friend of a friend type darknets
Alex
allo at laxu.de
Mon Sep 20 15:39:32 CEST 2010
Hi!
On Mon, Sep 20, 2010 at 03:00:35PM +0200, Guus Sliepen wrote:
> On Sun, Sep 19, 2010 at 11:44:23PM +0200, Alex wrote:
>
> > > It is less simple there. Also, when you
> > > have a graph with cycles (for example, G connects to F as well), and not
> > > everyone is using the FriendOfAFriend option, then you will get conflicting
> > > ADD_EDGE messages, which will trigger a never-ending flood of correcting
> > > DEL_EDGE and ADD_EDGE messages.
> > isn't this the same problem, if peer A is known to B by a lan-ip and
> > known to C by an internet IP?
>
> No, since that will be two distinct edges, a B->A edge and a C->A edge. But
> suppose A has FriendOfAFriend set, but B and C do not, and B and C are also
> connected to each other. Then it is possible that the B->C edge information
> (that B sends to A and C at some point) gets anonymised by A and forwarded to
> C, which sees new information, and forwards it in turn to B, which will see
> that someone forwarded the B->C edge, but with wrong IP address information.
Okay. if i do it in add_edge_h, too it should work, shouldn't it? i'm
only not sure at the moment where the direct connection information is
stored, and i should set up a few test-vms to test a whole net next.
diff -Nur tinc-1.0.13/doc/tinc.conf.5.in tinc-1.0.13-patched/doc/tinc.conf.5.in
--- tinc-1.0.13/doc/tinc.conf.5.in 2010-04-11 19:44:12.000000000 +0200
+++ tinc-1.0.13-patched/doc/tinc.conf.5.in 2010-09-17 23:36:59.031491597 +0200
@@ -209,6 +209,13 @@
This option selects the way indirect packets are forwarded.
.Bl -tag -width indent
+.It Va FriendOfAFriend Li = off | on Po off Pc Bq experimental
+If this option is set, indirect data is implied and your node
+will lie to other nodes when its asked about the ip of its peers.
+This enables a FriendOfAFriend mode, where everybody just trusts
+his direct peers and noone else.
+.Bl -tag -width indent
+
.It off
Incoming packets that are not meant for the local node,
but which should be forwarded to another node, are dropped.
diff -Nur tinc-1.0.13/src/net_setup.c tinc-1.0.13-patched/src/net_setup.c
--- tinc-1.0.13/src/net_setup.c 2010-04-11 04:34:31.000000000 +0200
+++ tinc-1.0.13-patched/src/net_setup.c 2010-09-17 23:38:05.591481035 +0200
@@ -337,6 +337,10 @@
/* Check some options */
+ get_config_bool(lookup_config(config_tree, "FriendOfAFriend"), &foaf);
+ if(foaf)
+ myself->options |= OPTION_INDIRECT;
+
if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice) && choice)
myself->options |= OPTION_INDIRECT;
diff -Nur tinc-1.0.13/src/protocol.c tinc-1.0.13-patched/src/protocol.c
--- tinc-1.0.13/src/protocol.c 2010-03-13 18:53:33.000000000 +0100
+++ tinc-1.0.13-patched/src/protocol.c 2010-09-20 15:29:52.802132853 +0200
@@ -29,6 +29,7 @@
#include "xalloc.h"
bool tunnelserver = false;
+bool foaf = false;
bool strictsubnets = false;
/* Jumptable for the request handlers */
diff -Nur tinc-1.0.13/src/protocol_edge.c tinc-1.0.13-patched/src/protocol_edge.c
--- tinc-1.0.13/src/protocol_edge.c 2010-03-13 18:53:33.000000000 +0100
+++ tinc-1.0.13-patched/src/protocol_edge.c 2010-09-20 15:32:02.602441373 +0200
@@ -39,7 +39,13 @@
bool x;
char *address, *port;
- sockaddr2str(&e->address, &address, &port);
+ if(foaf){
+ address = xstrdup("0.0.0.0");
+ port = xstrdup("0");
+ }else{
+ sockaddr2str(&e->address, &address, &port);
+ }
+
x = send_request(c, "%d %x %s %s %s %s %x %d", ADD_EDGE, rand(),
e->from->name, e->to->name, address, port,
@@ -109,7 +115,14 @@
/* Convert addresses */
- address = str2sockaddr(to_address, to_port);
+ if(foaf){
+ char *host=xstrdup("0.0.0.0");
+ char *port=xstrdup("0");
+ address = str2sockaddr(host, port);
+ free(host);free(port);
+ }else{
+ address = str2sockaddr(to_address, to_port);
+ }
/* Check if edge already exists */
diff -Nur tinc-1.0.13/src/protocol.h tinc-1.0.13-patched/src/protocol.h
--- tinc-1.0.13/src/protocol.h 2010-03-13 18:53:33.000000000 +0100
+++ tinc-1.0.13-patched/src/protocol.h 2010-09-17 23:28:44.671480039 +0200
@@ -53,6 +53,7 @@
} past_request_t;
extern bool tunnelserver;
+extern bool foaf;
extern bool strictsubnets;
/* Maximum size of strings in a request.
with kind regards,
Alex
More information about the tinc-devel
mailing list