ||
864 | file-sharing implementation for GNUnet was designed to provide | ||
865 | @strong{anonymous} file-sharing. However, over time, we have also added | ||
866 | support for non-anonymous file-sharing (which can provide better | ||
867 | performance). Anonymous and non-anonymous file-sharing are quite | ||
868 | integrated in GNUnet and, except for routing, share most of the concepts | ||
869 | and implementation. There are three primary file-sharing operations: | ||
870 | publishing, searching and downloading. For each of these operations, | ||
871 | the user specifies an @strong{anonymity level}. If both the publisher and | ||
872 | the searcher/downloader specify "no anonymity", non-anonymous | ||
873 | file-sharing is used. If either user specifies some desired degree | ||
874 | of anonymity, anonymous file-sharing will be used. | ||
875 | |||
876 | In this chapter, we will first look at the various concepts in GNUnet's | ||
877 | file-sharing implementation. Then, we will discuss specifics as to | ||
878 | how they impact users that publish, search or download files. | ||
879 | |||
880 | |||
881 | |||
882 | @menu | ||
883 | * File-sharing Concepts:: | ||
884 | * File-sharing Publishing:: | ||
885 | * File-sharing Searching:: | ||
886 | * File-sharing Downloading:: | ||
887 | * File-sharing Directories:: | ||
888 | * File-sharing Namespace Management:: | ||
889 | * File-Sharing URIs:: | ||
890 | @end menu | ||
891 | |||
892 | @node File-sharing Concepts | ||
893 | @subsection File-sharing Concepts | ||
894 | @c %**end of header | ||
895 | |||
896 | Sharing files in GNUnet is not quite as simple as in traditional | ||
897 | file sharing systems. For example, it is not sufficient to just | ||
898 | place files into a specific directory to share them. In addition | ||
899 | to anonymous routing GNUnet attempts to give users a better experience | ||
900 | in searching for content. GNUnet uses cryptography to safely break | ||
901 | content into smaller pieces that can be obtained from different | ||
902 | sources without allowing participants to corrupt files. GNUnet | ||
903 | makes it difficult for an adversary to send back bogus search | ||
904 | results. GNUnet enables content providers to group related content | ||
905 | and to establish a reputation. Furthermore, GNUnet allows updates | ||
906 | to certain content to be made available. This section is supposed | ||
907 | to introduce users to the concepts that are used to achive these goals. | ||
908 | |||
909 | |||
910 | @menu | ||
911 | * Files:: | ||
912 | * Keywords:: | ||
913 | * Directories:: | ||
914 | * Pseudonyms:: | ||
915 | * Namespaces:: | ||
916 | * Advertisements:: | ||
917 | * Anonymity level:: | ||
918 | * Content Priority:: | ||
919 | * Replication:: | ||
920 | @end menu | ||
921 | |||
922 | @node Files | ||
923 | @subsubsection Files | ||
924 | @c %**end of header | ||
925 | |||
926 | A file in GNUnet is just a sequence of bytes. Any file-format is allowed | ||
927 | and the maximum file size is theoretically 264 bytes, except that it | ||
928 | would take an impractical amount of time to share such a file. | ||
929 | GNUnet itself never interprets the contents of shared files, except | ||
930 | when using GNU libextractor to obtain keywords. | ||
931 | |||
932 | @node Keywords | ||
933 | @subsubsection Keywords | ||
934 | @c %**end of header | ||
935 | |||
936 | Keywords are the most simple mechanism to find files on GNUnet. | ||
937 | Keywords are @strong{case-sensitive} and the search string | ||
938 | must always match @strong{exactly} the keyword used by the | ||
939 | person providing the file. Keywords are never transmitted in | ||
940 | plaintext. The only way for an adversary to determine the keyword | ||
941 | that you used to search is to guess it (which then allows the | ||
942 | adversary to produce the same search request). Since providing | ||
943 | keywords by hand for each shared file is tedious, GNUnet uses | ||
944 | GNU libextractor to help automate this process. Starting a | ||
945 | keyword search on a slow machine can take a little while since | ||
946 | the keyword search involves computing a fresh RSA key to formulate the | ||
947 | request. | ||
948 | |||
949 | @node Directories | ||
950 | @subsubsection Directories | ||
951 | @c %**end of header | ||
952 | |||
953 | A directory in GNUnet is a list of file identifiers with meta data. | ||
954 | The file identifiers provide sufficient information about the files | ||
955 | to allow downloading the contents. Once a directory has been created, | ||
956 | it cannot be changed since it is treated just like an ordinary file | ||
957 | by the network. Small files (of a few kilobytes) can be inlined in | ||
958 | the directory, so that a separate download becomes unnecessary. | ||
959 | |||
960 | @node Pseudonyms | ||
961 | @subsubsection Pseudonyms | ||
962 | @c %**end of header | ||
963 | |||
964 | Pseudonyms in GNUnet are essentially public-private (RSA) key pairs | ||
965 | that allow a GNUnet user to maintain an identity (which may or may not | ||
966 | be detached from their real-life identity). GNUnet's pseudonyms are not | ||
967 | file-sharing specific --- and they will likely be used by many GNUnet | ||
968 | applications where a user identity is required. | ||
969 | |||
970 | Note that a pseudonym is NOT bound to a GNUnet peer. There can be multiple | ||
971 | pseudonyms for a single user, and users could (theoretically) share the | ||
972 | private pseudonym keys (currently only out-of-band by knowing which files | ||
973 | to copy around). | ||
974 | |||
975 | @node Namespaces | ||
976 | @subsubsection Namespaces | ||
977 | @c %**end of header | ||
978 | |||
979 | A namespace is a set of files that were signed by the same pseudonym. | ||
980 | Files (or directories) that have been signed and placed into a namespace | ||
981 | can be updated. Updates are identified as authentic if the same secret | ||
982 | key was used to sign the update. Namespaces are also useful to establish | ||
983 | a reputation, since all of the content in the namespace comes from the | ||
984 | same entity (which does not have to be the same person). | ||
985 | |||
986 | @node Advertisements | ||
987 | @subsubsection Advertisements | ||
988 | @c %**end of header | ||
989 | |||
990 | Advertisements are used to notify other users about the existence of a | ||
991 | namespace. Advertisements are propagated using the normal keyword search. | ||
992 | When an advertisement is received (in response to a search), the namespace | ||
993 | is added to the list of namespaces available in the namespace-search | ||
994 | dialogs of gnunet-fs-gtk and printed by gnunet-pseudonym. Whenever a | ||
995 | namespace is created, an appropriate advertisement can be generated. | ||
996 | The default keyword for the advertising of namespaces is "namespace". | ||
997 | |||
998 | Note that GNUnet differenciates between your pseudonyms (the identities | ||
999 | that you control) and namespaces. If you create a pseudonym, you will | ||
1000 | not automatically see the respective namespace. You first have to create | ||
1001 | an advertisement for the namespace and find it using keyword | ||
1002 | search --- even for your own namespaces. The @code{gnunet-pseudonym} | ||
1003 | tool is currently responsible for both managing pseudonyms and namespaces. | ||
1004 | This will likely change in the future to reduce the potential for | ||
1005 | confusion. | ||
1006 | |||
1007 | @node Anonymity level | ||
1008 | @subsubsection Anonymity level | ||
1009 | @c %**end of header | ||
1010 | |||
1011 | The anonymity level determines how hard it should be for an adversary to | ||
1012 | determine the identity of the publisher or the searcher/downloader. An | ||
1013 | anonymity level of zero means that anonymity is not required. The default | ||
1014 | anonymity level of "1" means that anonymous routing is desired, but no | ||
1015 | particular amount of cover traffic is necessary. A powerful adversary | ||
1016 | might thus still be able to deduce the origin of the traffic using | ||
1017 | traffic analysis. Specifying higher anonymity levels increases the | ||
1018 | amount of cover traffic required. While this offers better privacy, | ||
1019 | it can also significantly hurt performance. | ||
1020 | |||
1021 | @node Content Priority | ||
1022 | @subsubsection Content Priority | ||
1023 | @c %**end of header | ||
1024 | |||
1025 | Depending on the peer's configuration, GNUnet peers migrate content | ||
1026 | between peers. Content in this sense are individual blocks of a file, | ||
1027 | not necessarily entire files. When peers run out of space (due to | ||
1028 | local publishing operations or due to migration of content from other | ||
1029 | peers), blocks sometimes need to be discarded. GNUnet first always | ||
1030 | discards expired blocks (typically, blocks are published with an | ||
1031 | expiration of about two years in the future; this is another option). | ||
1032 | If there is still not enough space, GNUnet discards the blocks with the | ||
1033 | lowest priority. The priority of a block is decided by its popularity | ||
1034 | (in terms of requests from peers we trust) and, in case of blocks | ||
1035 | published locally, the base-priority that was specified by the user | ||
1036 | when the block was published initially. | ||
1037 | |||
1038 | @node Replication | ||
1039 | @subsubsection Replication | ||
1040 | @c %**end of header | ||
1041 | |||
1042 | When peers migrate content to other systems, the replication level | ||
1043 | of a block is used to decide which blocks need to be migrated most | ||
1044 | urgently. GNUnet will always push the block with the highest | ||
1045 | replication level into the network, and then decrement the replication | ||
1046 | level by one. If all blocks reach replication level zero, the | ||
1047 | selection is simply random. | ||
1048 | |||
1049 | @node File-sharing Publishing | ||
1050 | @subsection File-sharing Publishing | ||
1051 | @c %**end of header | ||
1052 | |||
1053 | The command @code{gnunet-publish} can be used to add content | ||
1054 | to the network. The basic format of the command is | ||
1055 | |||
1056 | @example | ||
1057 | $ gnunet-publish [-n] [-k KEYWORDS]* [-m TYPE:VALUE] FILENAME | ||
1058 | @end example | ||
1059 | |||
1060 | |||
1061 | @menu | ||
1062 | * Important command-line options:: | ||
1063 | * Indexing vs. Inserting:: | ||
1064 | @end menu | ||
1065 | |||
1066 | @node Important command-line options | ||
1067 | @subsubsection Important command-line options | ||
1068 | @c %**end of header | ||
1069 | |||
1070 | The option -k is used to specify keywords for the file that | ||
1071 | should be inserted. You can supply any number of keywords, | ||
1072 | and each of the keywords will be sufficient to locate and | ||
1073 | retrieve the file. | ||
1074 | |||
1075 | The -m option is used to specify meta-data, such as descriptions. | ||
1076 | You can use -m multiple times. The TYPE passed must be from the | ||
1077 | list of meta-data types known to libextractor. You can obtain this | ||
1078 | list by running @code{extract -L}. Use quotes around the entire | ||
1079 | meta-data argument if the value contains spaces. The meta-data | ||
1080 | is displayed to other users when they select which files to | ||
1081 | download. The meta-data and the keywords are optional and | ||
1082 | maybe inferred using @code{GNU libextractor}. | ||
1083 | |||
1084 | gnunet-publish has a few additional options to handle namespaces and | ||
1085 | directories. See the man-page for details. | ||
1086 | |||
1087 | @node Indexing vs. Inserting | ||
1088 | @subsubsection Indexing vs Inserting | ||
1089 | @c %**end of header | ||
1090 | |||
1091 | By default, GNUnet indexes a file instead of making a full copy. | ||
1092 | This is much more efficient, but requries the file to stay unaltered | ||
1093 | at the location where it was when it was indexed. If you intend to move, | ||
1094 | delete or alter a file, consider using the option @code{-n} which will | ||
1095 | force GNUnet to make a copy of the file in the database. | ||
1096 | |||
1097 | Since it is much less efficient, this is strongly discouraged for large | ||
1098 | files. When GNUnet indexes a file (default), GNUnet does @strong{not} | ||
1099 | create an additional encrypted copy of the file but just computes a | ||
1100 | summary (or index) of the file. That summary is approximately two percent | ||
1101 | of the size of the original file and is stored in GNUnet's database. | ||
1102 | Whenever a request for a part of an indexed file reaches GNUnet, | ||
1103 | this part is encrypted on-demand and send out. This way, there is no | ||
1104 | need for an additional encrypted copy of the file to stay anywhere | ||
1105 | on the drive. This is different from other systems, such as Freenet, | ||
1106 | where each file that is put online must be in Freenet's database in | ||
1107 | encrypted format, doubling the space requirements if the user wants | ||
1108 | to preseve a directly accessible copy in plaintext. | ||
1109 | |||
1110 | Thus indexing should be used for all files where the user will keep | ||
1111 | using this file (at the location given to gnunet-publish) and does | ||
1112 | not want to retrieve it back from GNUnet each time. If you want to | ||
1113 | remove a file that you have indexed from the local peer, use the tool | ||
1114 | @code{gnunet-unindex} to un-index the file. | ||
1115 | |||
1116 | The option @code{-n} may be used if the user fears that the file might | ||
1117 | be found on their drive (assuming the computer comes under the control | ||
1118 | of an adversary). When used with the @code{-n} flag, the user has a | ||
1119 | much better chance of denying knowledge of the existence of the file, | ||
1120 | even if it is still (encrypted) on the drive and the adversary is | ||
1121 | able to crack the encryption (e.g. by guessing the keyword. | ||
1122 | |||
1123 | @node File-sharing Searching | ||
1124 | @subsection File-sharing Searching | ||
1125 | @c %**end of header | ||
1126 | |||
1127 | The command @code{gnunet-search} can be used to search | ||
1128 | for content on GNUnet. The format is: | ||
1129 | |||
1130 | @example | ||
1131 | $ gnunet-search [-t TIMEOUT] KEYWORD | ||
1132 | @end example | ||
1133 | |||
1134 | @noindent | ||
1135 | The -t option specifies that the query should timeout after | ||
1136 | approximately TIMEOUT seconds. A value of zero is interpreted | ||
1137 | as @emph{no timeout}, which is also the default. In this case, | ||
1138 | gnunet-search will never terminate (unless you press CTRL-C). | ||
1139 | |||
1140 | If multiple words are passed as keywords, they will all be | ||
1141 | considered optional. Prefix keywords with a "+" to make them mandatory. | ||
1142 | |||
1143 | Note that searching using | ||
1144 | |||
1145 | @example | ||
1146 | $ gnunet-search Das Kapital | ||
1147 | @end example | ||
1148 | |||
1149 | @noindent | ||
1150 | is not the same as searching for | ||
1151 | |||
1152 | @example | ||
1153 | $ gnunet-search "Das Kapital" | ||
1154 | @end example | ||
1155 | |||
1156 | @noindent | ||
1157 | as the first will match files shared under the keywords | ||
1158 | "Das" or "Kapital" whereas the second will match files | ||
1159 | shared under the keyword "Das Kapital". | ||
1160 | |||
1161 | Search results are printed by gnunet-search like this: | ||
1162 | |||
1163 | @example | ||
1164 | $ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...C92.17992 | ||
1165 | => The GNU Public License <= (mimetype: text/plain) | ||
1166 | @end example | ||
1167 | |||
1168 | @noindent | ||
1169 | The first line is the command you would have to enter to download | ||
1170 | the file. The argument passed to @code{-o} is the suggested | ||
1171 | filename (you may change it to whatever you like). | ||
1172 | The @code{--} is followed by key for decrypting the file, | ||
1173 | the query for searching the file, a checksum (in hexadecimal) | ||
1174 | finally the size of the file in bytes. | ||
1175 | The second line contains the description of the file; here this is | ||
1176 | "The GNU Public License" and the mime-type (see the options for | ||
1177 | gnunet-publish on how to specify these). | ||
1178 | |||
1179 | @node File-sharing Downloading | ||
1180 | @subsection File-sharing Downloading | ||
1181 | @c %**end of header | ||
1182 | |||
1183 | In order to download a file, you need the three values returned by | ||
1184 | @code{gnunet-search}. | ||
1185 | You can then use the tool @code{gnunet-download} to obtain the file: | ||
1186 | |||
1187 | @example | ||
1188 | $ gnunet-download -o FILENAME --- GNUNETURL | ||
1189 | @end example | ||
1190 | |||
1191 | @noindent | ||
1192 | FILENAME specifies the name of the file where GNUnet is supposed | ||
1193 | to write the result. Existing files are overwritten. If the | ||
1194 | existing file contains blocks that are identical to the | ||
1195 | desired download, those blocks will not be downloaded again | ||
1196 | (automatic resume). | ||
1197 | |||
1198 | If you want to download the GPL from the previous example, | ||
1199 | you do the following: | ||
1200 | |||
1201 | @example | ||
1202 | $ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...92.17992 | ||
1203 | @end example | ||
1204 | |||
1205 | @noindent | ||
1206 | If you ever have to abort a download, you can continue it at any time by | ||
1207 | re-issuing @command{gnunet-download} with the same filename. | ||
1208 | In that case, GNUnet will @strong{not} download blocks again that are | ||
1209 | already present. | ||
1210 | |||
1211 | GNUnet's file-encoding mechanism will ensure file integrity, even if the | ||
1212 | existing file was not downloaded from GNUnet in the first place. | ||
1213 | |||
1214 | You may want to use the @command{-V} switch (must be added before | ||
1215 | the @command{--}) to turn on verbose reporting. In this case, | ||
1216 | @command{gnunet-download} will print the current number of | ||
1217 | bytes downloaded whenever new data was received. | ||
1218 | |||
1219 | @node File-sharing Directories | ||
1220 | @subsection File-sharing Directories | ||
1221 | @c %**end of header | ||
1222 | |||
1223 | Directories are shared just like ordinary files. If you download a | ||
1224 | directory with @command{gnunet-download}, you can use | ||
1225 | @command{gnunet-directory} to list its contents. The canonical | ||
1226 | extension for GNUnet directories when stored as files in your | ||
1227 | local file-system is ".gnd". The contents of a directory are URIs and | ||
1228 | meta data. | ||
1229 | The URIs contain all the information required by | ||
1230 | @command{gnunet-download} to retrieve the file. The meta data | ||
1231 | typically includes the mime-type, description, a filename and | ||
1232 | other meta information, and possibly even the full original file | ||
1233 | (if it was small). | ||
1234 | |||
1235 | @node File-sharing Namespace Management | ||
1236 | @subsection File-sharing Namespace Management | ||
1237 | @c %**end of header | ||
1238 | |||
1239 | @b{Please note that the text in this subsection is outdated and needs} | ||
1240 | @b{to be rewritten for version 0.10!} | ||
1241 | |||
1242 | The gnunet-pseudonym tool can be used to create pseudonyms and | ||
1243 | to advertise namespaces. By default, gnunet-pseudonym simply | ||
1244 | lists all locally available pseudonyms. | ||
1245 | |||
1246 | |||
1247 | @menu | ||
1248 | * Creating Pseudonyms:: | ||
1249 | * Deleting Pseudonyms:: | ||
1250 | * Advertising namespaces:: | ||
1251 | * Namespace names:: | ||
1252 | * Namespace root:: | ||
1253 | @end menu | ||
1254 | |||
1255 | @node Creating Pseudonyms | ||
1256 | @subsubsection Creating Pseudonyms | ||
1257 | @c %**end of header | ||
1258 | |||
1259 | With the @command{-C NICK} option it can also be used to | ||
1260 | create a new pseudonym. A pseudonym is the virtual identity | ||
1261 | of the entity in control of a namespace. Anyone can create | ||
1262 | any number of pseudonyms. Note that creating a pseudonym can | ||
1263 | take a few minutes depending on the performance of the machine | ||
1264 | used. | ||
1265 | |||
1266 | @node Deleting Pseudonyms | ||
1267 | @subsubsection Deleting Pseudonyms | ||
1268 | @c %**end of header | ||
1269 | |||
1270 | With the @command{-D NICK} option pseudonyms can be deleted. | ||
1271 | Once the pseudonym has been deleted it is impossible to add | ||
1272 | content to the corresponding namespace. Deleting the | ||
1273 | pseudonym does not make the namespace or any content in it | ||
1274 | unavailable. | ||
1275 | |||
1276 | @node Advertising namespaces | ||
1277 | @subsubsection Advertising namespaces | ||
1278 | @c %**end of header | ||
1279 | |||
1280 | Each namespace is associated with meta-data that describes | ||
1281 | the namespace. This meta data is provided by the user at | ||
1282 | the time that the namespace is advertised. Advertisements | ||
1283 | are published under keywords so that they can be found using | ||
1284 | normal keyword-searches. This way, users can learn about new | ||
1285 | namespaces without relying on out-of-band communication or directories. | ||
1286 | A suggested keyword to use for all namespaces is simply "namespace". | ||
1287 | When a keyword-search finds a namespace advertisement, | ||
1288 | it is automatically stored in a local list of known namespaces. | ||
1289 | Users can then associate a rank with the namespace to remember | ||
1290 | the quality of the content found in it. | ||
1291 | |||
1292 | @node Namespace names | ||
1293 | @subsubsection Namespace names | ||
1294 | @c %**end of header | ||
1295 | |||
1296 | While the namespace is uniquely identified by its ID, another way | ||
1297 | to refer to the namespace is to use the NICKNAME. | ||
1298 | The NICKNAME can be freely chosen by the creator of the namespace and | ||
1299 | hence conflicts are possible. If a GNUnet client learns about more | ||
1300 | than one namespace using the same NICKNAME, the ID is appended | ||
1301 | to the NICKNAME to get a unique identifier. | ||
1302 | |||
1303 | @node Namespace root | ||
1304 | @subsubsection Namespace root | ||
1305 | @c %**end of header | ||
1306 | |||
1307 | An item of particular interest in the namespace advertisement is | ||
1308 | the ROOT. The ROOT is the identifier of a designated entry in the | ||
1309 | namespace. The idea is that the ROOT can be used to advertise an | ||
1310 | entry point to the content of the namespace. | ||
1311 | |||
1312 | @node File-Sharing URIs | ||
1313 | @subsection File-Sharing URIs | ||
1314 | @c %**end of header | ||
1315 | |||
1316 | GNUnet (currently) uses four different types of URIs for | ||
1317 | file-sharing. They all begin with "gnunet://fs/". | ||
1318 | This section describes the four different URI types in detail. | ||
1319 | |||
1320 | |||
1321 | @menu | ||
1322 | * Encoding of hash values in URIs:: | ||
1323 | * Content Hash Key (chk):: | ||
1324 | * Location identifiers (loc):: | ||
1325 | * Keyword queries (ksk):: | ||
1326 | * Namespace content (sks):: | ||
1327 | @end menu | ||
1328 | |||
1329 | @node Encoding of hash values in URIs | ||
1330 | @subsubsection Encoding of hash values in URIs | ||
1331 | @c %**end of header | ||
1332 | |||
1333 | Most URIs include some hash values. Hashes are encoded using | ||
1334 | base32hex (RFC 2938). | ||
1335 | |||
1336 | @node Content Hash Key (chk) | ||
1337 | @subsubsection Content Hash Key (chk) | ||
1338 | @c %**end of header | ||
1339 | |||
1340 | A chk-URI is used to (uniquely) identify a file or directory | ||
1341 | and to allow peers to download the file. Files are stored in | ||
1342 | GNUnet as a tree of encrypted blocks. | ||
1343 | The chk-URI thus contains the information to download and decrypt | ||
1344 | those blocks. A chk-URI has the format | ||
1345 | "gnunet://fs/chk/KEYHASH.QUERYHASH.SIZE". Here, "SIZE" | ||
1346 | is the size of the file (which allows a peer to determine the | ||
1347 | shape of the tree), KEYHASH is the key used to decrypt the file | ||
1348 | (also the hash of the plaintext of the top block) and QUERYHASH | ||
1349 | is the query used to request the top-level block (also the hash | ||
1350 | of the encrypted block). | ||
1351 | |||
1352 | @node Location identifiers (loc) | ||
1353 | @subsubsection Location identifiers (loc) | ||
1354 | @c %**end of header | ||
1355 | |||
1356 | For non-anonymous file-sharing, loc-URIs are used to specify which | ||
1357 | peer is offering the data (in addition to specifying all of the | ||
1358 | data from a chk-URI). Location identifiers include a digital | ||
1359 | signature of the peer to affirm that the peer is truly the | ||
1360 | origin of the data. The format is | ||
1361 | "gnunet://fs/loc/KEYHASH.QUERYHASH.SIZE.PEER.SIG.EXPTIME". | ||
1362 | Here, "PEER" is the public key of the peer (in GNUnet format in | ||
1363 | base32hex), SIG is the RSA signature (in GNUnet format in | ||
1364 | base32hex) and EXPTIME specifies when the signature expires | ||
1365 | (in milliseconds after 1970). | ||
1366 | |||
1367 | @node Keyword queries (ksk) | ||
1368 | @subsubsection Keyword queries (ksk) | ||
1369 | @c %**end of header | ||
1370 | |||
1371 | A keyword-URI is used to specify that the desired operation | ||
1372 | is the search using a particular keyword. The format is simply | ||
1373 | "gnunet://fs/ksk/KEYWORD". Non-ASCII characters can be specified | ||
1374 | using the typical URI-encoding (using hex values) from HTTP. | ||
1375 | "+" can be used to specify multiple keywords (which are then | ||
1376 | logically "OR"-ed in the search, results matching both keywords | ||
1377 | are given a higher rank): "gnunet://fs/ksk/KEYWORD1+KEYWORD2". | ||
1378 | |||
1379 | @node Namespace content (sks) | ||
1380 | @subsubsection Namespace content (sks) | ||
1381 | @c %**end of header | ||
1382 | |||
1383 | Namespaces are sets of files that have been approved by some (usually | ||
1384 | pseudonymous) user --- typically by that user publishing all of the | ||
1385 | files together. A file can be in many namespaces. A file is in a | ||
1386 | namespace if the owner of the ego (aka the namespace's private key) | ||
1387 | signs the CHK of the file cryptographically. An SKS-URI is used to | ||
1388 | search a namespace. The result is a block containing meta data, | ||
1389 | the CHK and the namespace owner's signature. The format of a sks-URI | ||
1390 | is "gnunet://fs/sks/NAMESPACE/IDENTIFIER". Here, "NAMESPACE" | ||
1391 | is the public key for the namespace. "IDENTIFIER" is a freely | ||
1392 | chosen keyword (or password!). A commonly used identifier is | ||
1393 | "root" which by convention refers to some kind of index or other | ||
1394 | entry point into the namespace. | ||
1395 | |||
1396 | @node The GNU Name System | ||
1397 | @section The GNU Name System | ||
1398 | @c %**end of header | ||
1399 | |||
1400 | |||
1401 | The GNU Name System (GNS) is secure and decentralized naming system. | ||
1402 | It allows its users to resolve and register names within the @code{.gnu} | ||
1403 | @dfn{top-level domain} (TLD). | ||
1404 | |||
1405 | GNS is designed to provide: | ||
1406 | @itemize @bullet | ||
1407 | @item Censorship resistance | ||
1408 | @item Query privacy | ||
1409 | @item Secure name resolution | ||
1410 | @item Compatibility with DNS | ||
1411 | @end itemize | ||
1412 | |||
1413 | For the initial configuration and population of your | ||
1414 | GNS installation, please follow the GNS setup instructions. | ||
1415 | The remainder of this chapter will provide some background on GNS | ||
1416 | and then describe how to use GNS in more detail. | ||
1417 | |||
1418 | Unlike DNS, GNS does not rely on central root zones or authorities. | ||
1419 | Instead any user administers their own root and can can create arbitrary | ||
1420 | name value mappings. Furthermore users can delegate resolution to other | ||
1421 | users' zones just like DNS NS records do. Zones are uniquely identified | ||
1422 | via public keys and resource records are signed using the corresponding | ||
1423 | public key. Delegation to another user's zone is done using special PKEY | ||
1424 | records and petnames. A petname is a name that can be freely chosen by | ||
1425 | the user. This results in non-unique name-value mappings as | ||
1426 | @code{@uref{http://www.bob.gnu/, www.bob.gnu}} to one user might be | ||
1427 | @code{@uref{http://www.friend.gnu/, www.friend.gnu}} for someone else. | ||
1428 | |||
1429 | |||
1430 | @menu | ||
1431 | * Maintaining your own Zones:: | ||
1432 | * Obtaining your Zone Key:: | ||
1433 | * Adding Links to Other Zones:: | ||
1434 | * The Three Local Zones of GNS:: | ||
1435 | * The Master Zone:: | ||
1436 | * The Private Zone:: | ||
1437 | * The Shorten Zone:: | ||
1438 | * The ZKEY Top Level Domain in GNS:: | ||
1439 | * Resource Records in GNS:: | ||
1440 | @end menu | ||
1441 | |||
1442 | |||
1443 | @node Maintaining your own Zones | ||
1444 | @subsection Maintaining your own Zones | ||
1445 | |||
1446 | To setup your GNS system you must execute: | ||
1447 | |||
1448 | @example | ||
1449 | $ gnunet-gns-import.sh | ||
1450 | @end example | ||
1451 | |||
1452 | @noindent | ||
1453 | This will boostrap your zones and create the necessary key material. | ||
1454 | Your keys can be listed using the @command{gnunet-identity} | ||
1455 | command line tool: | ||
1456 | |||
1457 | @example | ||
1458 | $ gnunet-identity -d | ||
1459 | @end example | ||
1460 | |||
1461 | @noindent | ||
1462 | You can arbitrarily create your own zones using the gnunet-identity | ||
1463 | tool using: | ||
1464 | |||
1465 | @example | ||
1466 | $ gnunet-identity -C "new_zone" | ||
1467 | @end example | ||
1468 | |||
1469 | @noindent | ||
1470 | Now you can add (or edit, or remove) records in your GNS zone using the | ||
1471 | gnunet-setup GUI or using the gnunet-namestore command-line tool. | ||
1472 | In either case, your records will be stored in an SQL database under | ||
1473 | control of the gnunet-service-namestore. Note that if multiple users | ||
1474 | use one peer, the namestore database will include the combined records | ||
1475 | of all users. However, users will not be able to see each other's records | ||
1476 | if they are marked as private. | ||
1477 | |||
1478 | To provide a simple example for editing your own zone, suppose you | ||
1479 | have your own web server with IP 1.2.3.4. Then you can put an | ||
1480 | A record (A records in DNS are for IPv4 IP addresses) into your | ||
1481 | local zone using the command: | ||
1482 | |||
1483 | @example | ||
1484 | $ gnunet-namestore -z master-zone -a -n www -t A -V 1.2.3.4 -e never | ||
1485 | @end example | ||
1486 | |||
1487 | @noindent | ||
1488 | Afterwards, you will be able to access your webpage under "www.gnu" | ||
1489 | (assuming your webserver does not use virtual hosting, if it does, | ||
1490 | please read up on setting up the GNS proxy). | ||
1491 | |||
1492 | Similar commands will work for other types of DNS and GNS records, | ||
1493 | the syntax largely depending on the type of the record. | ||
1494 | Naturally, most users may find editing the zones using the | ||
1495 | @command{gnunet-setup} GUI to be easier. | ||
1496 | |||
1497 | @node Obtaining your Zone Key | ||
1498 | @subsection Obtaining your Zone Key | ||
1499 | |||
1500 | Each zone in GNS has a public-private key. Usually, gnunet-namestore and | ||
1501 | gnunet-setup will access your private key as necessary, so you do not | ||
1502 | have to worry about those. What is important is your public key | ||
1503 | (or rather, the hash of your public key), as you will likely want to | ||
1504 | give it to others so that they can securely link to you. | ||
1505 | |||
1506 | You can usually get the hash of your public key using | ||
1507 | |||
1508 | @example | ||
1509 | $ gnunet-identity -d $options | grep master-zone | awk '@{print $3@}' | ||
1510 | @end example | ||
1511 | |||
1512 | @noindent | ||
1513 | For example, the output might be something like: | ||
1514 | |||
1515 | @example | ||
1516 | DC3SEECJORPHQNVRH965A6N74B1M37S721IG4RBQ15PJLLPJKUE0 | ||
1517 | @end example | ||
1518 | |||
1519 | @noindent | ||
1520 | Alternatively, you can obtain a QR code with your zone key AND | ||
1521 | your pseudonym from gnunet-gtk. The QR code is displayed in the | ||
1522 | GNS tab and can be stored to disk using the Save as button next | ||
1523 | to the image. | ||
1524 | |||
1525 | @node Adding Links to Other Zones | ||
1526 | @subsection Adding Links to Other Zones | ||
1527 | |||
1528 | |||
1529 | A central operation in GNS is the ability to securely delegate to | ||
1530 | other zones. Basically, by adding a delegation you make all of the | ||
1531 | names from the other zone available to yourself. This section | ||
1532 | describes how to create delegations. | ||
1533 | |||
1534 | Suppose you have a friend who you call 'bob' who also uses GNS. | ||
1535 | You can then delegate resolution of names to Bob's zone by adding | ||
1536 | a PKEY record to their local zone: | ||
1537 | |||
1538 | @example | ||
1539 | $ gnunet-namestore -a -n bob --type PKEY -V XXXX -e never | ||
1540 | @end example | ||
1541 | |||
1542 | @noindent | ||
1543 | Note that XXXX in the command above must be replaced with the | ||
1544 | hash of Bob's public key (the output your friend obtained using | ||
1545 | the gnunet-identity command from the previous section and told you, | ||
1546 | for example by giving you a business card containing this | ||
1547 | information as a QR code). | ||
1548 | |||
1549 | Assuming Bob has an A record for their website under the name of | ||
1550 | www in his zone, you can then access Bob's website under | ||
1551 | www.bob.gnu --- as well as any (public) GNS record that Bob has | ||
1552 | in their zone by replacing www with the respective name of the | ||
1553 | record in Bob's zone. | ||
1554 | |||
1555 | @c themselves? themself? | ||
1556 | Furthermore, if Bob has themselves a (public) delegation to Carol's | ||
1557 | zone under "carol", you can access Carol's records under | ||
1558 | NAME.carol.bob.gnu (where NAME is the name of Carol's record you | ||
1559 | want to access). | ||
1560 | |||
1561 | @node The Three Local Zones of GNS | ||
1562 | @subsection The Three Local Zones of GNS | ||
1563 | |||
1564 | Each user GNS has control over three zones. Each of the zones | ||
1565 | has a different purpose. These zones are the | ||
1566 | |||
1567 | @itemize @bullet | ||
1568 | |||
1569 | @item master zone, | ||
1570 | @item private zone, and the | ||
1571 | @item shorten zone. | ||
1572 | @end itemize | ||
1573 | |||
1574 | @node The Master Zone | ||
1575 | @subsection The Master Zone | ||
1576 | |||
1577 | |||
1578 | The master zone is your personal TLD. Names within the @code{.gnu} | ||
1579 | namespace are resolved relative to this zone. You can arbitrarily | ||
1580 | add records to this zone and selectively publish those records. | ||
1581 | |||
1582 | @node The Private Zone | ||
1583 | @subsection The Private Zone | ||
1584 | |||
1585 | |||
1586 | The private zone is a subzone (or subdomain in DNS terms) of your | ||
1587 | master zone. It should be used for records that you want to keep | ||
1588 | private. For example @code{bank.private.gnu}. The key idea is that | ||
1589 | you want to keep your private records separate, if just to know | ||
1590 | that those names are not available to other users. | ||
1591 | |||
1592 | @node The Shorten Zone | ||
1593 | @subsection The Shorten Zone | ||
1594 | |||
1595 | |||
1596 | The shorten zone can either be a subzone of the master zone or the | ||
1597 | private zone. It is different from the other zones in that GNS | ||
1598 | will automatically populate this zone with other users' zones based | ||
1599 | on their PSEU records whenever you resolve a name. | ||
1600 | |||
1601 | For example if you go to | ||
1602 | @code{@uref{http://www.bob.alice.dave.gnu/, www.bob.alice.dave.gnu}}, | ||
1603 | GNS will try to import @code{bob} into your shorten zone. Having | ||
1604 | obtained Bob's PKEY from @code{alice.dave.gnu}, GNS will lookup the | ||
1605 | PSEU record for @code{+} in Bob's zone. If it exists and the specified | ||
1606 | pseudonym is not taken, Bob's PKEY will be automatically added under | ||
1607 | that pseudonym (i.e. "bob") into your shorten zone. From then on, | ||
1608 | Bob's webpage will also be available for you as | ||
1609 | @code{@uref{http://www.bob.short.gnu/, www.bob.short.gnu}}. | ||
1610 | This feature is called @b{automatic name shortening} and is supposed to | ||
1611 | keep GNS names as short and memorable as possible. | ||
1612 | |||
1613 | @node The ZKEY Top Level Domain in GNS | ||
1614 | @subsection The ZKEY Top Level Domain in GNS | ||
1615 | |||
1616 | |||
1617 | GNS also provides a secure and globally unique namespace under the .zkey | ||
1618 | top-level domain. A name in the .zkey TLD corresponds to the (printable) | ||
1619 | public key of a zone. Names in the .zkey TLD are then resolved by querying | ||
1620 | the respective zone. The .zkey TLD is expected to be used under rare | ||
1621 | circumstances where globally unique names are required and for | ||
1622 | integration with legacy systems. | ||
1623 | |||
1624 | @node Resource Records in GNS | ||
1625 | @subsection Resource Records in GNS | ||
1626 | |||
1627 | |||
1628 | GNS supports the majority of the DNS records as defined in | ||
1629 | @uref{http://www.ietf.org/rfc/rfc1035.txt, RFC 1035}. Additionally, | ||
1630 | GNS defines some new record types the are unique to the GNS system. | ||
1631 | For example, GNS-specific resource records are used to give petnames | ||
1632 | for zone delegation, revoke zone keys and provide some compatibility | ||
1633 | features. | ||
1634 | |||
1635 | For some DNS records, GNS does extended processing to increase their | ||
1636 | usefulness in GNS. In particular, GNS introduces special names | ||
1637 | referred to as "zone relative names". Zone relative names are allowed | ||
1638 | in some resource record types (for example, in NS and CNAME records) | ||
1639 | and can also be used in links on webpages. Zone relative names end | ||
1640 | in ".+" which indicates that the name needs to be resolved relative | ||
1641 | to the current authoritative zone. The extended processing of those | ||
1642 | names will expand the ".+" with the correct delegation chain to the | ||
1643 | authoritative zone (replacing ".+" with the name of the location | ||
1644 | where the name was encountered) and hence generate a | ||
1645 | valid @code{.gnu} name. | ||
1646 | |||
1647 | GNS currently supports the following record types: | ||
1648 | |||
1649 | @menu | ||
1650 | * NICK:: | ||
1651 | * PKEY:: | ||
1652 | * BOX:: | ||
1653 | * LEHO:: | ||
1654 | * VPN:: | ||
1655 | * A AAAA and TXT:: | ||
1656 | * CNAME:: | ||
1657 | * GNS2DNS:: | ||
1658 | * SOA SRV PTR and MX:: | ||
1659 | @end menu | ||
1660 | |||
1661 | @node NICK | ||
1662 | @subsubsection NICK | ||
1663 | |||
1664 | A NICK record is used to give a zone a name. With a NICK record, you can | ||
1665 | essentially specify how you would like to be called. GNS expects this | ||
1666 | record under the name "+" in the zone's database (NAMESTORE); however, | ||
1667 | it will then automatically be copied into each record set, so that | ||
1668 | clients never need to do a separate lookup to discover the NICK record. | ||
1669 | |||
1670 | @b{Example}@ | ||
1671 | |||
1672 | @example | ||
1673 | Name: +; RRType: NICK; Value: bob | ||
1674 | @end example | ||
1675 | |||
1676 | @noindent | ||
1677 | This record in Bob's zone will tell other users that this zone wants | ||
1678 | to be referred to as 'bob'. Note that nobody is obliged to call Bob's | ||
1679 | zone 'bob' in their own zones. It can be seen as a | ||
1680 | recommendation ("Please call me 'bob'"). | ||
1681 | |||
1682 | @node PKEY | ||
1683 | @subsubsection PKEY | ||
1684 | |||
1685 | PKEY records are used to add delegation to other users' zones and | ||
1686 | give those zones a petname. | ||
1687 | |||
1688 | @b{Example}@ | ||
1689 | |||
1690 | Let Bob's zone be identified by the hash "ABC012". Bob is your friend | ||
1691 | so you want to give them the petname "friend". Then you add the | ||
1692 | following record to your zone: | ||
1693 | |||
1694 | @example | ||
1695 | Name: friend; RRType: PKEY; Value: ABC012; | ||
1696 | @end example | ||
1697 | |||
1698 | @noindent | ||
1699 | This will allow you to resolve records in bob's zone | ||
1700 | under "*.friend.gnu". | ||
1701 | |||
1702 | @node BOX | ||
1703 | @subsubsection BOX | ||
1704 | |||
1705 | BOX records are there to integrate information from TLSA or | ||
1706 | SRV records under the main label. In DNS, TLSA and SRV records | ||
1707 | use special names of the form @code{_port._proto.(label.)*tld} to | ||
1708 | indicate the port number and protocol (i.e. tcp or udp) for which | ||
1709 | the TLSA or SRV record is valid. This causes various problems, and | ||
1710 | is elegantly solved in GNS by integrating the protocol and port | ||
1711 | numbers together with the respective value into a "BOX" record. | ||
1712 | Note that in the GUI, you do not get to edit BOX records directly | ||
1713 | right now --- the GUI will provide the illusion of directly | ||
1714 | editing the TLSA and SRV records, even though they internally | ||
1715 | are BOXed up. | ||
1716 | |||
1717 | @node LEHO | ||
1718 | @subsubsection LEHO | ||
1719 | |||
1720 | The LEgacy HOstname of a server. Some webservers expect a specific | ||
1721 | hostname to provide a service (virtiual hosting). Also SSL | ||
1722 | certificates usually contain DNS names. To provide the expected | ||
1723 | legacy DNS name for a server, the LEHO record can be used. | ||
1724 | To mitigate the just mentioned issues the GNS proxy has to be used. | ||
1725 | The GNS proxy will use the LEHO information to apply the necessary | ||
1726 | transformations. | ||
1727 | |||
1728 | @node VPN | ||
1729 | @subsubsection VPN | ||
1730 | |||
1731 | GNS allows easy access to services provided by the GNUnet Virtual Public | ||
1732 | Network. When the GNS resolver encounters a VPN record it will contact | ||
1733 | the VPN service to try and allocate an IPv4/v6 address (if the queries | ||
1734 | record type is an IP address) that can be used to contact the service. | ||
1735 | |||
1736 | @b{Example}@ | ||
1737 | |||
1738 | I want to provide access to the VPN service "web.gnu." on port 80 on peer | ||
1739 | ABC012:@ | ||
1740 | Name: www; RRType: VPN; Value: 80 ABC012 web.gnu. | ||
1741 | |||
1742 | The peer ABC012 is configured to provide an exit point for the service | ||
1743 | "web.gnu." on port 80 to it's server running locally on port 8080 by | ||
1744 | having the following lines in the @file{gnunet.conf} configuration file: | ||
1745 | |||
1746 | @example | ||
1747 | [web.gnunet.] | ||
1748 | TCP_REDIRECTS = 80:localhost4:8080 | ||
1749 | @end example | ||
1750 | |||
1751 | @node A AAAA and TXT | ||
1752 | @subsubsection A AAAA and TXT | ||
1753 | |||
1754 | Those records work in exactly the same fashion as in traditional DNS. | ||
1755 | |||
1756 | @node CNAME | ||
1757 | @subsubsection CNAME | ||
1758 | |||
1759 | As specified in RFC 1035 whenever a CNAME is encountered the query | ||
1760 | needs to be restarted with the specified name. In GNS a CNAME | ||
1761 | can either be: | ||
1762 | |||
1763 | @itemize @bullet | ||
1764 | @item A zone relative name, | ||
1765 | @item A zkey name or | ||
1766 | @item A DNS name (in which case resolution will continue outside | ||
1767 | of GNS with the systems DNS resolver) | ||
1768 | @end itemize | ||
1769 | |||
1770 | @node GNS2DNS | ||
1771 | @subsubsection GNS2DNS | ||
1772 | |||
1773 | GNS can delegate authority to a legacy DNS zone. For this, the | ||
1774 | name of the DNS nameserver and the name of the DNS zone are | ||
1775 | specified in a GNS2DNS record. | ||
1776 | |||
1777 | @b{Example} | ||
1778 | |||
1779 | @example | ||
1780 | Name: pet; RRType: GNS2DNS; Value: gnunet.org@@a.ns.joker.com | ||
1781 | @end example | ||
1782 | |||
1783 | @noindent | ||
1784 | Any query to @code{pet.gnu} will then be delegated to the DNS server at | ||
1785 | @code{a.ns.joker.com}. For example, | ||
1786 | @code{@uref{http://www.pet.gnu/, www.pet.gnu}} will result in a DNS query | ||
1787 | for @code{@uref{http://www.gnunet.org/, www.gnunet.org}} to the server | ||
1788 | at @code{a.ns.joker.com}. Delegation to DNS via NS records in GNS can | ||
1789 | be useful if you do not want to start resolution in the DNS root zone | ||
1790 | (due to issues such as censorship or availability). | ||
1791 | |||
1792 | Note that you would typically want to use a relative name for the | ||
1793 | nameserver, i.e. | ||
1794 | |||
1795 | @example | ||
1796 | Name: pet; RRType: GNS2DNS; Value: gnunet.org@@ns-joker.+@ | ||
1797 | Name: ns-joker; RRType: A; Value: 184.172.157.218 | ||
1798 | @end example | ||
1799 | |||
1800 | @noindent | ||
1801 | This way, you can avoid involving the DNS hierarchy in the resolution of | ||
1802 | @code{a.ns.joker.com}. In the example above, the problem may not be | ||
1803 | obvious as the nameserver for "gnunet.org" is in the ".com" zone. | ||
1804 | However, imagine the nameserver was "ns.gnunet.org". In this case, | ||
1805 | delegating to "ns.gnunet.org" would mean that despite using GNS, | ||
1806 | censorship in the DNS ".org" zone would still be effective. | ||
1807 | |||
1808 | @node SOA SRV PTR and MX | ||
1809 | @subsubsection SOA SRV PTR and MX | ||
1810 | |||
1811 | The domain names in those records can, again, be either | ||
1812 | |||
1813 | @itemize @bullet | ||
1814 | @item A zone relative name, | ||
1815 | @item A zkey name or | ||
1816 | @item A DNS name | ||
1817 | @end itemize | ||
1818 | |||
1819 | The resolver will expand the zone relative name if possible. | ||
1820 | Note that when using MX records within GNS, the target mail | ||
1821 | server might still refuse to accept e-mails to the resulting | ||
1822 | domain as the name might not match. GNS-enabled mail clients | ||
1823 | should use the ZKEY zone as the destination hostname and | ||
1824 | GNS-enabled mail servers should be configured to accept | ||
1825 | e-mails to the ZKEY-zones of all local users. | ||
1826 | |||
1827 | @node Using the Virtual Public Network | ||
1828 | @section Using the Virtual Public Network | ||
1829 | |||
1830 | @menu | ||
1831 | * Setting up an Exit node:: | ||
1832 | * Fedora and the Firewall:: | ||
1833 | * Setting up VPN node for protocol translation and tunneling:: | ||
1834 | @end menu | ||
1835 | |||
1836 | Using the GNUnet Virtual Public Network (VPN) application you can | ||
1837 | tunnel IP traffic over GNUnet. Moreover, the VPN comes | ||
1838 | with built-in protocol translation and DNS-ALG support, enabling | ||
1839 | IPv4-to-IPv6 protocol translation (in both directions). | ||
1840 | This chapter documents how to use the GNUnet VPN. | ||
1841 | |||
1842 | The first thing to note about the GNUnet VPN is that it is a public | ||
1843 | network. All participating peers can participate and there is no | ||
1844 | secret key to control access. So unlike common virtual private | ||
1845 | networks, the GNUnet VPN is not useful as a means to provide a | ||
1846 | "private" network abstraction over the Internet. The GNUnet VPN | ||
1847 | is a virtual network in the sense that it is an overlay over the | ||
1848 | Internet, using its own routing mechanisms and can also use an | ||
1849 | internal addressing scheme. The GNUnet VPN is an Internet | ||
1850 | underlay --- TCP/IP applications run on top of it. | ||
1851 | |||
1852 | The VPN is currently only supported on GNU/Linux systems. | ||
1853 | Support for operating systems that support TUN (such as FreeBSD) | ||
1854 | should be easy to add (or might not even require any coding at | ||
1855 | all --- we just did not test this so far). Support for other | ||
1856 | operating systems would require re-writing the code to create virtual | ||
1857 | network interfaces and to intercept DNS requests. | ||
1858 | |||
1859 | The VPN does not provide good anonymity. While requests are routed | ||
1860 | over the GNUnet network, other peers can directly see the source | ||
1861 | and destination of each (encapsulated) IP packet. Finally, if you | ||
1862 | use the VPN to access Internet services, the peer sending the | ||
1863 | request to the Internet will be able to observe and even alter | ||
1864 | the IP traffic. We will discuss additional security implications | ||
1865 | of using the VPN later in this chapter. | ||
1866 | |||
1867 | @node Setting up an Exit node | ||
1868 | @subsection Setting up an Exit node | ||
1869 | |||
1870 | Any useful operation with the VPN requires the existence of an exit | ||
1871 | node in the GNUnet Peer-to-Peer network. Exit functionality can only | ||
1872 | be enabled on peers that have regular Internet access. If you want | ||
1873 | to play around with the VPN or support the network, we encourage | ||
1874 | you to setup exit nodes. This chapter documents how to setup an | ||
1875 | exit node. | ||
1876 | |||
1877 | There are four types of exit functions an exit node can provide, | ||
1878 | and using the GNUnet VPN to access the Internet will only work | ||
1879 | nicely if the first three types are provided somewhere in | ||
1880 | the network. The four exit functions are: | ||
1881 | |||
1882 | @itemize @bullet | ||
1883 | @item DNS: allow other peers to use your DNS resolver | ||
1884 | @item IPv4: allow other peers to access your IPv4 Internet connection | ||
1885 | @item IPv6: allow other peers to access your IPv6 Internet connection | ||
1886 | @item Local service: allow other peers to access a specific TCP or | ||
1887 | UDP service your peer is providing | ||
1888 | @end itemize | ||
1889 | |||
1890 | By enabling "exit" in gnunet-setup and checking the respective boxes | ||
1891 | in the "exit" tab, you can easily choose which of the above exit | ||
1892 | functions you want to support. | ||
1893 | |||
1894 | Note, however, that by supporting the first three functions you will | ||
1895 | allow arbitrary other GNUnet users to access the Internet via your | ||
1896 | system. This is somewhat similar to running a Tor exit node. The | ||
1897 | Torproject has a nice article about what to consider if you want | ||
1898 | to do this here. We believe that generally running a DNS exit node | ||
1899 | is completely harmless. | ||
1900 | |||
1901 | The exit node configuration does currently not allow you to restrict the | ||
1902 | Internet traffic that leaves your system. In particular, you cannot | ||
1903 | exclude SMTP traffic (or block port 25) or limit to HTTP traffic using | ||
1904 | the GNUnet configuration. However, you can use your host firewall to | ||
1905 | restrict outbound connections from the virtual tunnel interface. This | ||
1906 | is highly recommended. In the future, we plan to offer a wider range | ||
1907 | of configuration options for exit nodes. | ||
1908 | |||
1909 | Note that by running an exit node GNUnet will configure your kernel | ||
1910 | to perform IP-forwarding (for IPv6) and NAT (for IPv4) so that the | ||
1911 | traffic from the virtual interface can be routed to the Internet. | ||
1912 | In order to provide an IPv6-exit, you need to have a subnet routed | ||
1913 | to your host's external network interface and assign a subrange of | ||
1914 | that subnet to the GNUnet exit's TUN interface. | ||
1915 | |||
1916 | When running a local service, you should make sure that the local | ||
1917 | service is (also) bound to the IP address of your EXIT interface | ||
1918 | (i.e. 169.254.86.1). It will NOT work if your local service is | ||
1919 | just bound to loopback. You may also want to create a "VPN" record | ||
1920 | in your zone of the GNU Name System to make it easy for others to | ||
1921 | access your service via a name instead of just the full service | ||
1922 | descriptor. Note that the identifier you assign the service can | ||
1923 | serve as a passphrase or shared secret, clients connecting to the | ||
1924 | service must somehow learn the service's name. VPN records in the | ||
1925 | GNU Name System can make this easier. | ||
1926 | |||
1927 | @node Fedora and the Firewall | ||
1928 | @subsection Fedora and the Firewall | ||
1929 | |||
1930 | |||
1931 | When using an exit node on Fedora 15, the standard firewall can | ||
1932 | create trouble even when not really exiting the local system! | ||
1933 | For IPv4, the standard rules seem fine. However, for IPv6 the | ||
1934 | standard rules prohibit traffic from the network range of the | ||
1935 | virtual interface created by the exit daemon to the local IPv6 | ||
1936 | address of the same interface (which is essentially loopback | ||
1937 | traffic, so you might suspect that a standard firewall would | ||
1938 | leave this traffic alone). However, as somehow for IPv6 the | ||
1939 | traffic is not recognized as originating from the local | ||
1940 | system (and as the connection is not already "established"), | ||
1941 | the firewall drops the traffic. You should still get ICMPv6 | ||
1942 | packets back, but that's obviously not very useful. | ||
1943 | |||
1944 | Possible ways to fix this include disabling the firewall (do you | ||
1945 | have a good reason for having it on?) or disabling the firewall | ||
1946 | at least for the GNUnet exit interface (or the respective | ||
1947 | IPv4/IPv6 address range). The best way to diagnose these kinds | ||
1948 | of problems in general involves setting the firewall to REJECT | ||
1949 | instead of DROP and to watch the traffic using wireshark | ||
1950 | (or tcpdump) to see if ICMP messages are generated when running | ||
1951 | some tests that should work. | ||
1952 | |||
1953 | @node Setting up VPN node for protocol translation and tunneling | ||
1954 | @subsection Setting up VPN node for protocol translation and tunneling | ||
1955 | |||
1956 | |||
1957 | The GNUnet VPN/PT subsystem enables you to tunnel IP traffic over the | ||
1958 | VPN to an exit node, from where it can then be forwarded to the | ||
1959 | Internet. This section documents how to setup VPN/PT on a node. | ||
1960 | Note that you can enable both the VPN and an exit on the same peer. | ||
1961 | In this case, IP traffic from your system may enter your peer's VPN | ||
1962 | and leave your peer's exit. This can be useful as a means to do | ||
1963 | protocol translation. For example, you might have an application that | ||
1964 | supports only IPv4 but needs to access an IPv6-only site. In this case, | ||
1965 | GNUnet would perform 4to6 protocol translation between the VPN (IPv4) | ||
1966 | and the Exit (IPv6). Similarly, 6to4 protocol translation is also | ||
1967 | possible. However, the primary use for GNUnet would be to access | ||
1968 | an Internet service running with an IP version that is not supported | ||
1969 | by your ISP. In this case, your IP traffic would be routed via GNUnet | ||
1970 | to a peer that has access to the Internet with the desired IP version. | ||
1971 | |||
1972 | Setting up an entry node into the GNUnet VPN primarily requires you | ||
1973 | to enable the "VPN/PT" option in "gnunet-setup". This will launch the | ||
1974 | "gnunet-service-vpn", "gnunet-service-dns" and "gnunet-daemon-pt" | ||
1975 | processes. The "gnunet-service-vpn" will create a virtual interface | ||
1976 | which will be used as the target for your IP traffic that enters the | ||
1977 | VPN. Additionally, a second virtual interface will be created by | ||
1978 | the "gnunet-service-dns" for your DNS traffic. You will then need to | ||
1979 | specify which traffic you want to tunnel over GNUnet. If your ISP only | ||
1980 | provides you with IPv4 or IPv6-access, you may choose to tunnel the | ||
1981 | other IP protocol over the GNUnet VPN. If you do not have an ISP | ||
1982 | (and are connected to other GNUnet peers via WLAN), you can also | ||
1983 | choose to tunnel all IP traffic over GNUnet. This might also provide | ||
1984 | you with some anonymity. After you enable the respective options | ||
1985 | and restart your peer, your Internet traffic should be tunneled | ||
1986 | over the GNUnet VPN. | ||
1987 | |||
1988 | The GNUnet VPN uses DNS-ALG to hijack your IP traffic. Whenever an | ||
1989 | application resolves a hostname (i.e. 'gnunet.org'), the | ||
1990 | "gnunet-daemon-pt" will instruct the "gnunet-service-dns" to intercept | ||
1991 | the request (possibly route it over GNUnet as well) and replace the | ||
1992 | normal answer with an IP in the range of the VPN's interface. | ||
1993 | "gnunet-daemon-pt" will then tell "gnunet-service-vpn" to forward all | ||
1994 | traffic it receives on the TUN interface via the VPN to the original | ||
1995 | destination. | ||
1996 | |||
1997 | For applications that do not use DNS, you can also manually create | ||
1998 | such a mapping using the gnunet-vpn command-line tool. Here, you | ||
1999 | specfiy the desired address family of the result (i.e. "-4"), and the | ||
2000 | intended target IP on the Internet ("-i 131.159.74.67") and | ||
2001 | "gnunet-vpn" will tell you which IP address in the range of your | ||
2002 | VPN tunnel was mapped. | ||
2003 | |||
2004 | @command{gnunet-vpn} can also be used to access "internal" services | ||
2005 | offered by GNUnet nodes. So if you happen to know a peer and a | ||
2006 | service offered by that peer, you can create an IP tunnel to | ||
2007 | that peer by specifying the peer's identity, service name and | ||
2008 | protocol (--tcp or --udp) and you will again receive an IP address | ||
2009 | that will terminate at the respective peer's service. | ||
diff --git a/doc/chapters/vocabulary.texi b/doc/chapters/vocabulary.texi deleted file mode 100644 index 8b6cbe35a..000000000 --- a/doc/chapters/vocabulary.texi +++ /dev/null | |||
@@ -1,47 +0,0 @@ | |||
1 | @node Vocabulary | ||
2 | @chapter Vocabulary | ||
3 | |||
4 | @menu | ||
5 | * Words and characters:: | ||
6 | * Technical Assumptions:: | ||
7 | @end menu | ||
8 | |||
9 | @node Words and characters | ||
10 | @section Words and characters | ||
11 | |||
12 | Throughout this document we use certain words and characters. | ||
13 | |||
14 | @enumerate | ||
15 | @item | ||
16 | ``@command{#}'' in example code blocks describes commands, ie comments. | ||
17 | |||
18 | @example | ||
19 | # Do the foobar thing: | ||
20 | $ make foobar | ||
21 | @end example | ||
22 | |||
23 | @item | ||
24 | Dollarsign ``@command{$}'' in example code blocks describes commands you | ||
25 | execute as unprivileged users. | ||
26 | |||
27 | @example | ||
28 | $ cd foo; ./configure --example-switch | ||
29 | @end example | ||
30 | |||
31 | @item | ||
32 | Backslash ``@command{\}'' describes linebreaks. | ||
33 | |||
34 | @example | ||
35 | ./configure --foo --bar --baz \ | ||
36 | --short-loop | ||
37 | @end example | ||
38 | |||
39 | ...expands to @code{./configure --foo --bar --baz --short-loop} | ||
40 | |||
41 | @end enumerate | ||
42 | |||
43 | @node Technical Assumptions | ||
44 | @section Technical Assumptions | ||
45 | |||
46 | @c Is it really assuming Bash (ie Bash extensions of POSIX being used)? | ||
47 | The shell on GNU systems is assumed to be Bash. | ||