3 @unnumbered Multicast areas
5 NNCP has ability to multicast packets: send single packet to multiple
6 recipients, which also can send it further to others. It can also be
7 called echomail (like in FidoNet networks) or newsgroup (like in Usenet
11 Each multicast group is identified by so-called @strong{area}. Area
12 consists of private/public Curve25519 keypairs for @ref{Encrypted area,
13 packets encryption}, identity (BLAKE2b-256 hash of the public key) and
14 possible subscribers. Areas are created with @ref{nncp-cfgnew} command.
16 You can make either file or exec transmissions to the areas. Those
17 ordinary file/exec packets are double wrapped in:
20 @item encrypted packet, securing the actual packet contents from
21 participants not having area's keypairs (but still being able to relay
22 that encrypted packet to the others)
23 @item area packet, containing area's identity, telling that tossing node
24 can should it to the subscribers further
28 Area's message identity (@code{MsgHash}) is the hash of the encrypted
29 packet header. Because the area packet, containing the encrypted packet,
30 is relayed as-is without any modifications, that area message's hash
31 will be the same on each node it reaches.
33 @ref{nncp-toss, Tosser}'s algorithm of processing the area packet is
37 @item check is it known area's identity (@code{AREA}).
38 Fail/skip if it is unknown
39 @item hash encrypted packet's header, getting the @code{MsgHash}
40 @item for each area's subscribers:
42 @item check if that message was already seen (sent or received from)
43 before by the destination node: check existence of
44 @file{SPOOL/NODE/area/AREA/MsgHash} file. Skip that node if
46 @item if subscriber's node is not the one we received the packet
47 from, then create outgoing encrypted packet to it, with that
49 @item create corresponding @file{MsgHash} file
50 @item "rewind" the outer encrypted file to the beginning and repeat
51 the whole cycle again, while all of subscribers will "seen" that
54 Expensive signature verification and shared key computation
55 procedures are skipped in the following cycles -- only symmetric
56 cryptography will be in use, having negligible CPU resource
59 @item check if we have seen that area's message before by looking at
60 @file{SPOOL/SELF/area/AREA/MsgHash}. If so, remove the packet,
61 because it is just a ordinary possible duplicate, finish its processing
62 @item check if we have got corresponding area's private key. If no key
63 exists, then remove the packet, finish its processing -- we just
64 relay it further without being able to read it
65 @item look if area's encrypted packet's sender is known to us. If
66 neither it is known, nor we have @code{allow-unknown} configuration
67 option set for that area, then fail
68 @item otherwise start decryption procedure, possibly ignoring the
69 sender's signature verification if it is unknown
70 @item fed the decrypted contents to the toss-procedure as an ordinary
71 plain packet, receiving files or exec calls
72 @item mark area's message as the seen one, remove the packet, finish
76 Because outgoing packets creation for each subscriber can be time and
77 (disk) resource consuming, we can suddenly fail. It would be bad if we
78 will loose the possibility to retry the multicasting process again. So
79 we have got to save somehow outgoing area's message in permanent
80 storage, while outgoing copies are created. That is why the initial (not
81 relaying) message to the area is sent to the @strong{self} and processed
82 by the @ref{nncp-toss, tosser} to create necessary outgoing message
83 copies. Because message to myself is also encrypted, area's message is
84 encrypted and secured and noone sees plaintext @code{MsgHash}, knowing
85 that you either originated or have that message on the disk.
87 For example we have got 4 nodes participating in the single area and
88 let's send file to that area from the @code{nodeA}:
91 nodeA -> subs: ["nodeB", "nodeD"]
92 nodeB -> subs: ["nodeC", "nodeD", "nodeA"], no keys
93 nodeC -> subs: ["nodeB"]
94 nodeD -> subs: ["nodeA", "nodeB"]
105 $ nncp-file nodelist-20210704.rec.zst area:nodelist-updates:
106 $ nncp-toss -node self
111 @command{nncp-file} creates an encrypted packet with area packet and
112 encrypted packet inside it, with our own @code{self} node as a recipient
113 (in the @file{SPOOL/SELF/tx} directory). It also creates the
114 @file{SPOOL/SELF/area/AREA/MsgHash} file.
117 @command{nncp-toss} sees @file{tx/} file and "opens" it, applying the
118 area message tossing procedure as described above. That will create
119 outgoing packets in @file{SPOOL/nodeB/tx} and @file{SPOOL/nodeD/tx}
120 directories with @file{SPOOL/nodeB/area/AREA/MsgHash}
121 @file{SPOOL/nodeD/area/AREA/MsgHash} files. Because we already have
122 @file{SPOOL/SELF/area/AREA/MsgHash}, that packet is removed then.
125 When @code{nodeB} receives the encrypted packet, it sees the area one
126 inside. It copies/relays it to the @code{nodeC} and @code{nodeD}. It can
127 not read area's message because it lacks the keys.
130 @code{nodeC} does not relay it to anyone. Just stores
131 @file{nodelist-20210704.rec.zst} in the incoming directory.
134 @code{nodeD} receives packets from both @code{nodeA} and @code{nodeB}.
135 Only one of them processed, and other is ignored because corresponding
136 @file{MsgHash} file will exist.
138 If @code{nodeD} will receive packet from the @code{nodeB} first, it will
139 relay it to the @code{nodeA} also, that will silently remove it when
140 tossing, because it was already seen.
143 When @code{nodeC} sends message to the area, then @code{nodeA} will
144 receive it twice from @code{nodeB} and @code{nodeD}, ignoring one of