summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorTheJackiMonster <thejackimonster@gmail.com>2021-03-18 19:38:11 +0100
committerTheJackiMonster <thejackimonster@gmail.com>2021-03-18 22:41:18 +0100
commite185a556536bab6d294a4efa66ce6e36d424e9f8 (patch)
treea58b2c96a77ba651c28e81128df342f9c4851a3a /doc
parent7d85c27e9b61ac900932337c9ec6a72c6326f6fc (diff)
-added handbook entries for messenger
Signed-off-by: TheJackiMonster <thejackimonster@gmail.com> -fixed handbook entries Signed-off-by: TheJackiMonster <thejackimonster@gmail.com> -integrating libgnunetmessenger_common into libgnunetmessenger Signed-off-by: TheJackiMonster <thejackimonster@gmail.com> -added image to messenger section in handbook Signed-off-by: TheJackiMonster <thejackimonster@gmail.com>
Diffstat (limited to 'doc')
-rw-r--r--doc/handbook/chapters/developer.texi215
-rw-r--r--doc/handbook/chapters/keyconcepts.texi25
-rw-r--r--doc/handbook/chapters/user.texi147
-rw-r--r--doc/handbook/images/messenger_room.pngbin0 -> 76244 bytes
-rw-r--r--doc/handbook/images/messenger_room.svg501
5 files changed, 888 insertions, 0 deletions
diff --git a/doc/handbook/chapters/developer.texi b/doc/handbook/chapters/developer.texi
index 8bc8c8005..abd128e3b 100644
--- a/doc/handbook/chapters/developer.texi
+++ b/doc/handbook/chapters/developer.texi
@@ -83,6 +83,7 @@ new chapters, sections or insightful comments.
* REST Subsystem::
* RPS Subsystem::
* TRANSPORT-NG Subsystem::
+* MESSENGER Subsystem::
@end menu
@node Developer Introduction
@@ -9705,3 +9706,217 @@ other peers. The semantics of the backchannel message are up to the
communicators which use them.
TRANSPORT may fail transmitting backchannel messages, and TRANSPORT will not
attempt to retransmit them.
+
+@cindex MESSENGER Subsystem
+@cindex MESSENGER
+@cindex messenger
+@node MESSENGER Subsystem
+@section MESSENGER Subsystem
+
+The MESSENGER subsystem is responsible for secure end-to-end communication in
+groups of nodes in the GNUnet overlay network. MESSENGER builds on the CADET
+subsystem which provides a reliable and secure end-to-end communication between
+the nodes inside of these groups.
+
+Additionally to the CADET security benefits, MESSENGER provides following
+properties designed for application level usage:
+
+@itemize @bullet
+@item MESSENGER provides integrity by signing the messages with the users
+ provided ego
+@item MESSENGER adds (optional) forward secrecy by replacing the key pair of the
+ used ego and signing the propagation of the new one with old one (chaining
+ egos)
+@item MESSENGER provides verification of a original sender by checking against
+ all used egos from a member which are currently in active use (active use
+ depends on the state of a member session)
+@item MESSENGER offsers (optional) decentralized message forwarding between all
+ nodes in a group to improve availability and prevent MITM-attacks
+@item MESSENGER handles new connections and disconnections from nodes in the
+ group by reconnecting them preserving an efficient structure for message
+ distribution (ensuring availability and accountablity)
+@item MESSENGER provides replay protection (messages can be uniquely identified
+ via SHA-512, include a timestamp and the hash of the last message)
+@item MESSENGER allows detection for dropped messages by chaining them (messages
+ refer to the last message by their hash) improving accountability
+@item MESSENGER allows requesting messages from other peers explicitly to ensure
+ availibility
+@item MESSENGER provides confidentiality by padding messages to few different
+ sizes (512 bytes, 4096 bytes, 32768 bytes and maximal message size from
+ CADET)
+@item MESSENGER adds (optional) confidentiality with ECDHE to exchange and use
+ symmetric encryption, encrypting with both AES-256 and Twofish but
+ allowing only selected members to decrypt (using the receivers ego for
+ ECDHE)
+@end itemize
+
+Also MESSENGER provides multiple features with privacy in mind:
+
+@itemize @bullet
+@item MESSENGER allows deleting messages from all peers in the group by the
+ original sender (uses the MESSENGER provided verification)
+@item MESSENGER allows using the publically known anonymous ego instead of any
+ unique identifying ego
+@item MESSENGER allows your node to decide between acting as host of the used
+ messaging room (sharing your peer's identity with all nodes in the group)
+ or acting as guest (sharing your peer's identity only with the nodes you
+ explicitly open a connection to)
+@item MESSENGER handles members independantly of the peer's identity making
+ forwarded messages indistinguishable from directly received ones (
+ complicating the tracking of messages and identifying its origin)
+@item MESSENGER allows names of members being not unique (also names are
+ optional)
+@item MESSENGER does not include information about the selected receiver of an
+ explicitly encrypted message in its header, complicating it for other
+ members to draw conclusions from communication partners
+@end itemize
+
+@menu
+* libgnunetmessenger::
+* Member sessions::
+@end menu
+
+@node libgnunetmessenger
+@subsection libgnunetmessenger
+
+The MESSENGER API (defined in @file{gnunet_messenger_service.h}) allows P2P
+applications built using GNUnet to communicate with specified kinds of messages
+in a group. It provides applications the ability to send and receive encrypted
+messages to any group of peers participating in GNUnet in a decentralized way (
+without even knowing all peers's identities).
+
+MESSENGER delivers messages to other peers in "rooms". A room uses a variable
+amount of CADET "channels" which will all be used for message distribution. Each
+channel can represent an outgoing connection opened by entering a room with
+@code{GNUNET_MESSENGER_enter_room} or an incoming connection if the room was
+opened before via @code{GNUNET_MESSENGER_open_room}.
+
+@image{images/messenger_room.png}
+
+To enter a room you have to specify the "door" (peer's identity of a peer which
+has opened the room) and the key of the room (which is identical to a CADET
+"port"). To open a room you have to specify only the key to use. When opening a
+room you automatically distribute a PEER-message sharing your peer's identity in
+the room.
+
+Entering or opening a room can also be combined in any order. In any case you
+will automatically get a unique member ID and send a JOIN-message notifying
+others about your entry and your public key from your selected ego.
+
+The ego can be selected by name with the initial @code{GNUNET_MESSENGER_connect}
+besides setting a (identity-)callback for each change/confirmation of the used
+ego and a (message-)callback which gets called every time a message gets sent or
+received in the room. Once the identity-callback got called you can check your
+used ego with @code{GNUNET_MESSENGER_get_key} providing only its public key. The
+function returns NULL if the anonymous ego is used. If the ego should be
+replaced with a newly generated one, you can use @code{GNUNET_MESSENGER_update}
+to ensure proper chaining of used egos.
+
+Also once the identity-callback got called you can check your used name with
+@code{GNUNET_MESSENGER_get_name} and potentially change or set a name via
+@code{GNUNET_MESSENGER_set_name}. A name is for example required to create a new
+ego with @code{GNUNET_MESSENGER_update}. Also any change in ego or name will
+automatically be distributed in the room with a NAME- or KEY-message
+respectively.
+
+To send a message a message inside of a room you can use
+@code{GNUNET_MESSENGER_send_message}. If you specify a selected contact as
+receiver, the message gets encrypted automatically and will be sent as PRIVATE-
+message instead.
+
+To request a potentially missed message or to get a specific message after its
+original call of the message-callback, you can use
+@code{GNUNET_MESSENGER_get_message}. Additionally once a message was distributed
+to application level and the message-callback got called, you can get the
+contact respresenting a message's sender respectively with
+@code{GNUNET_MESSENGER_get_sender}. This allows getting name and the public key
+of any sender currently in use with @code{GNUNET_MESSENGER_contact_get_name}
+and @code{GNUNET_MESSENGER_contact_get_key}. It is also possible to iterate
+through all current members of a room with
+@code{GNUNET_MESSENGER_iterate_members} using a callback.
+
+To leave a room you can use @code{GNUNET_MESSENGER_close_room} which will also
+close the rooms connections once all applications on the same peer have left
+the room. Leaving a room will also send a LEAVE-message closing a member session
+on all connected peers before any connection will be closed. Leaving a room is
+however not required for any application to keep your member session open
+between multiple sessions of the actual application.
+
+Finally, when an application no longer wants to use CADET, it should call
+@code{GNUNET_MESSENGER_disconnect}. You don't have to explicitly close the used
+rooms or leave them.
+
+Here is a little summary to the kinds of messages you can send manually:
+
+@menu
+* MERGE-message::
+* INVITE-message::
+* TEXT-message::
+* FILE-message::
+* DELETE-message::
+@end menu
+
+@node MERGE-message
+@subsubsection MERGE-message
+
+MERGE-messages will generally be sent automatically to reduce the amount of
+parallel chained messages. This is necessary to close a member session for
+example. You can also send MERGE-messages manually if required to merge two
+chains of messages.
+
+@node INVITE-message
+@subsubsection INVITE-message
+
+INVITE-messages can be used to invite other members in a room to a different
+room, sharing one potential door and the required key to enter the room. This
+kind of message is typically sent as encrypted PRIVATE-message to selected
+members because it doesn't make much sense to invite all members from one room
+to another considering a rooms key doesn't specify its usage.
+
+@node TEXT-message
+@subsubsection TEXT-message
+
+TEXT-messages can be used to send simple text-based messages and should be
+considered as being in readable form without complex decoding. The text has to
+end with a NULL-terminator character and should be in UTF-8 encoding for most
+compatibility.
+
+@node FILE-message
+@subsubsection FILE-message
+
+FILE-messages can be used to share files inside of a room. They do not contain
+the actual file being shared but its original hash, filename, URI to download
+the file and a symmetric key to decrypt the downloaded file.
+
+It is recommended to use the FS subsystem and the FILE-messages in combination.
+
+@node DELETE-message
+@subsubsection DELETE-message
+
+DELETE-messages can be used to delete messages selected with its hash. You can
+also select any custom delay relative to the time of sending the DELETE-message.
+Deletion will only be processed on each peer in a room if the sender is
+authorized.
+
+The only information of a deleted message which being kept will be the chained
+hashes connecting the message graph for potential traversion. For example the
+check for completion of a member session requires this information.
+
+@node Member sessions
+@subsection Member sessions
+
+A member session is a triple of the room key, the member ID and the public key
+of the member's ego. Member sessions allow that a member can change their ID or
+their ego once at a time without loosing the ability to delete old messages or
+identifying the original sender of a message. On every change of ID or EGO a
+session will be marked as closed. So every session chain will only contain one
+open session with the current ID and public key.
+
+If a session is marked as closed the MESSENGER service will check from the first
+message opening a session to its last one closing the session for completion. If
+a the service can confirm that there is no message still missing which was sent
+from the closed member session, it will be marked as completed.
+
+A completed member session is not able to verify any incoming message to ensure
+forward secrecy preventing others from using old stolen egos.
+
diff --git a/doc/handbook/chapters/keyconcepts.texi b/doc/handbook/chapters/keyconcepts.texi
index eb95dbf78..f429997bf 100644
--- a/doc/handbook/chapters/keyconcepts.texi
+++ b/doc/handbook/chapters/keyconcepts.texi
@@ -152,6 +152,7 @@ and @pxref{Deniability}.
@menu
* How file-sharing achieves Anonymity::
+* How messaging provides Anonymity::
@end menu
Providing anonymity for users is the central goal for the anonymous
@@ -231,6 +232,30 @@ GAP --- practical anonymous networking. In Proceedings of
Designing Privacy Enhancing Technologies, 2003.
(@uref{https://git.gnunet.org/bibliography.git/plain/docs/aff.pdf, https://git.gnunet.org/bibliography.git/plain/docs/aff.pdf})
+@cindex How messaging provides Anonymity
+@node How messaging provides Anonymity
+@subsection How messaging provides Anonymity
+
+While the file-sharing tries to achieve anonymity through hiding actions in
+other traffic, the messaging service provides a weaker form of protection
+against identification.
+
+The messaging service allows the use of an anonymous ego for the signing and
+verification process of messages instead of a unique ego. This anonymous ego is
+a publically known key pair which is shared between all peers in GNUnet.
+
+Using this ego only ensures that individual messages alone can't identify its
+sender inside of a messenger room. It should be clarified that the route of
+the traffic for each message can still be tracked to identify the senders peer
+inside of a messenger room if the threat agent controls certain peers hosting
+the room.
+
+Also opening a room in the messenger service will potentially match your peer
+identity with the internal member identity from the messenger service. So
+despite using the anonymous ego you can reveal your peer identity. This means
+to decrease the chance of being identified, it is recommended to enter rooms but
+you should not open them for others.
+
@cindex Deniability
@node Deniability
@section Deniability
diff --git a/doc/handbook/chapters/user.texi b/doc/handbook/chapters/user.texi
index 5d5d2fe14..a25dd8bd3 100644
--- a/doc/handbook/chapters/user.texi
+++ b/doc/handbook/chapters/user.texi
@@ -28,6 +28,7 @@ always welcome.
* The GNU Name System::
* reclaimID Identity Provider::
* Using the Virtual Public Network::
+* Using the GNUnet Messenger::
@end menu
@node Start and stop GNUnet
@@ -2323,3 +2324,149 @@ service offered by that peer, you can create an IP tunnel to
that peer by specifying the peer's identity, service name and
protocol (--tcp or --udp) and you will again receive an IP address
that will terminate at the respective peer's service.
+
+@node Using the GNUnet Messenger
+@section Using the GNUnet Messenger
+
+The GNUnet Messenger subsystem allows decentralized message-based
+communication inside of so called rooms. Each room can be hosted by
+a variable amount of peers. Every member of a room has the possibility
+to host the room on its own peer. A peer allows any amount of members
+to join a room. The amount of members in a room is not restricted.
+
+Messages in a room will be distributed between all peers hosting the
+room or being internally (in context of the messenger service) connected
+to a hosting peer. All received or sent messages will be stored on any
+peer locally which is hosting the respective room or is internally
+connected to such a hosting peer.
+
+The Messenger service is built on the CADET subsystem to make internal
+connections between peers using a reliable and encrypted transmission.
+Additionally the service uses a discrete padding to few different sizes.
+So kinds of messages and potential content can't be identified by the
+size of traffic from any attacker being unable to break the encryption
+of the transmission layer.
+
+Another feature is additional end-to-end encryption for selected messages
+which uses the public key of another member (the receiver) to encrypt
+the message. Therefore it is ensured that only the selected member can
+read its content. This will also use additional padding.
+
+@menu
+* Current state::
+* Entering a room::
+* Opening a room::
+* Messaging in a room::
+* Private messaging::
+@end menu
+
+@node Current state
+@subsection Current state
+
+Currently there is only a simplistic CLI application available to use the
+messenger service. You can use this application with the
+@command{gnunet-messenger} command.
+
+This application was designed for testing purposes and it does not provide
+full functionality in the current state. It is planned to replace this CLI
+application in later stages with a fully featured one using a client-side
+library designed for messenger applications.
+
+@node Entering a room
+@subsection Entering a room
+
+You can enter any room by its ROOMKEY and any PEERIDENTITY of a hosting peer.
+Optionally you can provide any IDENTITY which can represent a local ego by
+its name.
+
+@example
+$ gnunet-messenger [-e IDENTITY] -d PEERIDENTITY -r ROOMKEY
+@end example
+
+A PEERIDENTITY gets entered in encoded form. You can get your own peer ID by
+using the @command{gnunet-peerinfo} command:
+
+@example
+$ gnunet-peerinfo -s
+@end example
+
+A ROOMKEY gets entered in readable text form. The service will then hash the
+entered ROOMKEY and use the result as shared secret for transmission through
+the CADET submodule. You can also optionally leave out the '-r' paramter and
+the ROOMKEY to use the zeroed hash instead.
+
+If no IDENTITY is provided you will not send any name to others, you will be
+referred as "anonymous" instead and use the anonymous ego. If you provide any
+IDENTITY a matching ego will be used to sign your messages. If there is no
+matching ego you will use the anonymous ego instead. The provided IDENTITY will
+be distributed as your name for the service in any case.
+
+@node Opening a room
+@subsection Opening a room
+
+You can open any room in a similar way to entering it. You just have to leave
+out the '-d' parameter and the PEERIDENTITY of the hosting peer.
+
+@example
+$ gnunet-messenger [-e IDENTITY] -r ROOMKEY
+@end example
+
+Providing ROOMKEY and IDENTITY is identical to entering a room. Opening a room
+will also make your peer to a host of this room. So others can enter the room
+through your peer if they have the required ROOMKEY and your peer ID.
+
+If you want to use the zeroed hash as shared secret key for the room you can
+also leave it out as well:
+
+@example
+$ gnunet-messenger
+@end example
+
+@node Messaging in a room
+@subsection Messaging in a room
+
+Once joined a room by entering it or opening it you can write text-based
+messages which will be distributed between all internally conntected peers. All
+sent messages will be displayed in the same way as received messages.
+
+This relates to the internal handling of sent and received messages being mostly
+identical on application layer. Every handled message will be represented
+visually depending on its kind, content and sender. A sender can usually be
+identified by the encoded member ID or their name.
+
+@example
+[17X37K] * 'anonymous' says: "hey"
+@end example
+
+@node Private messaging
+@subsection Private messaging
+
+As referred in the introduction the service allows sending private messages with
+additional end-to-end encryption. These messages will be visually represented
+by messages of the kind 'PRIVATE' in case they can't be decrypted with your used
+ego. Members who can't decrypt the message can potentially only identify its
+sender but they can't identify its receiver.
+
+@example
+[17X37K] ~ message: PRIVATE
+@end example
+
+If they can be decrypted they will appear as their secret message instead
+but marked visually.
+
+@example
+[17X37K] ** 'anonymous' says: "hey"
+@end example
+
+Currently you can only activate sending such encrypted text messages instead of
+usual text messages by adding the '-p' parameter:
+
+@example
+$ gnunet-messenger [-e IDENTITY] -d PEERIDENTITY -r ROOMKEY -p
+@end example
+
+Notice that you can only send such encrypted messages to members who use an ego
+which is not publically known as the anonymous ego to ensure transparency. If
+any user could decrypt these messages they would not be private. So as receiver
+of such messages the IDENTITY is required and it has to match a local ego.
+
diff --git a/doc/handbook/images/messenger_room.png b/doc/handbook/images/messenger_room.png
new file mode 100644
index 000000000..8b3590cf8
--- /dev/null
+++ b/doc/handbook/images/messenger_room.png
Binary files differ
diff --git a/doc/handbook/images/messenger_room.svg b/doc/handbook/images/messenger_room.svg
new file mode 100644
index 000000000..6bd8d425c
--- /dev/null
+++ b/doc/handbook/images/messenger_room.svg
@@ -0,0 +1,501 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ width="598.63586mm"
+ height="519.30621mm"
+ viewBox="0 0 598.63586 519.30621"
+ version="1.1"
+ id="svg8"
+ inkscape:version="1.0.2 (e86c870879, 2021-01-15)"
+ sodipodi:docname="messenger_room.svg"
+ inkscape:export-filename="./messenger_room.png"
+ inkscape:export-xdpi="50"
+ inkscape:export-ydpi="50">
+ <defs
+ id="defs2" />
+ <sodipodi:namedview
+ id="base"
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1.0"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:zoom="0.35"
+ inkscape:cx="1617.1523"
+ inkscape:cy="893.76504"
+ inkscape:document-units="mm"
+ inkscape:current-layer="layer3"
+ inkscape:document-rotation="0"
+ showgrid="false"
+ fit-margin-top="10"
+ fit-margin-bottom="10"
+ fit-margin-right="10"
+ fit-margin-left="10"
+ lock-margins="true"
+ inkscape:window-width="2560"
+ inkscape:window-height="1376"
+ inkscape:window-x="0"
+ inkscape:window-y="0"
+ inkscape:window-maximized="1" />
+ <metadata
+ id="metadata5">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <dc:title></dc:title>
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ inkscape:groupmode="layer"
+ id="layer2"
+ inkscape:label="Layer 2"
+ style="display:inline"
+ transform="translate(192.28493,120.40152)">
+ <path
+ style="fill:none;stroke:#000000;stroke-width:3.365;stroke-linecap:butt;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 26.206579,156.45999 97.162749,89.570022 199.7759,120.1979 181.87666,217.7128 89.324169,236.23068 Z"
+ id="path915" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:2.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 181.87666,217.7128 66.26913,94.14707"
+ id="path1063" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:2.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:2.665, 5.33;stroke-dashoffset:0;stroke-opacity:1"
+ d="M 309.85632,121.37022 199.7759,120.1979"
+ id="path1065" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:2.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 248.9298,18.638951 199.7759,120.1979"
+ id="path1067" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:2.665;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M -76.608095,107.38658 26.206579,156.45999"
+ id="path1069" />
+ </g>
+ <g
+ inkscape:groupmode="layer"
+ id="layer4"
+ inkscape:label="Layer 4"
+ style="display:inline"
+ transform="translate(192.28493,120.40152)">
+ <path
+ style="fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m -137.76937,77.365523 61.161275,30.021057"
+ id="path1225" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M -20.546549,199.60834 26.206579,156.45999"
+ id="path1227" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 58.558255,290.12036 89.324168,236.23068 125.2681,294.74464"
+ id="path1229" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 260.56143,374.91842 -12.41564,-63.05855 67.7611,18.91507"
+ id="path1231" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 237.39119,194.89545 181.87666,217.7128"
+ id="path1233" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 199.7759,120.1979 177.22801,54.184954"
+ id="path1235" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 309.85632,121.37022 61.96594,-12.96636"
+ id="path1237" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="M 248.9298,18.638951 229.25585,-38.546188"
+ id="path1239" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 55.073787,29.185372 42.088961,60.38465"
+ id="path1241" />
+ <path
+ style="fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:1.865, 3.73;stroke-dashoffset:0;stroke-opacity:1"
+ d="M -76.608095,107.38658 -138.56518,130.6705"
+ id="path1243" />
+ </g>
+ <g
+ inkscape:label="Layer 1"
+ inkscape:groupmode="layer"
+ id="layer1"
+ transform="translate(192.28493,120.40152)">
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:6.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833"
+ cx="96.685127"
+ cy="88.539452"
+ r="20" />
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:6.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833-3"
+ cx="195.51556"
+ cy="120.85936"
+ r="20" />
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:6.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833-5"
+ cx="183.12799"
+ cy="214.72444"
+ r="20" />
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:6.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833-6"
+ cx="92.202576"
+ cy="236.97336"
+ r="20" />
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:6.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833-2"
+ cx="26.400755"
+ cy="158.9449"
+ r="20" />
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:6.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833-3-1"
+ cx="309.42667"
+ cy="120.44005"
+ r="20" />
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:6.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833-3-2"
+ cx="248.5799"
+ cy="19.344702"
+ r="20" />
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:6.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833-3-7"
+ cx="-74.235405"
+ cy="107.76899"
+ r="20" />
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:6.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833-3-0"
+ cx="249.89246"
+ cy="310.73776"
+ r="20" />
+ <path
+ style="display:inline;fill:none;stroke:#000000;stroke-width:1.865;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 318.33679,228.47452 61.96594,-12.96636"
+ id="path1237-2" />
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:6.265;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:6.265, 12.53;stroke-dashoffset:0;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833-3-1-8"
+ cx="317.90714"
+ cy="227.54434"
+ r="20" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:2.82, 5.64;stroke-dashoffset:0;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-62-9"
+ width="28.700562"
+ height="22.81683"
+ x="366.24039"
+ y="204.47328" />
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="315.72601"
+ y="231.38942"
+ id="text1307-7-3-3-94-3"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-0-0-6-6"
+ x="315.72601"
+ y="231.38942"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">J</tspan></text>
+ </g>
+ <g
+ inkscape:groupmode="layer"
+ id="layer3"
+ inkscape:label="Layer 3"
+ transform="translate(192.28493,120.40152)">
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071"
+ width="28.700562"
+ height="22.81683"
+ x="41.152424"
+ y="17.00181" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-6"
+ width="28.700562"
+ height="22.81683"
+ x="163.24538"
+ y="40.93095" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-0"
+ width="28.700562"
+ height="22.81683"
+ x="217.0302"
+ y="-48.476658" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-62"
+ width="28.700562"
+ height="22.81683"
+ x="357.75992"
+ y="97.368996" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-61"
+ width="28.700562"
+ height="22.81683"
+ x="221.61465"
+ y="183.89601" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-8"
+ width="28.700562"
+ height="22.81683"
+ x="302.37604"
+ y="319.27646" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-7"
+ width="28.700562"
+ height="22.81683"
+ x="244.56342"
+ y="364.67789" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-9"
+ width="28.700562"
+ height="22.81683"
+ x="43.508121"
+ y="279.02939" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-2"
+ width="28.700562"
+ height="22.81683"
+ x="110.22536"
+ y="283.7334" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-02"
+ width="28.700562"
+ height="22.81683"
+ x="-35.267426"
+ y="187.65363" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-3"
+ width="28.700562"
+ height="22.81683"
+ x="-151.39322"
+ y="66.069321" />
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:2.82;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:2.82, 5.64;stroke-dashoffset:0;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-3-7"
+ width="28.700562"
+ height="22.81683"
+ x="-154.87178"
+ y="119.88663" />
+ <g
+ id="g1600"
+ transform="translate(-2.9470331,-51.038598)">
+ <circle
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:3.78727;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="path833-6-5"
+ cx="-161.17276"
+ cy="336.83234"
+ r="12.09027" />
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="-140.58682"
+ y="342.66354"
+ id="text1307"><tspan
+ sodipodi:role="line"
+ id="tspan1305"
+ x="-140.58682"
+ y="342.66354"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">Peer</tspan></text>
+ </g>
+ <g
+ id="g1594"
+ transform="translate(-2.9470331,-54.443235)">
+ <rect
+ style="opacity:0.999;fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:1.96946;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;paint-order:stroke markers fill"
+ id="rect1071-9-9"
+ width="20.044254"
+ height="15.935102"
+ x="-171.19489"
+ y="365.45282" />
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="-140.78059"
+ y="379.28705"
+ id="text1307-7"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6"
+ x="-140.78059"
+ y="379.28705"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">Application</tspan></text>
+ </g>
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="90.401619"
+ y="94.499252"
+ id="text1307-7-3"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-0"
+ x="90.401619"
+ y="94.499252"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">A</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="189.63115"
+ y="126.74821"
+ id="text1307-7-3-3"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-0-0"
+ x="189.63115"
+ y="126.74821"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">C</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="178.83551"
+ y="220.59999"
+ id="text1307-7-3-3-9"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-0-0-2"
+ x="178.83551"
+ y="220.59999"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">F</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="85.772736"
+ y="242.86221"
+ id="text1307-7-3-3-5"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-0-0-4"
+ x="85.772736"
+ y="242.86221"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">G</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="19.824577"
+ y="164.8027"
+ id="text1307-7-3-3-0"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-0-0-5"
+ x="19.824577"
+ y="164.8027"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">H</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="303.32053"
+ y="126.29786"
+ id="text1307-7-3-3-94"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-0-0-6"
+ x="303.32053"
+ y="126.29786"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">D</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="243.4848"
+ y="25.202511"
+ id="text1307-7-3-3-92"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-0-0-24"
+ x="243.4848"
+ y="25.202511"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">B</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="247.20479"
+ y="316.59558"
+ id="text1307-7-3-3-7"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-0-0-7"
+ x="247.20479"
+ y="316.59558"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">I</tspan></text>
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="-79.01123"
+ y="113.64454"
+ id="text1307-7-3-3-54"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-0-0-8"
+ x="-79.01123"
+ y="113.64454"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">E</tspan></text>
+ <g
+ id="g1589"
+ transform="translate(-4.3496791,-53.330521)">
+ <path
+ style="fill:none;stroke:#000000;stroke-width:2.62782;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:2.62782, 5.25564;stroke-dashoffset:1.05113;stroke-opacity:1"
+ d="m -176.62134,400.99519 30.89715,0.38084"
+ id="path1521" />
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="-137.64647"
+ y="406.95029"
+ id="text1307-7-2"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-1"
+ x="-137.64647"
+ y="406.95029"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">Inactive</tspan></text>
+ </g>
+ <g
+ id="g1583"
+ transform="translate(-4.3496791,-49.693534)">
+ <path
+ style="fill:none;stroke:#000000;stroke-width:2.62782;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:1.05113;stroke-opacity:1"
+ d="m -176.62134,420.37019 30.89715,0.38084"
+ id="path1521-0" />
+ <text
+ xml:space="preserve"
+ style="font-size:18.1632px;line-height:34.0561px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.340559"
+ x="-138.78186"
+ y="426.42728"
+ id="text1307-7-0"><tspan
+ sodipodi:role="line"
+ id="tspan1305-6-5"
+ x="-138.78186"
+ y="426.42728"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18.1632px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.340559">Active</tspan></text>
+ </g>
+ <text
+ xml:space="preserve"
+ style="font-size:50.8px;line-height:95.25px;font-family:Primer;-inkscape-font-specification:Primer;letter-spacing:0px;word-spacing:0px;stroke-width:0.264583"
+ x="42.997746"
+ y="-77.287262"
+ id="text1604"><tspan
+ sodipodi:role="line"
+ id="tspan1602"
+ x="42.997746"
+ y="-77.287262"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:50.8px;font-family:'Linux Libertine Capitals';-inkscape-font-specification:'Linux Libertine Capitals';stroke-width:0.264583">Room</tspan></text>
+ </g>
+</svg>