[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet-texinfo] branch master updated: attempting to give
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet-texinfo] branch master updated: attempting to give ref manual reasonable structure |
|
Date: |
Fri, 09 Jun 2017 21:55:48 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository gnunet-texinfo.
The following commit(s) were added to refs/heads/master by this push:
new dcba501 attempting to give ref manual reasonable structure
dcba501 is described below
commit dcba5018f007b64c1c04e1ae04999345e80e500d
Author: Christian Grothoff <address@hidden>
AuthorDate: Fri Jun 9 16:42:17 2017 +0200
attempting to give ref manual reasonable structure
---
developer.texi | 630 ++++++++++++++++++++++++++++--------------------------
gnunet.texi | 45 +++-
installation.texi | 511 ++++++++++++++++++++++---------------------
philosophy.texi | 206 +++++-------------
user.texi | 235 +++++++++++++-------
5 files changed, 842 insertions(+), 785 deletions(-)
diff --git a/developer.texi b/developer.texi
index bb12456..939455e 100644
--- a/developer.texi
+++ b/developer.texi
@@ -63,27 +63,11 @@ advertisements for bogus websites.
* Developing extensions for GNUnet using the gnunet-ext template::
* Writing testcases::
* GNUnet's TESTING library::
-* API::
-* Finer control over peer stop::
-* Helper functions::
-* Testing with multiple processes::
* Performance regression analysis with Gauger::
* GNUnet's TESTBED Subsystem::
* libgnunetutil::
-* Logging::
-* Interprocess communication API (IPC)::
-* Cryptography API::
-* Message Queue API::
-* Service API::
-* Optimizing Memory Consumption of GNUnet's (Multi-) Hash Maps::
-* The CONTAINER_MDLL API::
* The Automatic Restart Manager (ARM)::
-* Basic functionality::
-* Key configuration options::
-* Availability2::
-* Reliability::
* GNUnet's TRANSPORT Subsystem::
-* Address validation protocol::
* NAT library::
* Distance-Vector plugin::
* SMTP plugin::
@@ -91,83 +75,21 @@ advertisements for bogus websites.
* WLAN plugin::
* The ATS Subsystem::
* GNUnet's CORE Subsystem::
-* Limitations::
-* When is a peer "connected"?::
-* libgnunetcore::
-* The CORE Client-Service Protocol::
-* The CORE Peer-to-Peer Protocol::
* GNUnet's CADET subsystem::
-* libgnunetcadet::
* GNUnet's NSE subsystem::
-* libgnunetnse::
-* The NSE Client-Service Protocol::
-* The NSE Peer-to-Peer Protocol::
* GNUnet's HOSTLIST subsystem::
-* HELLOs::
-* Overview for the HOSTLIST subsystem::
-* Interacting with the HOSTLIST daemon::
-* Hostlist security address validation::
-* The HOSTLIST daemon::
-* The HOSTLIST server::
-* The HOSTLIST client::
-* Usage::
* GNUnet's IDENTITY subsystem::
-* libgnunetidentity::
-* The IDENTITY Client-Service Protocol::
* GNUnet's NAMESTORE Subsystem::
-* libgnunetnamestore::
* GNUnet's PEERINFO subsystem::
-* Features2::
-* Limitations3::
-* DeveloperPeer Information::
-* Startup::
-* Managing Information::
-* Obtaining Information::
-* The PEERINFO Client-Service Protocol::
-* libgnunetpeerinfo::
* GNUnet's PEERSTORE subsystem::
-* Functionality::
-* Architecture::
-* libgnunetpeerstore::
* GNUnet's SET Subsystem::
-* Local Sets::
-* Set Modifications::
-* Set Operations::
-* Result Elements::
-* libgnunetset::
-* The SET Client-Service Protocol::
-* The SET Intersection Peer-to-Peer Protocol::
-* The SET Union Peer-to-Peer Protocol::
* GNUnet's STATISTICS subsystem::
-* libgnunetstatistics::
-* The STATISTICS Client-Service Protocol::
* GNUnet's Distributed Hash Table (DHT)::
-* Block library and plugins::
-* libgnunetdht::
-* The DHT Client-Service Protocol::
-* The DHT Peer-to-Peer Protocol::
* The GNU Name System (GNS)::
-* libgnunetgns::
-* libgnunetgnsrecord::
-* GNS plugins::
-* The GNS Client-Service Protocol::
-* Hijacking the DNS-Traffic using gnunet-service-dns::
-* Serving DNS lookups via GNS on W32::
* The GNS Namecache::
-* libgnunetnamecache::
-* The NAMECACHE Client-Service Protocol::
-* The NAMECACHE Plugin API::
* The REVOCATION Subsystem::
-* Dissemination::
-* Revocation Message Design Requirements::
-* libgnunetrevocation::
-* The REVOCATION Client-Service Protocol::
-* The REVOCATION Peer-to-Peer Protocol::
* GNUnet's File-sharing (FS) Subsystem::
-* Encoding for Censorship-Resistant Sharing (ECRS)::
-* File-sharing persistence directory structure::
* GNUnet's REGEX Subsystem::
-* How to run the regex profiler::
@end menu
@node Developer Introduction
@@ -1027,9 +949,16 @@ in TESTING but are available in the TESTBED subsystem.
Furthermore, TESTING
only creates peers on the localhost, however by using TESTBED testcases can
benefit from creating peers across multiple hosts.
address@hidden
+* API::
+* Finer control over peer stop::
+* Helper functions::
+* Testing with multiple processes::
address@hidden menu
+
@c ***************************************************************************
@node API
address@hidden API
address@hidden API
TESTING abstracts a group of peers as a TESTING system. All peers in a system
have common hostname and no two services of these peers have a same port or a
@@ -1077,7 +1006,7 @@ peers.
@c ***************************************************************************
@node Finer control over peer stop
address@hidden Finer control over peer stop
address@hidden Finer control over peer stop
Using @code{GNUNET_TESTING_peer_stop()} is normally fine for testcases.
However, calling this function for each peer is inefficient when trying to
@@ -1103,7 +1032,7 @@ when the peer is stopped.
@c ***************************************************************************
@node Helper functions
address@hidden Helper functions
address@hidden Helper functions
Most of the testcases can benefit from an abstraction which configures a peer
and starts it. This is provided by the function
@@ -1120,7 +1049,7 @@ given service is run.
@c ***************************************************************************
@node Testing with multiple processes
address@hidden Testing with multiple processes
address@hidden Testing with multiple processes
When testing GNUnet, the splitting of the code into a services and clients
often complicates testing. The solution to this is to have the testcase fork
@@ -1766,9 +1695,19 @@ Ideally, porting GNUnet should only require porting the
gnunetutil library.
More testcases for the gnunetutil APIs are therefore a great way to make
porting of GNUnet easier.
address@hidden
+* Logging::
+* Interprocess communication API (IPC)::
+* Cryptography API::
+* Message Queue API::
+* Service API::
+* Optimizing Memory Consumption of GNUnet's (Multi-) Hash Maps::
+* The CONTAINER_MDLL API::
address@hidden menu
+
@c ***************************************************************************
@node Logging
address@hidden Logging
address@hidden Logging
GNUnet is able to log its activity, mostly for the purposes of debugging the
program at various levels.
@@ -1930,10 +1869,11 @@ will not report the failure in any way.
@menu
* Examples::
* Log files::
+* Updated behavior of GNUNET_log::
@end menu
@node Examples
address@hidden Examples
address@hidden Examples
@table @asis
@@ -1974,7 +1914,7 @@ GNUNET_FORCE_LOG to work.
@c ***************************************************************************
@node Log files
address@hidden Log files
address@hidden Log files
GNUnet can be told to log everything into a file instead of stderr (which is
the default) using the "--log-file=logfile" or "-l logfile" option. This option
@@ -2011,9 +1951,6 @@ never be automatically deleted by GNUnet.
@c ***************************************************************************
address@hidden
-* Updated behavior of GNUNET_log::
address@hidden menu
@node Updated behavior of GNUNET_log
@subsubsection Updated behavior of GNUNET_log
@@ -2085,7 +2022,7 @@ can adapt it to your particular needs, this is only a
quick example.
@c ***************************************************************************
@node Interprocess communication API (IPC)
address@hidden Interprocess communication API (IPC)
address@hidden Interprocess communication API (IPC)
In GNUnet a variety of new message types might be defined and used in
interprocess communication, in this tutorial we use the @code{struct
@@ -2100,12 +2037,19 @@ any other peer connecting to the service.)
@menu
* Define new message types::
* Define message struct::
-* Connection between client and server::
-* Server Setting::
+* Client: Establish connection::
+* Client: Initialize request message::
+* Client: Send request and receive response::
+* Server: Startup service::
+* Server: Add new handles for specified messages::
+* Server: Process request message::
+* Server: Response to client::
+* Server: Notification of clients::
+* Conversion between Network Byte Order (Big Endian) and Host Byte Order::
@end menu
@node Define new message types
address@hidden Define new message types
address@hidden Define new message types
First of all, you should define the new message type in
@code{gnunet_protocols.h}:
@@ -2118,7 +2062,7 @@ First of all, you should define the new message type in
@c ***************************************************************************
@node Define message struct
address@hidden Define message struct
address@hidden Define message struct
After the type definition, the specified message structure should also be
described in the header file, e.g. transport.h in our case.
@@ -2137,33 +2081,15 @@ addrlen GNUNET_PACKED;
Please note @code{GNUNET_NETWORK_STRUCT_BEGIN} and @code{GNUNET_PACKED} which
both ensure correct alignment when sending structs over the network
address@hidden
***************************************************************************
address@hidden Connection between client and server
address@hidden Connection between client and server
address@hidden %**end of header
-
-For typical communication, the connection should be created first, in other
-words, a connection between the client and the service should be
-established.
-
-
address@hidden
***************************************************************************
@menu
-* Client setting::
-* Establish connection::
-* Initialize request message::
-* Send request and receive response::
@end menu
address@hidden Client setting
address@hidden Client setting
address@hidden %**end of header
-
@c ***************************************************************************
address@hidden Establish connection
address@hidden Establish connection
address@hidden Client: Establish connection
address@hidden Client: Establish connection
@c %**end of header
+
At first, on the client side, the underlying API is employed to create a new
connection to a service, in our example the transport service would be
connected.
@@ -2173,8 +2099,8 @@ GNUNET_CLIENT_connect ("transport", cfg);
@end example
@c ***************************************************************************
address@hidden Initialize request message
address@hidden Initialize request message
address@hidden Client: Initialize request message
address@hidden Client: Initialize request message
@c %**end of header
When the connection is ready, we initialize the message. In this step, all the
@@ -2198,10 +2124,13 @@ conversion function please refer to Introduction of Big
Endian and Little
Endian.
@c ***************************************************************************
address@hidden Send request and receive response
address@hidden Send request and receive response
address@hidden Client: Send request and receive response
address@hidden Client: Send request and receive response
@c %**end of header
+FIXME: This is very outdated, see the tutorial for the
+current API!
+
Next, the client would send the constructed message as a request to the service
and wait for the response from the service. To accomplish this goal, there are
a number of API calls that can be used. In this example,
@@ -2217,23 +2146,8 @@ the argument @code{address_response_processor} is a
function with
@code{GNUNET_CLIENT_MessageHandler} type, which is used to process the reply
message from the service.
address@hidden
***************************************************************************
address@hidden Server Setting
address@hidden Server Setting
-
-
address@hidden
***************************************************************************
address@hidden
-* Startup service::
-* Add new handles for specified messages::
-* Process request message::
-* Response to client::
-* Notification of clients::
-* Conversion between Network Byte Order (Big Endian) and Host Byte Order::
address@hidden menu
-
address@hidden Startup service
address@hidden Startup service
address@hidden Server: Startup service
address@hidden Server: Startup service
After receiving the request message, we run a standard GNUnet service startup
sequence using @code{GNUNET_SERVICE_run}, as follows,
@@ -2244,8 +2158,8 @@ GNUNET_SERVICE_OPTION_NONE, &run, NULL)); @}
@end example
@c ***************************************************************************
address@hidden Add new handles for specified messages
address@hidden Add new handles for specified messages
address@hidden Server: Add new handles for specified messages
address@hidden Server: Add new handles for specified messages
@c %**end of header
in the function above the argument @code{run} is used to initiate transport
@@ -2282,8 +2196,8 @@ can be set. In addition, the terminator sign depicted as
@address@hidden, NULL, 0,
address@hidden is set in the last aera.
@c ***************************************************************************
address@hidden Process request message
address@hidden Process request message
address@hidden Server: Process request message
address@hidden Server: Process request message
@c %**end of header
After the initialization of transport service, the request message would be
@@ -2323,8 +2237,8 @@ In comparison to the aforementioned situation, when the
argument is equal to
@code{GNUNET_OK}, the service would continue to process the requst message.
@c ***************************************************************************
address@hidden Response to client
address@hidden Response to client
address@hidden Server: Response to client
address@hidden Server: Response to client
@c %**end of header
Once the processing of current request is done, the server should give the
@@ -2353,8 +2267,8 @@ Note that, there are also a number of other APIs provided
to the service to
send the message.
@c ***************************************************************************
address@hidden Notification of clients
address@hidden Notification of clients
address@hidden Server: Notification of clients
address@hidden Server: Notification of clients
@c %**end of header
Often a service needs to (repeatedly) transmit notifications to a client or a
@@ -2432,8 +2346,9 @@ time from network byte order.
@end table
@c ***************************************************************************
+
@node Cryptography API
address@hidden Cryptography API
address@hidden Cryptography API
@c %**end of header
The gnunetutil APIs provides the cryptographic primitives used in GNUnet.
@@ -2469,7 +2384,7 @@ be considered secure for traditional applications of RSA.
@c ***************************************************************************
@node Message Queue API
address@hidden Message Queue API
address@hidden Message Queue API
@c %**end of header
@strong{ Introduction }@ Often, applications need to queue messages that are to
@@ -2593,7 +2508,7 @@ callback. When canceling an envelope, it is not
necessary@ to call
@c ***************************************************************************
@node Service API
address@hidden Service API
address@hidden Service API
@c %**end of header
Most GNUnet code lives in the form of services. Services are processes that
@@ -2659,7 +2574,7 @@ values before terminating.
@c ***************************************************************************
@node Optimizing Memory Consumption of GNUnet's (Multi-) Hash Maps
address@hidden Optimizing Memory Consumption of GNUnet's (Multi-) Hash Maps
address@hidden Optimizing Memory Consumption of GNUnet's (Multi-) Hash Maps
@c %**end of header
A commonly used data structure in GNUnet is a (multi-)hash map. It is most
@@ -2682,7 +2597,7 @@ introduced to minimize the footprint of the hash map.
@end menu
@node Analysis
address@hidden Analysis
address@hidden Analysis
@c %**end of header
The main reason for the "excessive" memory consumption by the hash map is that
@@ -2727,7 +2642,7 @@ significant number of entries, as there we tend to really
try to keep the
entries small.
@c ***************************************************************************
@node Solution
address@hidden Solution
address@hidden Solution
@c %**end of header
The solution that has now been implemented is to @strong{optionally} allow the
@@ -2743,7 +2658,7 @@ the client code does not meet these requirements, the
result is a dangling
pointer and undefined behavior of the (multi-)hash map API.
@c ***************************************************************************
@node Migration
address@hidden Migration
address@hidden Migration
@c %**end of header
To use the new feature, first check that the values contain the respective key
@@ -2786,7 +2701,7 @@ does not ensure that the given key is valid until the
entry is removed from the
map, undefined behavior is likely to be observed.
@c ***************************************************************************
@node Conclusion
address@hidden Conclusion
address@hidden Conclusion
@c %**end of header
The new optimization can is often applicable and can result in a reduction in
@@ -2797,7 +2712,7 @@ performance increase is deemed significant enough. In
particular, it should
generally not be used in new code (wait at least until benchmarks exist).
@c ***************************************************************************
@node Availability
address@hidden Availability
address@hidden Availability
@c %**end of header
The new multi hash map code was committed in SVN 24319 (will be in GNUnet
@@ -2808,7 +2723,7 @@ by 20-30% due to this change.
@c ***************************************************************************
@node The CONTAINER_MDLL API
address@hidden The CONTAINER_MDLL API
address@hidden The CONTAINER_MDLL API
@c %**end of header
This text documents the GNUNET_CONTAINER_MDLL API. The GNUNET_CONTAINER_MDLL
@@ -2876,9 +2791,16 @@ providing developers insights about crash reasons. The
purpose of this document
is to give GNUnet developer an idea about how ARM works and how to interact
with it.
address@hidden
+* Basic functionality::
+* Key configuration options::
+* Availability2::
+* Reliability::
address@hidden menu
+
@c ***************************************************************************
@node Basic functionality
address@hidden Basic functionality
address@hidden Basic functionality
@c %**end of header
@itemize @bullet
@@ -2901,7 +2823,7 @@ a service "resolver", stops the "resolver" then stops
"ARM".
@c ***************************************************************************
@node Key configuration options
address@hidden Key configuration options
address@hidden Key configuration options
@c %**end of header
Configurations for ARM and services should be available in a .conf file (As an
@@ -2963,7 +2885,7 @@ that are going to run.@
@c ***************************************************************************
@node Availability2
address@hidden Availability2
address@hidden Availability2
@c %**end of header
As mentioned before, one of the features provided by ARM is starting services
@@ -3002,7 +2924,7 @@ work).
@c ***************************************************************************
@node Reliability
address@hidden Reliability
address@hidden Reliability
One of the features provided by ARM, is the automatic restart of crashed
services.@ ARM needs to know which of the running services died. Function
@@ -3095,8 +3017,12 @@ configuration and blacklisting clients
Note that the term "clients" in the list above really refers to the GNUnet-CORE
service, as CORE is typically the only client of the transport service.
address@hidden
+* Address validation protocol::
address@hidden menu
+
@node Address validation protocol
address@hidden Address validation protocol
address@hidden Address validation protocol
@c %**end of header
This section documents how the GNUnet transport service validates connections
@@ -3929,8 +3855,16 @@ keys)
@item liveness (keep-alive messages, timeout)
@end itemize
address@hidden
+* Limitations::
+* When is a peer "connected"?::
+* libgnunetcore::
+* The CORE Client-Service Protocol::
+* The CORE Peer-to-Peer Protocol::
address@hidden menu
+
@node Limitations
address@hidden Limitations
address@hidden Limitations
@c %**end of header
CORE does not perform @uref{http://en.wikipedia.org/wiki/Routing, routing};
@@ -3961,7 +3895,7 @@ expected to process messages at line-speed. If flow
control is needed,
applications should use the CADET service.
@node When is a peer "connected"?
address@hidden When is a peer "connected"?
address@hidden When is a peer "connected"?
@c %**end of header
In addition to the security features mentioned above, CORE also provides one
@@ -3990,7 +3924,7 @@ connecting peers before exchanging information about
supported message types
and notifying applications about the new connection.
@node libgnunetcore
address@hidden libgnunetcore
address@hidden libgnunetcore
@c %**end of header
The CORE API (defined in @code{gnunet_core_service.h}) is the basic messaging
@@ -4051,7 +3985,7 @@ disconnect events for all existing connections. Once the
connections are
re-established, the applications will be receive matching connect events.
@node The CORE Client-Service Protocol
address@hidden The CORE Client-Service Protocol
address@hidden The CORE Client-Service Protocol
@c %**end of header
This section describes the protocol between an application using the CORE
@@ -4065,7 +3999,7 @@ service (the client) and the CORE service process itself.
@end menu
@node Setup2
address@hidden Setup2
address@hidden Setup2
@c %**end of header
When a client connects to the CORE service, it first sends a
@@ -4094,7 +4028,7 @@ The CORE service responds to the @code{InitMessage} with
an
CORE and the client can send messages.
@node Notifications
address@hidden Notifications
address@hidden Notifications
@c %**end of header
The CORE will send @code{ConnectNotifyMessage}s and
@@ -4109,7 +4043,7 @@ for the message type) is used to notify clients
monitoring outbound messages;
here, the peer identity given is that of the receiver.
@node Sending
address@hidden Sending
address@hidden Sending
@c %**end of header
When a client wants to transmit a message, it first requests a transmission
@@ -4127,7 +4061,7 @@ contain a "unique" request ID (based on a counter
incremented by the client
for each request).
@node The CORE Peer-to-Peer Protocol
address@hidden The CORE Peer-to-Peer Protocol
address@hidden The CORE Peer-to-Peer Protocol
@c %**end of header
@@ -4139,7 +4073,7 @@ for each request).
@end menu
@node Creating the EphemeralKeyMessage
address@hidden Creating the EphemeralKeyMessage
address@hidden Creating the EphemeralKeyMessage
@c %**end of header
When the CORE service starts, each peer creates a fresh ephemeral (ECC)
@@ -4179,7 +4113,7 @@ using the new ephemeral key
@end table
@node Establishing a connection
address@hidden Establishing a connection
address@hidden Establishing a connection
@c %**end of header
Peers begin their interaction by sending a @code{EphemeralKeyMessage} to the
@@ -4195,7 +4129,7 @@ receiving a @code{PongMessage} check the challenge, and
if it matches set the
connection to @code{KX_STATE_UP}.
@node Encryption and Decryption
address@hidden Encryption and Decryption
address@hidden Encryption and Decryption
@c %**end of header
All functions related to the key exchange and encryption/decryption of
@@ -4221,7 +4155,7 @@ ephemeral key changes every 12h, a peer would not even be
able to decrypt
messages older than 12h.
@node Type maps
address@hidden Type maps
address@hidden Type maps
@c %**end of header
Once an encrypted connection has been established, peers begin to exchange
@@ -4291,8 +4225,12 @@ the sender to send more traffic than the receiver or the
network are able to
process.
@end itemize
address@hidden
+* libgnunetcadet::
address@hidden menu
+
@node libgnunetcadet
address@hidden libgnunetcadet
address@hidden libgnunetcadet
The CADET API (defined in gnunet_cadet_service.h) is the messaging API used by
@@ -4383,11 +4321,12 @@ of [2/3 estimate, 3/2 estimate]. We will now give an
overview of the algorithm
used to calcualte the estimate; all of the details can be found in this
technical report.
-
-
@menu
* Motivation::
* Principle::
+* libgnunetnse::
+* The NSE Client-Service Protocol::
+* The NSE Peer-to-Peer Protocol::
@end menu
@node Motivation
@@ -4526,7 +4465,7 @@ network size is calculated in powers of two of the raw
input, thus one bit of
uncertainty means a factor of two in the size estimate.
@node libgnunetnse
address@hidden libgnunetnse
address@hidden libgnunetnse
@c %**end of header
@@ -4551,7 +4490,7 @@ longer called with new estimates.
@end menu
@node Results
address@hidden Results
address@hidden Results
@c %**end of header
@@ -4588,7 +4527,7 @@ veriation is very high, the average maybe meaningless:
the network size is
changing rapidly).
@node Examples2
address@hidden Examples2
address@hidden Examples2
@c %**end of header
@@ -4613,7 +4552,7 @@ were announced with "5 sigma" and "6 sigma" certainties.
In this case a 5 sigma
minimum would be 2 million and a 6 sigma minimum, 1.8 million.
@node The NSE Client-Service Protocol
address@hidden The NSE Client-Service Protocol
address@hidden The NSE Client-Service Protocol
@c %**end of header
@@ -4633,7 +4572,7 @@ When the @code{GNUNET_NSE_disconnect} API call is
executed, the client simply
disconnects from the service, with no message involved.
@node The NSE Peer-to-Peer Protocol
address@hidden The NSE Peer-to-Peer Protocol
address@hidden The NSE Peer-to-Peer Protocol
@c %**end of header
@@ -4712,8 +4651,19 @@ outdated set of HELLO messages from the distribution. In
this case, getting new
peers to connect to the network requires either manual effort or the use of a
HOSTLIST to obtain HELLOs.
address@hidden
+* HELLOs::
+* Overview for the HOSTLIST subsystem::
+* Interacting with the HOSTLIST daemon::
+* Hostlist security address validation::
+* The HOSTLIST daemon::
+* The HOSTLIST server::
+* The HOSTLIST client::
+* Usage::
address@hidden menu
+
@node HELLOs
address@hidden HELLOs
address@hidden HELLOs
@c %**end of header
@@ -4724,7 +4674,7 @@ may contain address information that specifies ways to
contact a peer. By
obtaining HELLO messages, a peer can learn how to contact other peers.
@node Overview for the HOSTLIST subsystem
address@hidden Overview for the HOSTLIST subsystem
address@hidden Overview for the HOSTLIST subsystem
@c %**end of header
@@ -4748,7 +4698,7 @@ server makes it simply convenient to offer this service.
@end menu
@node Features
address@hidden Features
address@hidden Features
@c %**end of header
@@ -4765,7 +4715,7 @@ gossip
@end itemize
@node Limitations2
address@hidden Limitations2
address@hidden Limitations2
@c %**end of header
@@ -4777,7 +4727,7 @@ The HOSTLIST daemon does not:
@end itemize
@node Interacting with the HOSTLIST daemon
address@hidden Interacting with the HOSTLIST daemon
address@hidden Interacting with the HOSTLIST daemon
@c %**end of header
@@ -4802,7 +4752,7 @@ HOSTLIST does not monitor STATISTICS for changes to the
download
frequency).
@node Hostlist security address validation
address@hidden Hostlist security address validation
address@hidden Hostlist security address validation
@c %**end of header
@@ -4821,7 +4771,7 @@ list of HELLO messages and forwards these information to
the TRANSPORT server
to validate the addresses.
@node The HOSTLIST daemon
address@hidden The HOSTLIST daemon
address@hidden The HOSTLIST daemon
@c %**end of header
@@ -4849,7 +4799,7 @@ To clean up on shutdown, the daemon has a cleaning task,
shutting down all
subsystems and disconnecting from CORE.
@node The HOSTLIST server
address@hidden The HOSTLIST server
address@hidden The HOSTLIST server
@c %**end of header
@@ -4865,7 +4815,7 @@ connecting on CORE level.
@end menu
@node The HTTP Server
address@hidden The HTTP Server
address@hidden The HTTP Server
@c %**end of header
@@ -4889,7 +4839,7 @@ result code HTTP 200 OK. The connection will be closed
immediately if no
hostlist is available.
@node Advertising the URL
address@hidden Advertising the URL
address@hidden Advertising the URL
@c %**end of header
@@ -4899,7 +4849,7 @@ learning enabled, the server sends a
GNUNET_MESSAGE_TYPE_HOSTLIST_ADVERTISEMENT
message to this peer using the CORE service.
@node The HOSTLIST client
address@hidden The HOSTLIST client
address@hidden The HOSTLIST client
@c %**end of header
@@ -4919,7 +4869,7 @@ and learning of URLs.
@end menu
@node Bootstrapping
address@hidden Bootstrapping
address@hidden Bootstrapping
@c %**end of header
@@ -4942,7 +4892,7 @@ TRANSPORT service for validation. When the download is
finished or failed,
statistical information about the quality of this URL is updated.
@node Learning
address@hidden Learning
address@hidden Learning
@c %**end of header
@@ -4959,7 +4909,7 @@ shutdown the list of URLs is saved to a file for
persistance and loaded on
startup. URLs from the configuration file are never discarded.
@node Usage
address@hidden Usage
address@hidden Usage
@c %**end of header
@@ -5014,8 +4964,13 @@ fixed and known to everyone. Thus, anyone can perform
actions as anonymous.
This can be useful as with this trick, code does not have to contain a special
case to distinguish between anonymous and pseudonymous egos.
address@hidden
+* libgnunetidentity::
+* The IDENTITY Client-Service Protocol::
address@hidden menu
+
@node libgnunetidentity
address@hidden libgnunetidentity
address@hidden libgnunetidentity
@c %**end of header
@@ -5028,7 +4983,7 @@ case to distinguish between anonymous and pseudonymous
egos.
@end menu
@node Connecting to the service
address@hidden Connecting to the service
address@hidden Connecting to the service
@c %**end of header
@@ -5062,7 +5017,7 @@ invoked with a name of NULL, so it is safe to store a
reference to the ego's
handle.
@node Operations on Egos
address@hidden Operations on Egos
address@hidden Operations on Egos
@c %**end of header
@@ -5084,7 +5039,7 @@ operation will not be completed anyway, only the
continuation will no longer be
called.
@node The anonymous Ego
address@hidden The anonymous Ego
address@hidden The anonymous Ego
@c %**end of header
@@ -5097,7 +5052,7 @@ ego is always valid and accessing it does not require a
connection to the
identity service.
@node Convenience API to lookup a single ego
address@hidden Convenience API to lookup a single ego
address@hidden Convenience API to lookup a single ego
As applications commonly simply have to lookup a single ego, there is a
@@ -5109,7 +5064,7 @@ will only be valid during that callback. The operation
can be cancelled via
callback is invoked).
@node Associating egos with service functions
address@hidden Associating egos with service functions
address@hidden Associating egos with service functions
The @code{GNUNET_IDENTITY_set} function is used to associate a particular ego
@@ -5118,7 +5073,7 @@ arguments. Afterwards, the service can use its name to
lookup the associated
ego using @code{GNUNET_IDENTITY_get}.
@node The IDENTITY Client-Service Protocol
address@hidden The IDENTITY Client-Service Protocol
address@hidden The IDENTITY Client-Service Protocol
@c %**end of header
@@ -5173,8 +5128,12 @@ a specific or all zones and to monitor zones for
changes. NAMESTORE
functionality can be accessed using the NAMESTORE api or the NAMESTORE command
line tool.
address@hidden
+* libgnunetnamestore::
address@hidden menu
+
@node libgnunetnamestore
address@hidden libgnunetnamestore
address@hidden libgnunetnamestore
@c %**end of header
@@ -5199,7 +5158,7 @@ can be used to obtained the master zone's private key.}}
@end menu
@node Editing Zone Information
address@hidden Editing Zone Information
address@hidden Editing Zone Information
@c %**end of header
@@ -5235,7 +5194,7 @@ zone, the nickname as string plus a the callback with the
result of the
operation.
@node Iterating Zone Information
address@hidden Iterating Zone Information
address@hidden Iterating Zone Information
@c %**end of header
@@ -5253,7 +5212,7 @@ NAMESTORE reached the last item it will call the callback
with a NULL value to
indicate.
@node Monitoring Zone Information
address@hidden Monitoring Zone Information
address@hidden Monitoring Zone Information
@c %**end of header
@@ -5290,8 +5249,19 @@ subsystems tend to need to store per-peer information in
persistent way. To not
duplicate this functionality we plan to provide a PEERSTORE service providing
this functionality
address@hidden
+* Features2::
+* Limitations3::
+* DeveloperPeer Information::
+* Startup::
+* Managing Information::
+* Obtaining Information::
+* The PEERINFO Client-Service Protocol::
+* libgnunetpeerinfo::
address@hidden menu
+
@node Features2
address@hidden Features2
address@hidden Features2
@c %**end of header
@@ -5303,7 +5273,7 @@ this functionality
@end itemize
@node Limitations3
address@hidden Limitations3
address@hidden Limitations3
@itemize @bullet
@@ -5311,7 +5281,7 @@ this functionality
@end itemize
@node DeveloperPeer Information
address@hidden DeveloperPeer Information
address@hidden DeveloperPeer Information
@c %**end of header
@@ -5340,7 +5310,7 @@ information to other peers in form of a hostlist or the
TRANSPORT subsystem
using these information to maintain connections to other peers.
@node Startup
address@hidden Startup
address@hidden Startup
@c %**end of header
@@ -5355,7 +5325,7 @@ the distribution. The use of these HELLOs can be
prevented by setting the
@code{NO}. Files containing invalid information are removed.
@node Managing Information
address@hidden Managing Information
address@hidden Managing Information
@c %**end of header
@@ -5375,7 +5345,7 @@ HELLO does not contain any valid addresses, it is
discarded and removed from
disk.
@node Obtaining Information
address@hidden Obtaining Information
address@hidden Obtaining Information
@c %**end of header
@@ -5391,7 +5361,7 @@ a HELLO for a peer was updated (due to a merge for
example) or a new peer was
added.
@node The PEERINFO Client-Service Protocol
address@hidden The PEERINFO Client-Service Protocol
address@hidden The PEERINFO Client-Service Protocol
@c %**end of header
@@ -5421,7 +5391,7 @@ message is @code{struct GNUNET_MessageHeader} with type
he can proceed with the next request if any is pending
@node libgnunetpeerinfo
address@hidden libgnunetpeerinfo
address@hidden libgnunetpeerinfo
@c %**end of header
@@ -5437,7 +5407,7 @@ information form the PEERINFO service.
@end menu
@node Connecting to the Service
address@hidden Connecting to the Service
address@hidden Connecting to the Service
@c %**end of header
@@ -5447,7 +5417,7 @@ PEERINFO the function @code{GNUNET_PEERINFO_disconnect},
taking the PEERINFO
handle returned from the connect function has to be called.
@node Adding Information
address@hidden Adding Information
address@hidden Adding Information
@c %**end of header
@@ -5461,7 +5431,7 @@ you can iterate over all information stored with PEERINFO
or you can tell
PEERINFO to notify if new peer information are available.
@node Obtaining Information2
address@hidden Obtaining Information2
address@hidden Obtaining Information2
@c %**end of header
@@ -5481,6 +5451,7 @@ will notify you about every change and the callback
function will be called to
notify you about changes. The function returns a handle to cancel notifications
with @code{GNUNET_PEERINFO_notify_cancel}.
+
@node GNUnet's PEERSTORE subsystem
@section GNUnet's PEERSTORE subsystem
@@ -5499,8 +5470,14 @@ the following fields:
@item expiry: record expiry date.
@end itemize
address@hidden
+* Functionality::
+* Architecture::
+* libgnunetpeerstore::
address@hidden menu
+
@node Functionality
address@hidden Functionality
address@hidden Functionality
@c %**end of header
@@ -5525,7 +5502,7 @@ Subsystems can also request to be notified about any new
values stored under a
PEERSTORE.
@node Architecture
address@hidden Architecture
address@hidden Architecture
@c %**end of header
@@ -5540,7 +5517,7 @@ issue commands to the PEERSTORE service.
@end itemize
@node libgnunetpeerstore
address@hidden libgnunetpeerstore
address@hidden libgnunetpeerstore
@c %**end of header
@@ -5591,8 +5568,19 @@ operations. Elements of a set consist of an
@emph{element type} and arbitrary
binary @emph{data}. The size of an element's data is limited to around 62
KB.
address@hidden
+* Local Sets::
+* Set Modifications::
+* Set Operations::
+* Result Elements::
+* libgnunetset::
+* The SET Client-Service Protocol::
+* The SET Intersection Peer-to-Peer Protocol::
+* The SET Union Peer-to-Peer Protocol::
address@hidden menu
+
@node Local Sets
address@hidden Local Sets
address@hidden Local Sets
@c %**end of header
@@ -5605,7 +5593,7 @@ for an operation of a different type, all of the set's
element must be copied
to a new set of appropriate type.
@node Set Modifications
address@hidden Set Modifications
address@hidden Set Modifications
@c %**end of header
@@ -5617,7 +5605,7 @@ mechanism is @emph{not} implemented by copying the whole
set, but by attaching
@emph{generation information} to each element and operation.
@node Set Operations
address@hidden Set Operations
address@hidden Set Operations
@c %**end of header
@@ -5633,7 +5621,7 @@ accept the set request (providing a local set for the
operation) or reject
it.
@node Result Elements
address@hidden Result Elements
address@hidden Result Elements
@c %**end of header
@@ -5656,7 +5644,7 @@ the result of the set operation.
@end itemize
@node libgnunetset
address@hidden libgnunetset
address@hidden libgnunetset
@c %**end of header
@@ -5669,7 +5657,7 @@ the result of the set operation.
@end menu
@node Sets
address@hidden Sets
address@hidden Sets
@c %**end of header
@@ -5684,7 +5672,7 @@ Elements are added and removed with
@code{GNUNET_SET_add_element} and
@code{GNUNET_SET_remove_element}.
@node Listeners
address@hidden Listeners
address@hidden Listeners
@c %**end of header
@@ -5696,7 +5684,7 @@ Note that the operation will not be started until the
client calls
@code{GNUNET_SET_commit} (see Section "Supplying a Set").
@node Operations
address@hidden Operations
address@hidden Operations
@c %**end of header
@@ -5706,7 +5694,7 @@ the client calls @code{GNUNET_SET_commit} (see Section
"Supplying a
Set").
@node Supplying a Set
address@hidden Supplying a Set
address@hidden Supplying a Set
@c %**end of header
@@ -5720,7 +5708,7 @@ operation. @code{GNUNET_SET_commit} may only be called
once per set
operation.
@node The Result Callback
address@hidden The Result Callback
address@hidden The Result Callback
@c %**end of header
@@ -5733,7 +5721,7 @@ arguments do not indicate if an element is part of the
full result set, or if
it is in the difference between the original set and the final set.
@node The SET Client-Service Protocol
address@hidden The SET Client-Service Protocol
address@hidden The SET Client-Service Protocol
@c %**end of header
@@ -5747,7 +5735,7 @@ it is in the difference between the original set and the
final set.
@end menu
@node Creating Sets
address@hidden Creating Sets
address@hidden Creating Sets
@c %**end of header
@@ -5757,7 +5745,7 @@ client connection. Multiple operations for one set are
multiplexed over one
client connection, using a request id supplied by the client.
@node Listeners2
address@hidden Listeners2
address@hidden Listeners2
@c %**end of header
@@ -5770,7 +5758,7 @@ client connection. In contrast, when accepting an
incoming request, a a
supplied for the set operation.
@node Initiating Operations
address@hidden Initiating Operations
address@hidden Initiating Operations
@c %**end of header
@@ -5779,7 +5767,7 @@ Operations with remote peers are initiated by sending a
connection that this message is sent by determines the set to use.
@node Modifying Sets
address@hidden Modifying Sets
address@hidden Modifying Sets
@c %**end of header
@@ -5793,14 +5781,14 @@ Sets are modified with the
@code{GNUNET_SERVICE_SET_ADD} and
@c address@hidden menu
@node Results and Operation Status
address@hidden Results and Operation Status
address@hidden Results and Operation Status
@c %**end of header
The service notifies the client of result elements and success/failure of a set
operation with the @code{GNUNET_SERVICE_SET_RESULT} message.
@node Iterating Sets
address@hidden Iterating Sets
address@hidden Iterating Sets
@c %**end of header
@@ -5812,7 +5800,7 @@ client@ must send @code{GNUNET_SERVICE_SET_ITER_ACK}.
Note that only one set
iteration may be active for a set at any given time.
@node The SET Intersection Peer-to-Peer Protocol
address@hidden The SET Intersection Peer-to-Peer Protocol
address@hidden The SET Intersection Peer-to-Peer Protocol
@c %**end of header
@@ -5843,7 +5831,7 @@ handshake.
@end menu
@node The Bloom filter exchange
address@hidden The Bloom filter exchange
address@hidden The Bloom filter exchange
@c %**end of header
@@ -5867,7 +5855,7 @@ latest set is the final result. Otherwise, the receiver
starts another Bloom
fitler exchange, except this time as the sender.
@node Salt
address@hidden Salt
address@hidden Salt
@c %**end of header
@@ -5885,7 +5873,7 @@ of the same size, and where the XOR over all keys
computes the same 512-bit
value (leaving a failure probability of 2-511).
@node The SET Union Peer-to-Peer Protocol
address@hidden The SET Union Peer-to-Peer Protocol
address@hidden The SET Union Peer-to-Peer Protocol
@c %**end of header
@@ -5967,8 +5955,13 @@ before terminating itself. This is to prevent the loss
of data during peer
shutdown --- delaying the STATISTICS service shutdown helps other services to
store important data to STATISTICS during shutdown.
address@hidden
+* libgnunetstatistics::
+* The STATISTICS Client-Service Protocol::
address@hidden menu
+
@node libgnunetstatistics
address@hidden libgnunetstatistics
address@hidden libgnunetstatistics
@c %**end of header
@@ -5997,7 +5990,7 @@ can be used.
@end menu
@node Statistics retrieval
address@hidden Statistics retrieval
address@hidden Statistics retrieval
@c %**end of header
@@ -6019,7 +6012,7 @@ retrieving statistics takes too long and especially when
we want to shutdown
and cleanup everything.
@node Setting statistics and updating them
address@hidden Setting statistics and updating them
address@hidden Setting statistics and updating them
@c %**end of header
@@ -6045,7 +6038,7 @@ with the STATISTICS service. Thus, the client does not
have to worry about
sending requests too quickly.
@node Watches
address@hidden Watches
address@hidden Watches
@c %**end of header
@@ -6063,7 +6056,7 @@ A registered watch will keep notifying any value changes
until
are used for registering the watch.
@node The STATISTICS Client-Service Protocol
address@hidden The STATISTICS Client-Service Protocol
address@hidden The STATISTICS Client-Service Protocol
@c %**end of header
@@ -6074,7 +6067,7 @@ are used for registering the watch.
@end menu
@node Statistics retrieval2
address@hidden Statistics retrieval2
address@hidden Statistics retrieval2
@c %**end of header
@@ -6087,7 +6080,7 @@ information retrieved is signaled by the service by
sending a message of type
@code{GNUNET_MESSAGE_TYPE_STATISTICS_END}.
@node Setting and updating statistics
address@hidden Setting and updating statistics
address@hidden Setting and updating statistics
@c %**end of header
@@ -6109,7 +6102,7 @@ relative update by sending a message of type
message should be treated as an update value.
@node Watching for updates
address@hidden Watching for updates
address@hidden Watching for updates
@c %**end of header
@@ -6155,8 +6148,15 @@ significant delay. Your application logic must be
written to tolerate this
(naturally, some loss of performance or quality of service is expected in this
case).
address@hidden
+* Block library and plugins::
+* libgnunetdht::
+* The DHT Client-Service Protocol::
+* The DHT Peer-to-Peer Protocol::
address@hidden menu
+
@node Block library and plugins
address@hidden Block library and plugins
address@hidden Block library and plugins
@c %**end of header
@@ -6169,7 +6169,7 @@ case).
@end menu
@node What is a Block?
address@hidden What is a Block?
address@hidden What is a Block?
@c %**end of header
@@ -6184,7 +6184,7 @@ subsystem provides a few common functions that must be
available for any type
of block.
@node The API of libgnunetblock
address@hidden The API of libgnunetblock
address@hidden The API of libgnunetblock
@c %**end of header
@@ -6213,7 +6213,7 @@ it is encountered again). If a plugin fails to do this,
responses may loop in
the network.
@node Queries
address@hidden Queries
address@hidden Queries
@c %**end of header
The query format for any block in GNUnet consists of four main components.
@@ -6237,7 +6237,7 @@ Depending on the results from the plugin, the DHT will
then discard the
(valid) reply, and/or forward the (valid and non-duplicate) reply.
@node Sample Code
address@hidden Sample Code
address@hidden Sample Code
@c %**end of header
@@ -6247,7 +6247,7 @@ performs no validation at all. The respective
@strong{Makefile.am} shows how to
build and install a block plugin.
@node Conclusion2
address@hidden Conclusion2
address@hidden Conclusion2
@c %**end of header
@@ -6259,7 +6259,7 @@ line tools. However, it should NOT be used for normal
applications due to the
lack of error checking that results from this primitive implementation.
@node libgnunetdht
address@hidden libgnunetdht
address@hidden libgnunetdht
@c %**end of header
@@ -6277,7 +6277,7 @@ network.
@end menu
@node GET
address@hidden GET
address@hidden GET
@c %**end of header
@@ -6302,7 +6302,7 @@ library in the network, which may result in a significant
reduction in
bandwidth consumption.
@node PUT
address@hidden PUT
address@hidden PUT
@c %**end of header
@@ -6321,7 +6321,7 @@ the content lifetime. Content in the DHT typically
expires after one day, so
DHT PUT operations should be repeated at least every 1-2 hours.
@node MONITOR
address@hidden MONITOR
address@hidden MONITOR
@c %**end of header
@@ -6341,7 +6341,7 @@ Naturally, additional protocols might be needed to ensure
that the desired
number of workers will process the distributed workload.
@node DHT Routing Options
address@hidden DHT Routing Options
address@hidden DHT Routing Options
@c %**end of header
@@ -6370,7 +6370,7 @@ the future offer performance improvements for clique
topologies.
@end table
@node The DHT Client-Service Protocol
address@hidden The DHT Client-Service Protocol
address@hidden The DHT Client-Service Protocol
@c %**end of header
@@ -6381,7 +6381,7 @@ the future offer performance improvements for clique
topologies.
@end menu
@node PUTting data into the DHT
address@hidden PUTting data into the DHT
address@hidden PUTting data into the DHT
@c %**end of header
@@ -6401,7 +6401,7 @@ would also require additional state and messages in the
P2P
interaction.
@node GETting data from the DHT
address@hidden GETting data from the DHT
address@hidden GETting data from the DHT
@c %**end of header
@@ -6438,7 +6438,7 @@ over the same connection with the DHT service --- and to
stop them
individually.
@node Monitoring the DHT
address@hidden Monitoring the DHT
address@hidden Monitoring the DHT
@c %**end of header
@@ -6454,7 +6454,7 @@ GNUNET_DHT_MonitorGetRespMessage} for RESULTs. Each of
these messages contains
all of the information about the event.
@node The DHT Peer-to-Peer Protocol
address@hidden The DHT Peer-to-Peer Protocol
address@hidden The DHT Peer-to-Peer Protocol
@c %**end of header
@@ -6465,7 +6465,7 @@ all of the information about the event.
@end menu
@node Routing GETs or PUTs
address@hidden Routing GETs or PUTs
address@hidden Routing GETs or PUTs
@c %**end of header
@@ -6479,7 +6479,7 @@ key. Furthermore, requests include a set of peers that a
request has already
traversed; those peers are also excluded from the selection.
@node PUTting data into the DHT2
address@hidden PUTting data into the DHT2
address@hidden PUTting data into the DHT2
@c %**end of header
@@ -6498,7 +6498,7 @@ hop and the receiver should append the identity of the
sender to the path, not
its own identity (this is done to reduce bandwidth).
@node GETting data from the DHT2
address@hidden GETting data from the DHT2
address@hidden GETting data from the DHT2
@c %**end of header
@@ -6567,8 +6567,17 @@ users, the NAMESTORE to store information specific to
the local users, and the
DHT to exchange data between users. A plugin API is used to enable applications
to define new GNS record types.
address@hidden
+* libgnunetgns::
+* libgnunetgnsrecord::
+* GNS plugins::
+* The GNS Client-Service Protocol::
+* Hijacking the DNS-Traffic using gnunet-service-dns::
+* Serving DNS lookups via GNS on W32::
address@hidden menu
+
@node libgnunetgns
address@hidden libgnunetgns
address@hidden libgnunetgns
@c %**end of header
@@ -6587,7 +6596,7 @@ using @code{GNUNET_GNS_connect}. They can then perform
lookups using
@end menu
@node Looking up records
address@hidden Looking up records
address@hidden Looking up records
@c %**end of header
@@ -6625,7 +6634,7 @@ longer be cancelled.
@end table
@node Accessing the records
address@hidden Accessing the records
address@hidden Accessing the records
@c %**end of header
@@ -6639,7 +6648,7 @@ For DNS records, the @code{libgnunetdnsparser} library
provides functions for
parsing (and serializing) common types of DNS records.
@node Creating records
address@hidden Creating records
address@hidden Creating records
@c %**end of header
@@ -6650,7 +6659,7 @@ publish the information. The GNS API is not involved in
this
operation.
@node Future work
address@hidden Future work
address@hidden Future work
@c %**end of header
@@ -6659,7 +6668,7 @@ observe shortening operations performed during GNS
resolution, for example so
that users can receive visual feedback when this happens.
@node libgnunetgnsrecord
address@hidden libgnunetgnsrecord
address@hidden libgnunetgnsrecord
@c %**end of header
@@ -6684,7 +6693,7 @@ common DNS record types as well as standard GNS record
types.
@end menu
@node Value handling
address@hidden Value handling
address@hidden Value handling
@c %**end of header
@@ -6698,7 +6707,7 @@ readable string to the respective (binary) representation
of a GNS record
value.
@node Type handling
address@hidden Type handling
address@hidden Type handling
@c %**end of header
@@ -6715,7 +6724,7 @@ associated with a given numeric value. For example, given
the type number 1,
the function will return the typename "A".
@node GNS plugins
address@hidden GNS plugins
address@hidden GNS plugins
@c %**end of header
@@ -6736,10 +6745,10 @@ supported by the plugin, it should simply return an
error code.
The central functions of the block APIs (plugin and main library) are the same
four functions for converting between values and strings, and typenames and
-numbers documented in the previous section.
+numbers documented in the previous subsection.
@node The GNS Client-Service Protocol
address@hidden The GNS Client-Service Protocol
address@hidden The GNS Client-Service Protocol
@c %**end of header
@@ -6757,7 +6766,7 @@ format created by
@code{GNUNET_GNSRECORD_records_serialize}. They can thus be
deserialized using @code{GNUNET_GNSRECORD_records_deserialize}.
@node Hijacking the DNS-Traffic using gnunet-service-dns
address@hidden Hijacking the DNS-Traffic using gnunet-service-dns
address@hidden Hijacking the DNS-Traffic using gnunet-service-dns
@c %**end of header
@@ -6789,7 +6798,7 @@ the original nameserver as source address.
@end menu
@node Network Setup Details
address@hidden Network Setup Details
address@hidden Network Setup Details
@c %**end of header
@@ -6806,7 +6815,7 @@ other packet to a DNS-Server with mark 3 (chosen
arbitrarily). The third line
adds a routing policy based on this mark 3 via the routing table.
@node Serving DNS lookups via GNS on W32
address@hidden Serving DNS lookups via GNS on W32
address@hidden Serving DNS lookups via GNS on W32
@c %**end of header
@@ -6898,8 +6907,14 @@ always small enough (a few MB) to fit on the drive.
The NAMECACHE supports the use of different database backends via a plugin API.
address@hidden
+* libgnunetnamecache::
+* The NAMECACHE Client-Service Protocol::
+* The NAMECACHE Plugin API::
address@hidden menu
+
@node libgnunetnamecache
address@hidden libgnunetnamecache
address@hidden libgnunetnamecache
@c %**end of header
@@ -6920,7 +6935,7 @@ The maximum size of a block that can be stored in the
NAMECACHE is
@code{GNUNET_NAMECACHE_MAX_VALUE_SIZE}, which is defined to be 63 kB.
@node The NAMECACHE Client-Service Protocol
address@hidden The NAMECACHE Client-Service Protocol
address@hidden The NAMECACHE Client-Service Protocol
@c %**end of header
@@ -6937,7 +6952,7 @@ out-of-order.
@end menu
@node Lookup
address@hidden Lookup
address@hidden Lookup
@c %**end of header
@@ -6949,7 +6964,7 @@ expected to contain the expiration time, the ECDSA
signature, the derived key
and the (variable-size) encrypted data of the block.
@node Store
address@hidden Store
address@hidden Store
@c %**end of header
@@ -6960,7 +6975,7 @@ the result of the operation (success or failure). In the
future, we might want
to make it possible to provide an error message as well.
@node The NAMECACHE Plugin API
address@hidden The NAMECACHE Plugin API
address@hidden The NAMECACHE Plugin API
@c %**end of header
The NAMECACHE plugin API consists of two functions, @code{cache_block} to store
@@ -6974,7 +6989,7 @@ database.
@end menu
@node Lookup2
address@hidden Lookup2
address@hidden Lookup2
@c %**end of header
@@ -6984,7 +6999,7 @@ there are multiple non-expired results in the cache, the
lookup is supposed to
return the result with the largest expiration time.
@node Store2
address@hidden Store2
address@hidden Store2
@c %**end of header
@@ -7009,8 +7024,16 @@ REVOCATION system to inform all of the other users that
this private key is no
longer valid. The subsystem thus includes ways to query for the validity of
keys and to propagate revocation messages.
address@hidden
+* Dissemination::
+* Revocation Message Design Requirements::
+* libgnunetrevocation::
+* The REVOCATION Client-Service Protocol::
+* The REVOCATION Peer-to-Peer Protocol::
address@hidden menu
+
@node Dissemination
address@hidden Dissemination
address@hidden Dissemination
@c %**end of header
@@ -7032,7 +7055,7 @@ connect. The SET service is used to perform this operation
efficiently.
@node Revocation Message Design Requirements
address@hidden Revocation Message Design Requirements
address@hidden Revocation Message Design Requirements
@c %**end of header
@@ -7053,7 +7076,7 @@ possession of the respective user. This is another reason
to create a
revocation message ahead of time and store it in a secure location.
@node libgnunetrevocation
address@hidden libgnunetrevocation
address@hidden libgnunetrevocation
@c %**end of header
@@ -7068,7 +7091,7 @@ revocations.
@end menu
@node Querying for revoked keys
address@hidden Querying for revoked keys
address@hidden Querying for revoked keys
@c %**end of header
@@ -7078,7 +7101,7 @@ The query can be cancelled using
@code{GNUNET_REVOCATION_query_cancel} on the
return value.
@node Preparing revocations
address@hidden Preparing revocations
address@hidden Preparing revocations
@c %**end of header
@@ -7109,7 +7132,7 @@ be saved to disk for later use, which will then allow
performing a revocation
even without access to the private key.
@node Issuing revocations
address@hidden Issuing revocations
address@hidden Issuing revocations
Given a ECDSA public key, the signature from @code{GNUNET_REVOCATION_sign} and
@@ -7120,7 +7143,7 @@ library from calling the continuation; however, in that
case it is undefined
whether or not the revocation operation will be executed.
@node The REVOCATION Client-Service Protocol
address@hidden The REVOCATION Client-Service Protocol
address@hidden The REVOCATION Client-Service Protocol
The REVOCATION protocol consists of four simple messages.
@@ -7139,7 +7162,7 @@ and the proof-of-work, The service responds with a
indicates that the revocation has been processed successfully.
@node The REVOCATION Peer-to-Peer Protocol
address@hidden The REVOCATION Peer-to-Peer Protocol
address@hidden The REVOCATION Peer-to-Peer Protocol
@c %**end of header
@@ -7195,8 +7218,13 @@ in the FS service.
NOTE: The documentation in this chapter is quite incomplete.
address@hidden
+* Encoding for Censorship-Resistant Sharing (ECRS)::
+* File-sharing persistence directory structure::
address@hidden menu
+
@node Encoding for Censorship-Resistant Sharing (ECRS)
address@hidden Encoding for Censorship-Resistant Sharing (ECRS)
address@hidden Encoding for Censorship-Resistant Sharing (ECRS)
@c %**end of header
@@ -7218,7 +7246,7 @@ the research report.
@end menu
@node Namespace Advertisements
address@hidden Namespace Advertisements
address@hidden Namespace Advertisements
@c %**end of header
@@ -7231,7 +7259,7 @@ the content provderâ²s RSA private key (just like any
other SBlock). Peers
can search for @code{SBlock}s in order to find out more about a namespace.
@node KSBlocks
address@hidden KSBlocks
address@hidden KSBlocks
@c %**end of header
@@ -7259,7 +7287,7 @@ Collections are also advertised using @code{KSBlock}s.
@end table
@node File-sharing persistence directory structure
address@hidden File-sharing persistence directory structure
address@hidden File-sharing persistence directory structure
@c %**end of header
@@ -7345,8 +7373,12 @@ For the technical details, we have "Max's defense talk
and Max's Master's
thesis. An additional publication is under preparation and available to team
members (in Git).
address@hidden
+* How to run the regex profiler::
address@hidden menu
+
@node How to run the regex profiler
address@hidden How to run the regex profiler
address@hidden How to run the regex profiler
@c %**end of header
diff --git a/gnunet.texi b/gnunet.texi
index afc7b2d..0d794d8 100644
--- a/gnunet.texi
+++ b/gnunet.texi
@@ -8,8 +8,7 @@
@include version.texi
@copying
-Copyright @copyright{} 2017 address@hidden
-Copyright @copyright{} 2017 Adriano Peluso
+Copyright @copyright{} 2001-2017 GNUnet e.V.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -32,7 +31,9 @@ Foundation Web site at
@url{http://www.gnu.org/licenses/gpl.html}.
@titlepage
@title GNUnet Reference Manual
address@hidden Using and developing GNUnet
address@hidden Installing, configuring, using and contributing to GNUnet
address@hidden address@hidden
address@hidden Adriano Peluso
@author The GNUnet Developers
@page
@@ -46,11 +47,47 @@ Edition @value{EDITION} @*
@contents
@c *********************************************************************
@node Top
address@hidden GNUnet
address@hidden Contributing to GNUnet
@c *********************************************************************
This document describes GNUnet version @value{VERSION}.
+
+GNUnet is a @uref{http://www.gnu.org/, GNU} package. All code contributions
+must thus be put under the
address@hidden://www.gnu.org/copyleft/gpl.html, GNU Public License (GPL)}.
+All documentation should be put under FSF approved licenses
+(see @uref{http://www.gnu.org/copyleft/fdl.html, fdl}).
+
+By submitting documentation, translations, comments and other content to this
+website you automatically grant the right to publish code under the
+GNU Public License and documentation under either or both the GNU
+Public License or the GNU Free Documentation License. When contributing
+to the GNUnet project, GNU standards and the
address@hidden://www.gnu.org/philosophy/philosophy.html, GNU philosophy}
+should be adhered to.
+
+Note that we do now require a formal copyright assignment for GNUnet
+contributors to GNUnet e.V.; nevertheless, we do allow pseudonymous
+contributions. By signing the copyright agreement and submitting your
+code (or documentation) to us, you agree to share the rights to your
+code with GNUnet e.V.; GNUnet e.V. receives non-exclusive ownership
+rights, and in particular is allowed to dual-license the code. You
+retain non-exclusive rights to your contributions, so you can also
+share your contributions freely with other projects.
+
+GNUnet e.V. will publish all accepted contributions under the GPLv3 or any
+later version. The association may decide to publish contributions under
+additional licenses (dual-licensing).
+
+We do not intentionally remove your name from your contributions; however,
+due to extensive editing it is not always trivial to attribute contributors
+properly. If you find that you significantly contributed to a file (or the
+project as a whole) and are not listed in the respective authors file or
+section, please do let us know.
+
+
+
@menu
* Philosophy:: About GNUnet
diff --git a/installation.texi b/installation.texi
index 50b0c61..ea949cd 100644
--- a/installation.texi
+++ b/installation.texi
@@ -9,34 +9,20 @@ network.
This manual is far from complete, and we welcome informed contributions, be it
in the form of new chapters or insightful comments.
-However, the website is experiencing a constant onslaught of sophisticated
-link-spam entered manually by exploited workers solving puzzles and customizing
-text. To limit this commercial defacement, we are strictly moderating comments
-and have disallowed "normal" users from posting new content. However, this is
-really only intended to keep the spam at bay. If you are a real user or
aspiring
-developer, please drop us a note (IRC, e-mail, contact form) with your user
-profile ID number included. We will then relax these restrictions on your
-account. We're sorry for this inconvenience; however, few people would want to
-read this site if 99% of it was advertisements for bogus websites.
-
-
-
-
@menu
* Dependencies::
* Generic installation instructions::
* Build instructions for Ubuntu 12.04 using Git::
-* Install the GNUnet-gtk user interface from Subversion::
* Build Instructions for Microsoft Windows Platforms::
* Build instructions for Debian 7.5::
-* Installing GNUnet 0.10.1 on Ubuntu 14.04::
* Installing GNUnet from Git on Ubuntu 14.4::
* Build instructions for Debian 8::
* Outdated build instructions for previous revisions::
* Portable GNUnet::
-* Graphical interface::
+* The grapical configuration interface::
+* How to start and stop a GNUnet peer::
@end menu
@node Dependencies
@@ -50,6 +36,7 @@ Suggestions for missing dependencies or wrong version numbers
are welcome.
@menu
* External dependencies::
+* Fixing libgnurl build issues::
* Internal dependencies::
@end menu
@@ -119,6 +106,44 @@ must match Gtk+ version, optional (for gnunet-gtk)
3.0 or higher, optional (for gnunet-namestore-gtk)
@end table
+
address@hidden Fixing libgnurl build issues
address@hidden Fixing libgnurl build issues
+
+If you have to compile libgnurl from source since the version included in your
+distribution is to old you perhaps get an error message while running the
address@hidden script:
+
address@hidden@
+ $ configure@
+ ...@
+ checking for 64-bit curl_off_t data type... unknown@
+ checking for 32-bit curl_off_t data type... unknown@
+ checking for 16-bit curl_off_t data type... unknown@
+ configure: error: cannot find data type for curl_off_t.@
+}
+
+If you have to compile libgnurl from source since the version included in your
+distribution is to old, you perhaps get an error message while running the
address@hidden script:
+
address@hidden@
+ $ configure@
+ ...@
+ checking for 64-bit curl_off_t data type... unknown@
+ checking for 32-bit curl_off_t data type... unknown@
+ checking for 16-bit curl_off_t data type... unknown@
+ configure: error: cannot find data type for curl_off_t.@
+}
+
+Solution:
+
+Before running the configure script, set:
+
address@hidden"-I. -I$BUILD_ROOT/include" }
+
+
+
@node Internal dependencies
@subsection Internal dependencies
@@ -429,10 +454,10 @@ hosts: files gns [NOTFOUND=return] mdns4_minimal
[NOTFOUND=return] dns mdns4
You might want to make sure that @file{/lib/libnss_gns.so.2} exists on your
system, it should have been created during the installation.
address@hidden Build instructions for Ubuntu 12.04 using Git
address@hidden Build instructions for Ubuntu 12.04 using Git
address@hidden Build instructions for Ubuntu 12.04 using Git
address@hidden Build instructions for Ubuntu 12.04 using Git
@menu
@@ -444,6 +469,7 @@ system, it should have been created during the installation.
* Install libextractor from Git::
* Install GNUnet dependencies::
* Build GNUnet::
+* Install the GNUnet-gtk user interface from Git::
@end menu
@node Install the required build tools
@@ -647,8 +673,8 @@ After installing it, you need to create an empty
configuration file:@
And finally you can start GNUnet with@
@code{$ gnunet-arm -s}
address@hidden Install the GNUnet-gtk user interface from Subversion
address@hidden Install the GNUnet-gtk user interface from Subversion
address@hidden Install the GNUnet-gtk user interface from Git
address@hidden Install the GNUnet-gtk user interface from Git
Install depencies:@
@@ -863,9 +889,9 @@ choice before beginning with the instructions.
* Update::
* Stable? Hah!::
* Update again::
-* Installing Packages::
-* Installing Dependencies from Source::
-* Installing GNUnet from Source::
+* Installing packages::
+* Installing dependencies from source::
+* Installing GNUnet from source::
* But wait there is more!::
@end menu
@@ -943,8 +969,8 @@ Now, run again@
to ensure that all your new distribution indices are downloaded, and that your
pinning is correct: the upgrade step should cause no changes at all.
address@hidden Installing Packages
address@hidden Installing Packages
address@hidden Installing packages
address@hidden Installing packages
We begin by installing a few Debian packages from stable:@
@@ -968,8 +994,8 @@ After that, we install a few more packages from unstable:@
libgstreamer-plugins-base1.0-dev
@end example
address@hidden Installing Dependencies from Source
address@hidden Installing Dependencies from Source
address@hidden Installing dependencies from source
address@hidden Installing dependencies from source
Next, we need to install a few dependencies from source. You might want to do
this as a "normal" user and only run the @code{make install} steps as root
@@ -1008,8 +1034,8 @@ sources, and finally compiling and installing the
libraries:@
$ make ; sudo make install; cd ..@
@end example
address@hidden Installing GNUnet from Source
address@hidden Installing GNUnet from Source
address@hidden Installing GNUnet from source
address@hidden Installing GNUnet from source
For this, simply follow the generic installation instructions from
@@ -1026,96 +1052,6 @@ and configure those databases or stick with the default
Sqlite database.
Sqlite is usually fine for most applications, but MySQL can offer better
performance and Postgres better resillience.
address@hidden Installing GNUnet 0.10.1 on Ubuntu 14.04
address@hidden Installing GNUnet 0.10.1 on Ubuntu 14.04
-
-Install the required dependencies@
-
address@hidden
-$ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \
- libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \
- libmicrohttpd-dev libgnutls28-dev
address@hidden example
-
-Choose one or more database backends@
-SQLite3@
address@hidden@
- $ sudo apt-get install libsqlite3-dev@
-}@
-MySQL@
address@hidden@
- $ sudo apt-get install libmysqlclient-dev@
-}@
-PostgreSQL@
address@hidden@
- $ sudo apt-get install libpq-dev postgresql@
-}
-
-Install the optional dependencies for gnunet-conversation:@
address@hidden@
- $ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev@
-}
-
-Install the libgrypt 1.6:@
-For Ubuntu 14.04:@
address@hidden sudo apt-get install libgcrypt20-dev}@
-For Ubuntu older 14.04:@
address@hidden wget
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2@
- $ tar xf libgcrypt-1.6.1.tar.bz2@
- $ cd libgcrypt-1.6.1@
- $ ./configure@
- $ sudo make install@
- $ cd ..}
-
-Install libgnurl@
address@hidden
- $ wget https://gnunet.org/sites/default/files/gnurl-7.35.0.tar.bz2@
- $ tar xf gnurl-7.35.0.tar.bz2@
- $ cd gnurl-7.35.0@
- $ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \
- --without-libmetalink --without-winidn --without-librtmp --without-nghttp2 \
- --without-nss --without-cyassl --without-polarssl --without-ssl \
- --without-winssl --without-darwinssl --disable-sspi --disable-ntlm-wb \
- --disable-ldap --disable-rtsp --disable-dict --disable-telnet --disable-tftp \
- --disable-pop3 --disable-imap --disable-smtp --disable-gopher --disable-file \
- --disable-ftp@
- $ sudo make install@
- $ cd ..@
address@hidden example
-
-Install GNUnet@
address@hidden@
- $ wget http://ftpmirror.gnu.org/gnunet/gnunet-0.10.1.tar.gz@
- $ tar xf gnunet-0.10.1.tar.gz@
- $ cd gnunet-0.10.1@
-}
-
-If you want to:
address@hidden @bullet
-
address@hidden
-Install to a different directory:@
- --prefix=PREFIX
-
address@hidden
-Have sudo permission, but do not want to compile as root:@
- --with-sudo
-
address@hidden
-Want debug message enabled:@
- -- enable-logging=verbose
address@hidden itemize
-
address@hidden@
- $ ./configure [ --with-sudo | --prefix=PREFIX | --enable-logging=verbose]@
- $ make; sudo make install@
-}
-
-After installing it, you need to create an empty configuration file:@
address@hidden ~/.config/gnunet.conf}
-
-And finally you can start GNUnet with@
address@hidden gnunet-arm -s}
@node Installing GNUnet from Git on Ubuntu 14.4
@section Installing GNUnet from Git on Ubuntu 14.4
@@ -1332,6 +1268,7 @@ instructions and should not be expected to work for
GNUnet 0.10.x.
@menu
+* Installing GNUnet 0.10.1 on Ubuntu 14.04::
* Build instructions for FreeBSD 8::
* Basic installation for Mac OS X::
* Basic Installation for Fedora/PlanetLab nodes running Fedora 12::
@@ -1344,6 +1281,99 @@ instructions and should not be expected to work for
GNUnet 0.10.x.
* Instructions for Microsoft Windows Platforms (Old)::
@end menu
+
address@hidden Installing GNUnet 0.10.1 on Ubuntu 14.04
address@hidden Installing GNUnet 0.10.1 on Ubuntu 14.04
+
+Install the required dependencies@
+
address@hidden
+$ sudo apt-get install libltdl-dev libgpg-error-dev libidn11-dev \
+ libunistring-dev libglpk-dev libbluetooth-dev libextractor-dev \
+ libmicrohttpd-dev libgnutls28-dev
address@hidden example
+
+Choose one or more database backends@
+SQLite3@
address@hidden@
+ $ sudo apt-get install libsqlite3-dev@
+}@
+MySQL@
address@hidden@
+ $ sudo apt-get install libmysqlclient-dev@
+}@
+PostgreSQL@
address@hidden@
+ $ sudo apt-get install libpq-dev postgresql@
+}
+
+Install the optional dependencies for gnunet-conversation:@
address@hidden@
+ $ sudo apt-get install gstreamer1.0 libpulse-dev libopus-dev@
+}
+
+Install the libgrypt 1.6:@
+For Ubuntu 14.04:@
address@hidden sudo apt-get install libgcrypt20-dev}@
+For Ubuntu older 14.04:@
address@hidden wget
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.6.1.tar.bz2@
+ $ tar xf libgcrypt-1.6.1.tar.bz2@
+ $ cd libgcrypt-1.6.1@
+ $ ./configure@
+ $ sudo make install@
+ $ cd ..}
+
+Install libgnurl@
address@hidden
+ $ wget https://gnunet.org/sites/default/files/gnurl-7.35.0.tar.bz2@
+ $ tar xf gnurl-7.35.0.tar.bz2@
+ $ cd gnurl-7.35.0@
+ $ ./configure --enable-ipv6 --with-gnutls --without-libssh2 \
+ --without-libmetalink --without-winidn --without-librtmp --without-nghttp2 \
+ --without-nss --without-cyassl --without-polarssl --without-ssl \
+ --without-winssl --without-darwinssl --disable-sspi --disable-ntlm-wb \
+ --disable-ldap --disable-rtsp --disable-dict --disable-telnet --disable-tftp \
+ --disable-pop3 --disable-imap --disable-smtp --disable-gopher --disable-file \
+ --disable-ftp@
+ $ sudo make install@
+ $ cd ..@
address@hidden example
+
+Install GNUnet@
address@hidden@
+ $ wget http://ftpmirror.gnu.org/gnunet/gnunet-0.10.1.tar.gz@
+ $ tar xf gnunet-0.10.1.tar.gz@
+ $ cd gnunet-0.10.1@
+}
+
+If you want to:
address@hidden @bullet
+
address@hidden
+Install to a different directory:@
+ --prefix=PREFIX
+
address@hidden
+Have sudo permission, but do not want to compile as root:@
+ --with-sudo
+
address@hidden
+Want debug message enabled:@
+ -- enable-logging=verbose
address@hidden itemize
+
address@hidden@
+ $ ./configure [ --with-sudo | --prefix=PREFIX | --enable-logging=verbose]@
+ $ make; sudo make install@
+}
+
+After installing it, you need to create an empty configuration file:@
address@hidden ~/.config/gnunet.conf}
+
+And finally you can start GNUnet with@
address@hidden gnunet-arm -s}
+
+
@node Build instructions for FreeBSD 8
@subsection Build instructions for FreeBSD 8
@@ -1874,40 +1904,6 @@ MinGW does not automatically detect the correct
buildtype so you have to
specify it manually
@end itemize
address@hidden Compiling libgnurl for GNUnet cannot find data type for
curl_off_t.
address@hidden Compiling libgnurl for GNUnet cannot find data type for
curl_off_t.
-
-If you have to compile libgnurl from source since the version included in your
-distribution is to old you perhaps get an error message while running the
address@hidden script:
-
address@hidden@
- $ configure@
- ...@
- checking for 64-bit curl_off_t data type... unknown@
- checking for 32-bit curl_off_t data type... unknown@
- checking for 16-bit curl_off_t data type... unknown@
- configure: error: cannot find data type for curl_off_t.@
-}
-
-If you have to compile libgnurl from source since the version included in your
-distribution is to old, you perhaps get an error message while running the
address@hidden script:
-
address@hidden@
- $ configure@
- ...@
- checking for 64-bit curl_off_t data type... unknown@
- checking for 32-bit curl_off_t data type... unknown@
- checking for 16-bit curl_off_t data type... unknown@
- configure: error: cannot find data type for curl_off_t.@
-}
-
-Solution:
-
-Before running the configure script, set:
-
address@hidden"-I. -I$BUILD_ROOT/include" }
@node GUI build instructions for Ubuntu 12.04 using Subversion
@subsection GUI build instructions for Ubuntu 12.04 using Subversion
@@ -2430,8 +2426,8 @@ That's it, GNUnet is installed in your home directory
now. GNUnet can be
configured and afterwards started by executing@
@code{gnunet-arm -s}
address@hidden Graphical interface
address@hidden Graphical interface
address@hidden The graphical configuration interface
address@hidden The graphical configuration interface
If you also would like to use gnunet-gtk and gnunet-setup (highly recommended
for beginners), do:
@@ -2468,6 +2464,14 @@ Now you can run @code{gnunet-setup} for easy
configuration of your GNUnet peer.
* Configuring logging::
* Configuring the transport service and plugins::
* Configuring the wlan transport plugin::
+* Configuring HTTP(S) reverse proxy functionality using Apache or nginx::
+* Blacklisting peers::
+* Configuration of the HTTP and HTTPS transport plugins::
+* Configuring the GNU Name System::
+* Configuring the GNUnet VPN::
+* Bandwidth Configuration::
+* Configuring NAT::
+* Peer configuration for distributions::
@end menu
@node Configuring your peer
@@ -2485,6 +2489,10 @@ gnunet-setup to help you while using the setup tool.
While you can also configure your peer by editing the configuration file by
hand, this is not recommended for anyone except for developers.
+
+
+
+
@node Configuring the Friend-to-Friend (F2F) mode
@subsection Configuring the Friend-to-Friend (F2F) mode
@@ -3133,62 +3141,23 @@ settings. Just specify the interface to use:@
@subsection Configuring the wlan transport plugin
+The wlan transport plugin enables GNUnet to send and to receive data on a wlan
+interface. It has not to be connected to a wlan network as long as sender and
+receiver are on the same channel. This enables you to get connection to the
+GNUnet where no internet access is possible, for example while catastrophes or
+when censorship cuts you off the internet.
+
+
@menu
-* User Manual for the wlan transport plugin::
-* Introduction2::
-* Requirements2::
+* Requirements for the WLAN plugin::
* Configuration::
* Before starting GNUnet::
* Limitations and known bugs::
-* Configuring HTTP(S) reverse proxy functionality using Apache or nginx::
-* Blacklisting peers::
-* Configuration of the HTTP and HTTPS transport plugins::
-* Configuring system-wide DNS interception::
-* Configuring the GNU Name System::
-* Configuring the GNS nsswitch plugin::
-* Configuring GNS on W32::
-* GNS Proxy Setup::
-* Setup::
-* Testing2::
-* Automatic Shortening in the GNU Name System::
-* Configuring the GNUnet VPN::
-* IPv4 address for interface::
-* IPv6 address for interface::
-* Configuring the GNUnet VPN DNS::
-* Configuring the GNUnet VPN Exit Service::
-* IP Address of external DNS resolver::
-* IPv4 address for Exit interface::
-* IPv6 address for Exit interface::
-* Bandwidth Configuration::
-* Configuring NAT::
-* How to start and stop a GNUnet peer::
-* The Single-User Setup::
-* The Multi-User Setup::
-* Killing GNUnet services::
-* Access Control for GNUnet::
-* Recommendation Disable access to GNUnet services via TCP::
-* Recommendation Run most GNUnet services as system user "gnunet"::
-* Recommendation Control access to GNUnet services using group "gnunet"::
-* Recommendation Limit access to certain SUID binaries by group "gnunet"::
-* Recommendation Limit access to critical gnunet-helper-dns to group
"gnunetdns"::
-* Differences between "make install" and these recommendations::
-* Peer Configuration::
@end menu
address@hidden User Manual for the wlan transport plugin
address@hidden User Manual for the wlan transport plugin
-
address@hidden Introduction2
address@hidden Introduction2
-
-The wlan transport plugin enables GNUnet to send and to receive data on a wlan
-interface. It has not to be connected to a wlan network as long as sender and
-receiver are on the same channel. This enables you to get connection to the
-GNUnet where no internet access is possible, for example while catastrophes or
-when censorship cuts you off the internet.
address@hidden Requirements2
address@hidden Requirements2
address@hidden Requirements for the WLAN plugin
address@hidden Requirements for the WLAN plugin
@itemize @bullet
@@ -3255,8 +3224,9 @@ usually the first channel of the card. Peers will only
find each other and
communicate if they are on the same channel. Channels must be set manually
(i.e. using @code{iwconfig wlan0 channel 1}).
+
@node Configuring HTTP(S) reverse proxy functionality using Apache or nginx
address@hidden Configuring HTTP(S) reverse proxy functionality using Apache or
nginx
address@hidden Configuring HTTP(S) reverse proxy functionality using Apache or
nginx
The HTTP plugin supports data transfer using reverse proxies. A reverse proxy
forwards the HTTP request he receives with a certain URL to another webserver,
@@ -3405,7 +3375,7 @@ To have your GNUnet peer announce the address, you have
to specify the
Now restart your webserver and your peer...
@node Blacklisting peers
address@hidden Blacklisting peers
address@hidden Blacklisting peers
Transport service supports to deny connecting to a specific peer of to a
specific peer with a specific transport plugin using te blacklisting component
@@ -3445,7 +3415,7 @@ On blacklist check for (peer, plugin)
@end itemize
@node Configuration of the HTTP and HTTPS transport plugins
address@hidden Configuration of the HTTP and HTTPS transport plugins
address@hidden Configuration of the HTTP and HTTPS transport plugins
The client part of the http and https transport plugins can be configured to
use a proxy to connect to the hostlist server. This functionality can be
@@ -3487,6 +3457,20 @@ section of the configuration:
# PROXY_PASSWORD =
@end example
address@hidden Configuring the GNU Name System
address@hidden Configuring the GNU Name System
+
address@hidden
+* Configuring system-wide DNS interception::
+* Configuring the GNS nsswitch plugin::
+* Configuring GNS on W32::
+* GNS Proxy Setup::
+* Setup of the GNS CA::
+* Testing the GNS setup::
+* Automatic Shortening in the GNU Name System::
address@hidden menu
+
+
@node Configuring system-wide DNS interception
@subsubsection Configuring system-wide DNS interception
@@ -3511,8 +3495,7 @@ system-wide DNS interception in conjunction with
link-local IPv6-based DNS
servers. If such a DNS server is used, it will bypass GNUnet's DNS traffic
interception.
address@hidden Configuring the GNU Name System
address@hidden Configuring the GNU Name System
+
Using the GNU Name System (GNS) requires two different configuration steps.
First of all, GNS needs to be integrated with the operating system. Most of
@@ -3673,8 +3656,8 @@ speaks GNS, which will enable server operators to deliver
GNS-enabled web sites
to your browser (and continue to deliver legacy links to legacy browsers)
@end itemize
address@hidden Setup
address@hidden Setup
address@hidden Setup of the GNS CA
address@hidden Setup of the GNS CA
First you need to create a CA certificate that the proxy can use. To do so use
the provided script gnunet-gns-proxy-ca:@
@@ -3690,8 +3673,8 @@ Note that the proxy uses libcurl. Make sure your version
of libcurl uses GnuTLS
and NOT OpenSSL. The proxy will not work with libcurl compiled against
OpenSSL.
address@hidden Testing2
address@hidden Testing2
address@hidden Testing the GNS setup
address@hidden Testing the GNS setup
Now for testing purposes we can create some records in our zone to test the SSL
functionality of the proxy:@
@@ -3743,7 +3726,17 @@ not be trusted. Furthermore, if you enable this feature,
you will no longer see
the full delegation chain for zones once shortening has been applied.
@node Configuring the GNUnet VPN
address@hidden Configuring the GNUnet VPN
address@hidden Configuring the GNUnet VPN
+
address@hidden
+* IPv4 address for interface::
+* IPv6 address for interface::
+* Configuring the GNUnet VPN DNS::
+* Configuring the GNUnet VPN Exit Service::
+* IP Address of external DNS resolver::
+* IPv4 address for Exit interface::
+* IPv6 address for Exit interface::
address@hidden menu
Before configuring the GNUnet VPN, please make sure that system-wide DNS
interception is configured properly as described in the section on the GNUnet
@@ -3846,13 +3839,13 @@ should be automatic with IPv6, but obviously anything
can be
disabled).
@node Bandwidth Configuration
address@hidden Bandwidth Configuration
address@hidden Bandwidth Configuration
You can specify how many bandwidth GNUnet is allowed to use to receive and send
data. This is important for users with limited bandwidth or traffic volume.
@node Configuring NAT
address@hidden Configuring NAT
address@hidden Configuring NAT
Most hosts today do not have a normal global IP address but instead are behind
a router performing Network Address Translation (NAT) which assigns each host
@@ -3901,8 +3894,30 @@ Finally, if you yourself are not behind NAT but want to
be able to connect to
NATed peers using autonomous NAT traversal, you need to check the "Enable
connecting to NATed peers using ICMP method" box.
+
address@hidden Peer configuration for distributions
address@hidden Peer configuration for distributions
+
+The "GNUNET_DATA_HOME" in "[path]" in /etc/gnunet.conf should be manually set
+to "/var/lib/gnunet/data/" as the default "~/.local/share/gnunet/" is probably
+not that appropriate in this case. Similarly, distributions may consider
+pointing "GNUNET_RUNTIME_DIR" to "/var/run/gnunet/" and "GNUNET_HOME" to
+"/var/lib/gnunet/". Also, should a distribution decide to override system
+defaults, all of these changes should be done in a custom "/etc/gnunet.conf"
+and not in the files in the "config.d/" directory.
+
+Given the proposed access permissions, the "gnunet-setup" tool must be run as
+use "gnunet" (and with option "-c /etc/gnunet.conf" so that it modifies the
+system configuration). As always, gnunet-setup should be run after the GNUnet
+peer was stopped using "gnunet-arm -e". Distributions might want to include a
+wrapper for gnunet-setup that allows the desktop-user to "sudo" (i.e. using
+gtksudo) to the "gnunet" user account and then runs "gnunet-arm -e",
+"gnunet-setup" and "gnunet-arm -s" in sequence.
+
+
+
@node How to start and stop a GNUnet peer
address@hidden How to start and stop a GNUnet peer
address@hidden How to start and stop a GNUnet peer
This section describes how to start a GNUnet peer. It assumes that you have
already compiled and installed GNUnet and its' dependencies. Before you start a
@@ -3928,8 +3943,15 @@ under your normal UID, or do you want distinguish
between system-wide
setup is slightly more complicated, but also more secure and generally
recommended.
address@hidden
+* The Single-User Setup::
+* The Multi-User Setup::
+* Killing GNUnet services::
+* Access Control for GNUnet::
address@hidden menu
+
@node The Single-User Setup
address@hidden The Single-User Setup
address@hidden The Single-User Setup
For the single-user setup, you do not need to do anything special and can just
start the GNUnet background processes using @code{gnunet-arm}. By default,
@@ -3992,7 +4014,7 @@ and insert a line@
to automatically start your peer whenever your system boots.
@node The Multi-User Setup
address@hidden The Multi-User Setup
address@hidden The Multi-User Setup
This requires you to create a user @code{gnunet} and an additional group
@code{gnunetdns}, prior to running @code{make install} during installation.
@@ -4038,7 +4060,7 @@ Afterwards, you should see two (or more, if you have more
than one USER)
@code{gnunet-service-arm} processes running in your system.
@node Killing GNUnet services
address@hidden Killing GNUnet services
address@hidden Killing GNUnet services
It is not necessary to stop GNUnet services explicitly when shutting down your
computer.
@@ -4051,7 +4073,7 @@ services may need to be terminated before the system-wide
services will
terminate normally.
@node Access Control for GNUnet
address@hidden Access Control for GNUnet
address@hidden Access Control for GNUnet
This chapter documents how we plan to make access control work within the
GNUnet system for a typical peer. It should be read as a best-practice
@@ -4095,8 +4117,17 @@ machine. Access to the APIs of these critical services
and their priviledged
helpers must be tightly controlled.
@end table
address@hidden Recommendation Disable access to GNUnet services via TCP
address@hidden Recommendation Disable access to GNUnet services via TCP
address@hidden
+* Recommendation: Disable access to services via TCP::
+* Recommendation: Run most services as system user "gnunet"::
+* Recommendation: Control access to services using group "gnunet"::
+* Recommendation: Limit access to certain SUID binaries by group "gnunet"::
+* Recommendation: Limit access to critical gnunet-helper-dns to group
"gnunetdns"::
+* Differences between "make install" and these recommendations::
address@hidden menu
+
address@hidden Recommendation: Disable access to services via TCP
address@hidden Recommendation: Disable access to services via TCP
GNUnet services allow two types of access: via TCP socket or via UNIX domain
socket. If the service is available via TCP, access control can only be
@@ -4110,8 +4141,10 @@ As of GNUnet 0.9.2, configuration files with TCP access
disabled should be
generated by default. Users can re-enable TCP access to particular services
simply by specifying a non-zero port number in the section of the respective
service.
address@hidden Recommendation Run most GNUnet services as system user "gnunet"
address@hidden Recommendation Run most GNUnet services as system user "gnunet"
+
+
address@hidden Recommendation: Run most services as system user "gnunet"
address@hidden Recommendation: Run most services as system user "gnunet"
GNUnet's main services should be run as a separate user "gnunet" in a special
group "gnunet". The user "gnunet" should start the peer using "gnunet-arm -s"
@@ -4120,8 +4153,8 @@ during system startup. The home directory for this user
should be
the "gnunet" user should have the right to access "/var/lib/gnunet" (mode:
700).
address@hidden Recommendation Control access to GNUnet services using group
"gnunet"
address@hidden Recommendation Control access to GNUnet services using group
"gnunet"
address@hidden Recommendation: Control access to services using group "gnunet"
address@hidden Recommendation: Control access to services using group "gnunet"
Users that should be allowed to use the GNUnet peer should be added to the
group "gnunet". Using GNUnet's access control mechanism for UNIX domain
@@ -4133,16 +4166,16 @@ causing security concerns. Some services, such as DNS,
must NOT be made
accessible to the "gnunet" group (and should thus only be accessible to the
"gnunet" user and services running with this UID).
address@hidden Recommendation Limit access to certain SUID binaries by group
"gnunet"
address@hidden Recommendation Limit access to certain SUID binaries by group
"gnunet"
address@hidden Recommendation: Limit access to certain SUID binaries by group
"gnunet"
address@hidden Recommendation: Limit access to certain SUID binaries by group
"gnunet"
Most of GNUnet's SUID binaries should be safe even if executed by normal users.
However, it is possible to reduce the risk a little bit more by making these
binaries owned by the group "gnunet" and restricting their execution to user of
the group "gnunet" as well (4750).
address@hidden Recommendation Limit access to critical gnunet-helper-dns to
group "gnunetdns"
address@hidden Recommendation Limit access to critical gnunet-helper-dns to
group "gnunetdns"
address@hidden Recommendation: Limit access to critical gnunet-helper-dns to
group "gnunetdns"
address@hidden Recommendation: Limit access to critical gnunet-helper-dns to
group "gnunetdns"
A special group "gnunetdns" should be created for controlling access to the
"gnunet-helper-dns". The binary should then be owned by root and be in group
@@ -4168,21 +4201,5 @@ silently fail to set the DNS binaries to be owned by
group "gnunetdns" unless
that group already exists (!). An alternative name for the "gnunetdns" group
can be specified using the "--with-gnunetdns=GRPNAME" configure
option.
address@hidden Peer Configuration
address@hidden Peer Configuration
-The "GNUNET_DATA_HOME" in "[path]" in /etc/gnunet.conf should be manually set
-to "/var/lib/gnunet/data/" as the default "~/.local/share/gnunet/" is probably
-not that appropriate in this case. Similarly, distributions may consider
-pointing "GNUNET_RUNTIME_DIR" to "/var/run/gnunet/" and "GNUNET_HOME" to
-"/var/lib/gnunet/". Also, should a distribution decide to override system
-defaults, all of these changes should be done in a custom "/etc/gnunet.conf"
-and not in the files in the "config.d/" directory.
-Given the proposed access permissions, the "gnunet-setup" tool must be run as
-use "gnunet" (and with option "-c /etc/gnunet.conf" so that it modifies the
-system configuration). As always, gnunet-setup should be run after the GNUnet
-peer was stopped using "gnunet-arm -e". Distributions might want to include a
-wrapper for gnunet-setup that allows the desktop-user to "sudo" (i.e. using
-gtksudo) to the "gnunet" user account and then runs "gnunet-arm -e",
-"gnunet-setup" and "gnunet-arm -s" in sequence.
diff --git a/philosophy.texi b/philosophy.texi
index 60ab3c8..56c9bb5 100644
--- a/philosophy.texi
+++ b/philosophy.texi
@@ -15,78 +15,38 @@ and in particular to serve as a development platform for
the next
generation of decentralized Internet protocols.
@menu
-
-* Copyright and Contributions::
* Design Goals::
* Security & Privacy::
* Versatility::
* Practicality::
* Key Concepts::
-* Authentication::
-* Accounting to Encourage Resource Sharing::
-* Confidentiality::
-* Anonymity::
-* How GNUnet achieves Anonymity::
-* Deniability::
-* Peer Identities::
-* Zones in the GNU Name System (GNS Zones)::
-* Egos::
-* Backup of Identities and Egos::
-* Revocation::
-
@end menu
address@hidden
***************************************************************************
address@hidden Copyright and Contributions
address@hidden Copyright and Contributions
-
-
-GNUnet is a @uref{http://www.gnu.org/, GNU} package. All code contributions
-must thus be put under the
address@hidden://www.gnu.org/copyleft/gpl.html, GNU Public License (GPL)}.
-All documentation should be put under FSF approved licenses
-(see @uref{http://www.gnu.org/copyleft/fdl.html, fdl}).
-
-By submitting documentation, translations, comments and other content to this
-website you automatically grant the right to publish code under the
-GNU Public License and documentation under either or both the GNU
-Public License or the GNU Free Documentation License. When contributing
-to the GNUnet project, GNU standards and the
address@hidden://www.gnu.org/philosophy/philosophy.html, GNU philosophy}
-should be adhered to.
-
-Note that we do not require a formal copyright assignment for GNUnet,
-especially as we allow anonymous contributions.
-However, by submitting your code (or documentation) to us you clearly
-agree to share the rights to your code with GNUnet e.V. GNUnet e.V. receives
-non-exclusive ownership rights, and in particular is allowed to
-dual-license the code. You retain non-exclusive rights to your contributions,
-so you can also share your contributions freely with other projects.
-
-GNUnet e.V. will publish all accepted contributions under the GPLv3 or any
-later version. The association may decide to publish contributions under
-additional licenses (dual-licensing).
-
-We do not intentionally remove your name from your contributions; however,
-due to extensive editing it is not always trivial to attribute contributors
-properly. If you find that you significantly contributed to a file (or the
-project as a whole) and are not listed in the respective authors file or
-section, please do let us know.
@c ***************************************************************************
@node Design Goals
@section Design Goals
-The foremost goal of the GNUnet project is to become a widely used, reliable,
-open, non-discriminating, egalitarian, unfettered and censorship-resistant
-system of free information exchange. We value free speech above state secrets,
-law-enforcement or intellectual property. GNUnet is supposed to be an
-anarchistic network, where the only limitation for peers is that they must
-contribute enough back to the network such that their resource consumption
-does not have a significant impact on other users. GNUnet should be more
-than just another file-sharing network. The plan is to offer many other
-services and in particular to serve as a development platform for the
-next generation of decentralized Internet protocols.
+These are the core GNUnet design goals, in order of relative importance:
+
address@hidden
address@hidden GNUnet must be implemented as free software.
address@hidden The GNUnet must only disclose the minimal amount of information
+ necessary.
address@hidden The GNUnet must be decentralised and survive Byzantine failures
+ in any position in the network.
address@hidden The GNUnet must make it explicit to the user which entities must
be
+ trustworthy when establishing secured communications.
address@hidden The GNUnet must use compartmentalization to protect sensitive
+ information.
address@hidden The GNUnet must be open and permit new peers to join.
address@hidden The GNUnet must be self-organizing and not depend on
administrators.
address@hidden The GNUnet must support a diverse range of applications and
devices.
address@hidden The GNUnet architecture must be cost effective.
address@hidden The GNUnet must provide incentives for peers to contribute more
+ resources than they consume.
address@hidden itemize
+
@node Security & Privacy
@section Security & Privacy
@@ -156,8 +116,19 @@ them are also described in our research papers. First,
some of the concepts
used in the GNUnet framework are detailed. The second part describes concepts
specific to anonymous file-sharing.
address@hidden
+* Authentication::
+* Accounting to Encourage Resource Sharing::
+* Confidentiality::
+* Anonymity::
+* Deniability::
+* Peer Identities::
+* Zones in the GNU Name System (GNS Zones)::
+* Egos::
address@hidden menu
+
@node Authentication
address@hidden Authentication
address@hidden Authentication
Almost all peer-to-peer communications in GNUnet are between mutually
authenticated peers. The authentication works by using ECDHE, that is a
@@ -196,7 +167,7 @@ advertisements.@
More details can be found in this paper.
@node Accounting to Encourage Resource Sharing
address@hidden Accounting to Encourage Resource Sharing
address@hidden Accounting to Encourage Resource Sharing
Most distributed P2P networks suffer from a lack of defenses or precautions
against attacks in the form of freeloading. While the intentions of an
@@ -224,7 +195,7 @@ considered to have a surplus in contributions will not be
served if the
network load is high. More details can be found in this paper.
@node Confidentiality
address@hidden Confidentiality
address@hidden Confidentiality
Adversaries outside of GNUnet are not supposed to know what kind of actions a
peer is involved in. Only the specific neighbor of a peer that is the
@@ -240,7 +211,7 @@ application-level protocols (see for example, deniability
and anonymity in
anonymous file sharing).
@node Anonymity
address@hidden Anonymity
address@hidden Anonymity
Providing anonymity for users is the central goal for the anonymous
file-sharing application. Many other design decisions follow in the footsteps
@@ -258,8 +229,12 @@ routing but imposes no minimal requirements on cover
traffic. It is possible
to forego anonymity when this is not required. The anonymity level of 0
allows GNUnet to use more efficient, non-anonymous routing.
address@hidden How GNUnet achieves Anonymity
address@hidden How GNUnet achieves Anonymity
address@hidden
+* How file-sharing achieves Anonymity:
address@hidden menu
+
address@hidden How file-sharing achieves Anonymity
address@hidden How file-sharing achieves Anonymity
Contrary to other designs, we do not believe that users achieve strong
anonymity just because their requests are obfuscated by a couple of
@@ -296,7 +271,7 @@ This increases the efficiency of the network as we can
indirect less under
higher load. More details can be found in this paper.
@node Deniability
address@hidden Deniability
address@hidden Deniability
Even if the user that downloads data and the server that provides data are
anonymous, the intermediaries may still be targets. In particular, if the
@@ -315,7 +290,7 @@ by @command{gnunet-publish}, @command{gnunet-download},
@command{gnunet-search}
and @command{gnunet-gtk}). More details can be found here.
@node Peer Identities
address@hidden Peer Identities
address@hidden Peer Identities
Peer identities are used to identify peers in the network and are unique for
each peer. The identity for a peer is simply its public key, which is
@@ -331,7 +306,7 @@ You can find your peer identity by running@
@command{gnunet-peerinfo -s}
@node Zones in the GNU Name System (GNS Zones)
address@hidden Zones in the GNU Name System (GNS Zones)
address@hidden Zones in the GNU Name System (GNS Zones)
GNS zones are similar to those of DNS zones, but instead of a hierarchy of
authorities to governing their use, GNS zones are controlled by a private key.
@@ -351,89 +326,10 @@ key. And a user accessing a zone needs to somehow
specify the corresponding
public key first.
@node Egos
address@hidden Egos
-
-Egos are your "identities" in GNUnet. Any user can assume multiple identities,
-for example to separate his activities online. Egos can correspond to
-pseudonyms or real-world identities. Technically, an ego is first of all a
-public-private key pair, and thus egos also always correspond to a GNS zone.
-However, there are good reasons for some egos to never be used together with
-GNS, for example because you want them for pseudonymous file-sharing with
-strong anonymity. Egos are managed by the IDENTITY service. Note that this
-service has nothing to do with the peer identity. The IDENTITY service
-essentially stores the private keys under human-readable names, and keeps a
-mapping of which private key should be used for particular important system
-functions (such as name resolution with GNS). If you follow the GNUnet setup,
-you will have 4 egos created by default. They can be listed by the command@
address@hidden -d}@
address@hidden
- short-zone - JTDVJC69NHU6GQS4B5721MV8VM7J6G2DVRGJV0ONIT6QH7OI6D50@
- sks-zone - GO0T87F9BPMF8NKD5A54L2AH1T0GRML539TPFSRMCEA98182QD30@
- master-zone - LOC36VTJD3IRULMM6C20TGE6D3SVEAJOHI9KRI5KAQVQ87UJGPJG@
- private-zone - 6IGJIU0Q1FO3RJT57UJRS5DLGLH5IHRB9K2L3DO4P4GVKKJ0TN4G@
-}@
-These egos and their usage is descibed here.
-
-Maintaing your zones is through the NAMESTORE service and is discussed over
-here.
-
address@hidden Backup of Identities and Egos
address@hidden Backup of Identities and Egos
-
-One should always backup their files, especially in these SSD days (our
-team has suffered 3 SSD crashes over a span of 2 weeks). Backing up peer
-identity and zones is achieved by copying the following files:
-
-The peer identity file can be found
-in @file{~/.local/share/gnunet/private_key.ecc}
-
-The private keys of your egos are stored in the
-directory @file{~/.local/share/gnunet/identity/egos/}. They are stored in
-files whose filenames correspond to the zones' ego names. These are
-probably the most important files you want to backup from a GNUnet
-installation.
-
-Note: All these files contain cryptographic keys and they are stored without
-any encryption. So it is advisable to backup encrypted copies of them.
-
address@hidden Revocation
address@hidden Revocation
-
-Now, in the situation of an attacker gaining access to the private key of
-one of your egos, the attacker can create records in the respective GNS zone
-and publish them as if you published them. Anyone resolving your domain will
-get these new records and when they verify they seem authentic because the
-attacker has signed them with your key.
-
-To address this potential security issue, you can pre-compute a revocation
-certificate corresponding to your ego. This certificate, when published on
-the P2P network, flags your private key as invalid, and all further
-resolutions or other checks involving the key will fail.
-
-A revocation certificate is thus a useful tool when things go out of control,
-but at the same time it should be stored securely. Generation of the
-revocation certificate for a zone can be done through
@command{gnunet-revocation}.
-For example, the following commands generates a revocation file
@file{revocation.dat}
-for the zone @code{zone1}:@
address@hidden -f revocation.dat -R zone1}
-
-The above command only pre-computes a revocation certificate. It does not
-revoke the given zone. Pre-computing a revocation certificate involves
-computing a proof-of-work and hence may take upto 4 to 5 days on a modern
-processor. Note that you can abort and resume the calculation at any time.
-Also, even if you did not finish the calculation, the resulting file willl
-contain the signature, which is sufficient to complete the revocation
-process even without access to the private key. So instead of waiting for a
-few days, you can just abort with CTRL-C, backup the revocation
-certificate and run the calculation only if your key actually was compromised.
-This has the disadvantage of revocation taking longer after the incident, but
-the advantage of saving a significant amount of energy. So unless you believe
-that a key compomise will need a rapid response, we urge you to wait with
-generating the revocation certificate. Also, the calculation is deliberately
-expensive, to deter people from doing this just for fun (as the actual
-revocation operation is expensive for the network, not for the peer performing
-the revocation).
-
-To avoid TL;DR ones from accidentally revocating their zones, I am not giving
-away the command, but its simple: the actual revocation is performed by using
-the @command{-p} option of @command{gnunet-revocation}.
address@hidden Egos
+
+Egos are your "identities" in GNUnet. Any user can assume multiple
+identities, for example to separate his activities online. Egos can
+correspond to pseudonyms or real-world identities. Technically, an
+ego is first of all a public-private key pair.
+
diff --git a/user.texi b/user.texi
index 425d255..f9d0f8a 100644
--- a/user.texi
+++ b/user.texi
@@ -8,28 +8,22 @@ outside of the scope of this tutorial. Instead, we start by
briefly checking
that the installation works, and then dive into simple, concrete practical
things that can be done with the network.
+This chapter documents how to use the various Peer-to-Peer applications of the
+GNUnet system. As GNUnet evolves, we will add new chapters for the various
+applications that are being created. Comments and extensions are always
welcome.
+
+
@menu
-* UserIntroduction::
* Checking the Installation::
-* First steps File-sharing::
-* First steps Using the GNU Name System::
-* First steps Using GNUnet Conversation::
-* First steps Using the GNUnet VPN::
+* First steps: File-sharing::
+* First steps: Using the GNU Name System::
+* First steps: Using GNUnet Conversation::
+* First steps: Using the GNUnet VPN::
* File-sharing::
+* The GNU Name System::
+* Using the Virtual Public Network::
@end menu
address@hidden UserIntroduction
address@hidden UserIntroduction
-
-This book documents how to use the various Peer-to-Peer applications of the
-GNUnet system. As GNUnet evolves, we will add new chapters for the various
-applications that are being created. Comments and extensions are always
welcome.
-As with all documentation on this page, this is free documentation available
-under both the GPLv3+ or the GFDL at your choice (see copyright).
-
-This manual is far from complete, and we welcome informed contributions, be it
-in the form of new chapters or insightful comments.
-
@node Checking the Installation
@section Checking the Installation
@c %**end of header
@@ -98,8 +92,8 @@ country of origin (if determined) and address information. If
hardly any peers
are listed and/or if there are very few peers with a green light for
connectivity, there is likely a problem with your network configuration.
address@hidden First steps File-sharing
address@hidden First steps File-sharing
address@hidden First steps: File-sharing
address@hidden First steps: File-sharing
@c %**end of header
This chapter describes first steps for file-sharing with GNUnet. To start, you
@@ -212,20 +206,23 @@ respective download and selecting "Abort download" from
the menu.
That's it, you now know the basics for file-sharing with GNUnet!
address@hidden First steps Using the GNU Name System
address@hidden First steps Using the GNU Name System
address@hidden First steps: Using the GNU Name System
address@hidden First steps: Using the GNU Name System
@c %**end of header
@menu
* Preliminaries::
+* Managing egos::
* The GNS Tab::
* Creating a Record::
* Creating a Business Card::
* Resolving GNS records::
* Integration with Browsers::
* Be Social::
+* Backup of Identities and Egos::
+* Revocation::
* What's Next?::
@end menu
@@ -252,6 +249,33 @@ shared with the world, and the "shorten" zone is for
records that the system
learns automatically. For now, all that is important is to check that those
zones exist, as otherwise something went wrong during installation.
address@hidden Managing Egos
address@hidden Managing Egos
+
+Egos are your "identities" in GNUnet. Any user can assume multiple identities,
+for example to separate his activities online. Egos can correspond to
+pseudonyms or real-world identities. Technically, an ego is first of all a
+public-private key pair, and thus egos also always correspond to a GNS zone.
+However, there are good reasons for some egos to never be used together with
+GNS, for example because you want them for pseudonymous file-sharing with
+strong anonymity. Egos are managed by the IDENTITY service. Note that this
+service has nothing to do with the peer identity. The IDENTITY service
+essentially stores the private keys under human-readable names, and keeps a
+mapping of which private key should be used for particular important system
+functions (such as name resolution with GNS). If you follow the GNUnet setup,
+you will have 4 egos created by default. They can be listed by the command@
address@hidden -d}@
address@hidden
+ short-zone - JTDVJC69NHU6GQS4B5721MV8VM7J6G2DVRGJV0ONIT6QH7OI6D50@
+ sks-zone - GO0T87F9BPMF8NKD5A54L2AH1T0GRML539TPFSRMCEA98182QD30@
+ master-zone - LOC36VTJD3IRULMM6C20TGE6D3SVEAJOHI9KRI5KAQVQ87UJGPJG@
+ private-zone - 6IGJIU0Q1FO3RJT57UJRS5DLGLH5IHRB9K2L3DO4P4GVKKJ0TN4G@
+}@
+These egos and their usage is descibed here.
+
+Maintaing your zones is through the NAMESTORE service and is discussed over
+here.
+
@node The GNS Tab
@subsection The GNS Tab
@c %**end of header
@@ -424,6 +448,71 @@ nickname is "Bob". Then, type@
}@
to check if your friend was as good at following instructions as you were.
+
address@hidden Backup of Identities and Egos
address@hidden Backup of Identities and Egos
+
+
+One should always backup their files, especially in these SSD days (our
+team has suffered 3 SSD crashes over a span of 2 weeks). Backing up peer
+identity and zones is achieved by copying the following files:
+
+The peer identity file can be found
+in @file{~/.local/share/gnunet/private_key.ecc}
+
+The private keys of your egos are stored in the
+directory @file{~/.local/share/gnunet/identity/egos/}. They are stored in
+files whose filenames correspond to the zones' ego names. These are
+probably the most important files you want to backup from a GNUnet
+installation.
+
+Note: All these files contain cryptographic keys and they are stored without
+any encryption. So it is advisable to backup encrypted copies of them.
+
address@hidden Revocation
address@hidden Revocation
+
+Now, in the situation of an attacker gaining access to the private key of
+one of your egos, the attacker can create records in the respective GNS zone
+and publish them as if you published them. Anyone resolving your domain will
+get these new records and when they verify they seem authentic because the
+attacker has signed them with your key.
+
+To address this potential security issue, you can pre-compute a revocation
+certificate corresponding to your ego. This certificate, when published on
+the P2P network, flags your private key as invalid, and all further
+resolutions or other checks involving the key will fail.
+
+A revocation certificate is thus a useful tool when things go out of control,
+but at the same time it should be stored securely. Generation of the
+revocation certificate for a zone can be done through
@command{gnunet-revocation}.
+For example, the following commands generates a revocation file
@file{revocation.dat}
+for the zone @code{zone1}:@
address@hidden -f revocation.dat -R zone1}
+
+The above command only pre-computes a revocation certificate. It does not
+revoke the given zone. Pre-computing a revocation certificate involves
+computing a proof-of-work and hence may take upto 4 to 5 days on a modern
+processor. Note that you can abort and resume the calculation at any time.
+Also, even if you did not finish the calculation, the resulting file willl
+contain the signature, which is sufficient to complete the revocation
+process even without access to the private key. So instead of waiting for a
+few days, you can just abort with CTRL-C, backup the revocation
+certificate and run the calculation only if your key actually was compromised.
+This has the disadvantage of revocation taking longer after the incident, but
+the advantage of saving a significant amount of energy. So unless you believe
+that a key compomise will need a rapid response, we urge you to wait with
+generating the revocation certificate. Also, the calculation is deliberately
+expensive, to deter people from doing this just for fun (as the actual
+revocation operation is expensive for the network, not for the peer performing
+the revocation).
+
+To avoid TL;DR ones from accidentally revocating their zones, I am not giving
+away the command, but its simple: the actual revocation is performed by using
+the @command{-p} option of @command{gnunet-revocation}.
+
+
+
@node What's Next?
@subsection What's Next?
@c %**end of header
@@ -440,8 +529,8 @@ to use GNS to have a private conversation with your friend.
Finally, help us
with the next GNUnet release for even more applications using this new
public key infrastructure.
address@hidden First steps Using GNUnet Conversation
address@hidden First steps Using GNUnet Conversation
address@hidden First steps: Using GNUnet Conversation
address@hidden First steps: Using GNUnet Conversation
@c %**end of header
Before starting the tutorial, you should be aware that
@@ -556,8 +645,8 @@ Note that we do not envision people to use
gnunet-conversation like this
forever. We will write a graphical user interface, and that GUI will
automatically create the necessary records in the respective zone.
address@hidden First steps Using the GNUnet VPN
address@hidden First steps Using the GNUnet VPN
address@hidden First steps: Using the GNUnet VPN
address@hidden First steps: Using the GNUnet VPN
@c %**end of header
@@ -695,8 +784,6 @@ impact users that publish, search or download files.
* File-sharing Directories::
* File-sharing Namespace Management::
* File-Sharing URIs::
-* GNS Configuration::
-* Using the Virtual Public Network::
@end menu
@node File-sharing Concepts
@@ -1159,49 +1246,11 @@ is the public key for the namespace. "IDENTIFIER" is a
freely chosen keyword
(or password!). A commonly used identifier is "root" which by convention refers
to some kind of index or other entry point into the namespace.
address@hidden GNS Configuration
address@hidden GNS Configuration
address@hidden %**end of header
-
-
-
address@hidden
-* DNS Services Configuration::
-* The GNU Name System::
-* Maintaining your own Zones::
-* Obtaining your Zone Key::
-* Adding Links to Other Zones::
-* The Three Local Zones of GNS::
-* The Master Zone::
-* The Private Zone::
-* The Shorten Zone::
-* The ZKEY Top Level Domain in GNS::
-* Resource Records in GNS::
-* NICK::
-* PKEY::
-* BOX::
-* LEHO::
-* VPN::
-* A AAAA and TXT::
-* CNAME::
-* GNS2DNS::
-* SOA SRV PTR and MX::
address@hidden menu
-
address@hidden DNS Services Configuration
address@hidden DNS Services Configuration
address@hidden %**end of header
-
-This creates new hostnames in the form "example.gnu". The "example" is filled
in
-the first column, the others describe a mapping to a service.
-
-The special strings "localhost4" and "localhost6" are expanded to the IPv4 and
-IPv6 address of the exit interface respectively.
-
@node The GNU Name System
address@hidden The GNU Name System
address@hidden The GNU Name System
@c %**end of header
+
The GNU Name System (GNS) is secure and decentralized naming system.
It allows its users to resolve and register names within the @code{.gnu}
top-level domain (TLD).
@@ -1228,8 +1277,22 @@ freely chosen by the user. This results in non-unique
name-value mappings as
@address@hidden://www.bob.gnu/, www.bob.gnu}} to one user might be
@address@hidden://www.friend.gnu/, www.friend.gnu}} for someone else.
+
address@hidden
+* Maintaining your own Zones::
+* Obtaining your Zone Key::
+* Adding Links to Other Zones::
+* The Three Local Zones of GNS::
+* The Master Zone::
+* The Private Zone::
+* The Shorten Zone::
+* The ZKEY Top Level Domain in GNS::
+* Resource Records in GNS::
address@hidden menu
+
+
@node Maintaining your own Zones
address@hidden Maintaining your own Zones
address@hidden Maintaining your own Zones
To setup you GNS system you must execute:@
@code{$ gnunet-gns-import.sh}
@@ -1261,7 +1324,7 @@ largely depending on the type of the record. Naturally,
most users may find
editing the zones using the gnunet-setup GUI to be easier.
@node Obtaining your Zone Key
address@hidden Obtaining your Zone Key
address@hidden Obtaining your Zone Key
Each zone in GNS has a public-private key. Usually, gnunet-namestore and
gnunet-setup will access your private key as necessary, so you do not have to
@@ -1279,7 +1342,7 @@ from gnunet-gtk. The QR code is displayed in the GNS tab
and can be stored to
disk using the Save as button next to the image.
@node Adding Links to Other Zones
address@hidden Adding Links to Other Zones
address@hidden Adding Links to Other Zones
A central operation in GNS is the ability to securely delegate to other zones.
@@ -1305,7 +1368,7 @@ Furthermore, if Bob has himself a (public) delegation to
Carol's zone under
the name of Carol's record you want to access).
@node The Three Local Zones of GNS
address@hidden The Three Local Zones of GNS
address@hidden The Three Local Zones of GNS
Each user GNS has control over three zones. Each of the zones has a different
purpose. These zones are the
@@ -1320,7 +1383,7 @@ shorten zone.
@end itemize
@node The Master Zone
address@hidden The Master Zone
address@hidden The Master Zone
The master zone is your personal TLD. Names within the @code{.gnu} namespace
are
@@ -1328,7 +1391,7 @@ resolved relative to this zone. You can arbitrarily add
records to this zone and
selectively publish those records.
@node The Private Zone
address@hidden The Private Zone
address@hidden The Private Zone
The private zone is a subzone (or subdomain in DNS terms) of your master zone.
@@ -1338,7 +1401,7 @@ records separate, if just to know that those names are
not available to other
users.
@node The Shorten Zone
address@hidden The Shorten Zone
address@hidden The Shorten Zone
The shorten zone can either be a subzone of the master zone or the private
zone.
@@ -1358,7 +1421,7 @@ called automatic name shortening and is supposed to keep
GNS names as short and
memorable as possible.
@node The ZKEY Top Level Domain in GNS
address@hidden The ZKEY Top Level Domain in GNS
address@hidden The ZKEY Top Level Domain in GNS
GNS also provides a secure and globally unique namespace under the .zkey
@@ -1369,7 +1432,7 @@ where globally unique names are required and for
integration with legacy
systems.
@node Resource Records in GNS
address@hidden Resource Records in GNS
address@hidden Resource Records in GNS
GNS supports the majority of the DNS records as defined in
@@ -1390,6 +1453,18 @@ was encountered) and hence generate a valid @code{.gnu}
name.
GNS currently supports the following record types:
address@hidden
+* NICK::
+* PKEY::
+* BOX::
+* LEHO::
+* VPN::
+* A AAAA and TXT::
+* CNAME::
+* GNS2DNS::
+* SOA SRV PTR and MX::
address@hidden menu
+
@node NICK
@subsubsection NICK
@@ -1546,7 +1621,7 @@ mail servers should be configured to accept e-mails to
the ZKEY-zones of all
local users.
@node Using the Virtual Public Network
address@hidden Using the Virtual Public Network
address@hidden Using the Virtual Public Network
@menu
* Setting up an Exit node::
@@ -1582,7 +1657,7 @@ and even alter the IP traffic. We will discuss additional
security implications
of using the VPN later in this chapter.
@node Setting up an Exit node
address@hidden Setting up an Exit node
address@hidden Setting up an Exit node
Any useful operation with the VPN requires the existence of an exit node in the
GNUnet Peer-to-Peer network. Exit functionality can only be enabled on peers
@@ -1639,7 +1714,7 @@ learn the service's name. VPN records in the GNU Name
System can make this
easier.
@node Fedora and the Firewall
address@hidden Fedora and the Firewall
address@hidden Fedora and the Firewall
When using an exit node on Fedora 15, the standard firewall can create trouble
@@ -1661,7 +1736,7 @@ instead of DROP and to watch the traffic using wireshark
(or tcpdump) to see if
ICMP messages are generated when running some tests that should work.
@node Setting up VPN node for protocol translation and tunneling
address@hidden Setting up VPN node for protocol translation and tunneling
address@hidden Setting up VPN node for protocol translation and tunneling
The GNUnet VPN/PT subsystem enables you to tunnel IP traffic over the VPN to an
--
To stop receiving notification emails like this one, please contact
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [gnunet-texinfo] branch master updated: attempting to give ref manual reasonable structure,
gnunet <=