friend of a friend type darknets

Sat Sep 18 00:25:29 CEST 2010

Hi!
here a little patch for darknet functionality, i hope it does what its
intended for sufficiently ... but it seems to work :).

what should it do?

imagine your friend-network. A trusts B and C. B trusts D and E, D trust
F, C trusts G. All trust relationships are mutal

 A <---> C <---> G
 ^
 \
  \-----> B <---> D <---> F
          ^
          \
           \---> E

now they want to share some files, but they do not want that untrusted
users know who shares the files.

The idea: just route over friend-routes. solution: use IndirectData
connections of tinc, and connect only to trusted persons.

what was missing from tinc: anonymity. do a killall -USR2 tincd and you
can see the ips of everybody in your syslog.

what the patch adds: if FriendOfAFriend is set, then your node does not
distribute information about the IP and port of other known nodes. so A
can reach G only indirect, because C does not disclose the real IP of G
to A.
A can reach F only over B and D, and because A and B, B and D and D and
F are friends, the data can still be routed indirectly.




and here is the patch:


diff -Nur tinc-1.0.13/doc/tinc.conf.5.in tinc-1.0.13-patched/doc/tinc.conf.5.in

--- tinc-1.0.13/doc/tinc.conf.5.in  2010-04-11 19:44:12.000000000 +0200
+++ tinc-1.0.13-patched/doc/tinc.conf.5.in  2010-09-17 23:36:59.031491597 +0200
@@ -209,6 +209,13 @@
 This option selects the way indirect packets are forwarded.
 .Bl -tag -width indent
 
+.It Va FriendOfAFriend Li = off | on Po off Pc Bq experimental
+If this option is set, indirect data is implied and your node
+will lie to other nodes when its asked about the ip of its peers.
+This enables a FriendOfAFriend mode, where everybody just trusts
+his direct peers and noone else.
+.Bl -tag -width indent
+
 .It off
 Incoming packets that are not meant for the local node,
 but which should be forwarded to another node, are dropped.
diff -Nur tinc-1.0.13/src/net_setup.c tinc-1.0.13-patched/src/net_setup.c
--- tinc-1.0.13/src/net_setup.c 2010-04-11 04:34:31.000000000 +0200
+++ tinc-1.0.13-patched/src/net_setup.c 2010-09-17 23:38:05.591481035 +0200
@@ -337,6 +337,10 @@
 
    /* Check some options */
 
+   get_config_bool(lookup_config(config_tree, "FriendOfAFriend"), &foaf);
+    if(foaf)
+        myself->options |= OPTION_INDIRECT;
+
    if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice) && choice)
        myself->options |= OPTION_INDIRECT;
 
diff -Nur tinc-1.0.13/src/protocol.c tinc-1.0.13-patched/src/protocol.c
--- tinc-1.0.13/src/protocol.c  2010-03-13 18:53:33.000000000 +0100
+++ tinc-1.0.13-patched/src/protocol.c  2010-09-17 23:38:50.121482641 +0200
@@ -29,6 +29,7 @@
 #include "xalloc.h"
 
 bool tunnelserver = false;
+bool foaf = false;
 bool strictsubnets = false;
 
 /* Jumptable for the request handlers */
diff -Nur tinc-1.0.13/src/protocol_edge.c tinc-1.0.13-patched/src/protocol_edge.c
--- tinc-1.0.13/src/protocol_edge.c 2010-03-13 18:53:33.000000000 +0100
+++ tinc-1.0.13-patched/src/protocol_edge.c 2010-09-18 00:05:18.471993705 +0200
@@ -39,7 +39,13 @@
    bool x;
    char *address, *port;
 
-   sockaddr2str(&e->address, &address, &port);
+    if(foaf){
+        address = xstrdup("0.0.0.0");
+        port = xstrdup("0.0.0.0");
+    }else{
+       sockaddr2str(&e->address, &address, &port);
+    }
+
 
    x = send_request(c, "%d %x %s %s %s %s %x %d", ADD_EDGE, rand(),
                     e->from->name, e->to->name, address, port,
diff -Nur tinc-1.0.13/src/protocol.h tinc-1.0.13-patched/src/protocol.h
--- tinc-1.0.13/src/protocol.h  2010-03-13 18:53:33.000000000 +0100
+++ tinc-1.0.13-patched/src/protocol.h  2010-09-17 23:28:44.671480039 +0200
@@ -53,6 +53,7 @@
 } past_request_t;
 
 extern bool tunnelserver;
+extern bool foaf;
 extern bool strictsubnets;
 
 /* Maximum size of strings in a request.
