exchpub: MJACJ...FAI6A
signpub: T4AFC...N2FRQ
noisepub: UBM5K...VI42A
- sendmail: [/bin/sh, -c, false]
+ sendmail: ["/bin/sh", "-c", "false"]
incoming: /home/alice/incoming
addrs:
lan: "[fe80::1234%igb0]:5400"
log} file.
@strong{notify} section contains notification settings for successfully
-tossed file and file request packets. Corresponding @strong{from} and
+tossed file and freq packets. Corresponding @strong{from} and
@strong{to} fields will substituted in notification email message.
-@emph{neigh/self/sendmail} will be used as a local mailer. If
-either of @emph{from}/@emph{to} fields are omitted, then no notification
-will be sent.
+@emph{neigh/self/sendmail} will be used as a local mailer. If either of
+@emph{from}/@emph{to} fields are omitted, then no notification will be
+sent.
@strong{self} section contains our node's private keypairs.
@strong{exch*} and @strong{sign*} are used during @ref{Encrypted,
encrypted} packet creation. @strong{noise*} are used during @ref{Sync,
-sync protocol} working in @ref{nncp-call}/@ref{nncp-daemon}.
+synchronization protocol} working in @ref{nncp-call}/@ref{nncp-daemon}.
@strong{neigh} section contains all known neighbours information. It
always has @strong{self} neighbour that is copy of our node's public
data (public keys). It is useful for copy-paste sharing with your
friends. Each section's key is a human-readable name of the neighbour.
-Except for @emph{id}, @emph{exchpub} and @emph{signpub} each node has
-the following fields:
+Except for @emph{id}, @emph{exchpub} and @emph{signpub} each neighbour
+node has the following fields:
@table @strong
@item noisepub
Must be present, but can be dummy (only zeros) if no online
-communication using @ref{Sync, sync protocol} will be used.
+communication using @ref{Sync, synchronization protocol} will be used.
@item sendmail
An array containing path to executable and its command line arguments
Perform @ref{Spool, spool} directory integrity check. Read all files
that has Base32-encoded filenames and compare it with recalculated
-BLAKE2b hash output of their contents. This supplementary command should
-not be used often in practice, if ever.
+BLAKE2b hash output of their contents. This supplementary command are
+not used often in practice, if ever.
@node nncp-daemon
@section nncp-daemon
@end verbatim
Start listening TCP daemon, wait for incoming connections and run
-@ref{Sync, sync protocol} with each of them. You can run @ref{nncp-toss}
-utility in background to process inbound packets from time to time.
+@ref{Sync, synchronization protocol} with each of them. You can run
+@ref{nncp-toss} utility in background to process inbound packets from
+time to time.
@code{-maxconn} option specifies how many simultaneous clients daemon
can handle. @code{-bind} option specifies @code{addr:port} it must bind
@item Packets prioritizing
UUCP and NNCP will push higher priority ("grade" in UUCP
terminology) packets first. You mail will pass, even when many
- gigabytes files is queued in parallel.
+ gigabytes files are queued in parallel.
@item SMTP integration
Mail servers like @url{http://www.postfix.org/, Postfix} offers
* Installation::
* Configuration::
* Commands::
+* Niceness::
* Spool directory: Spool.
* Log format: Log.
* Packet format: Packet.
@include install.texi
@include cfg.texi
@include cmds.texi
+@include niceness.texi
@include spool.texi
@include log.texi
@include pkt.texi
@unnumbered Log format
Log is a plaintext file with single log entry per line. Lines are "\n"
-separated. Each line has the following format:
+separated. It is not intended to be read by human -- use @ref{nncp-log}
+utility.
+
+Each line has the following format:
@verbatim
LEVEL | DATETIME | SD | MSG
--- /dev/null
+@node Niceness
+@unnumbered Niceness
+
+Each transmitted packet has niceness level, as Unix has @code{nice}
+command for controlling processes priority. Higher nicer level means
+that packet is "nicer" and allows other to bypass him -- that means
+lower transmission precedence.
+
+Send big files with higher nicer level! That will guarantee you that
+higher priority packets, like mail messages, will pass first, even when
+lower priority packet was already been partly downloaded.
+
+There are default niceness levels built-in for @ref{nncp-mail},
+@ref{nncp-file} and @ref{nncp-freq} commands. But pay attention that it
+can give information about underlying payload to the adversary!
@code{NNCPE0x10x00x00}
@item Niceness @tab
unsigned integer @tab
- 1-255, packet niceness level, its priority.
- Lower value means higher precedence
+ 1-255, packet @ref{Niceness, niceness} level
@item Sender @tab
32-byte, fixed length opaque data @tab
Sender node's id
Ephemeral curve25519 public key
@item Signature @tab
64-byte, fixed length opaque data @tab
- ed25519 signature for that encrypted packet
+ ed25519 signature for that packet's header
@item Size @tab
unsigned hyper integer @tab
Encrypted payload size
derivation function
@item two 256-bit keys are derived from it for using with Twofish and
BLAKE2b-MAC functions
-@item Twofish encryption and BLAKE2b-MACing is performed over the
-plaintext. Ciphertext and MAC tag are appended to the header
+@item Twofish encryption is performed over the plaintext and
+BLAKE2b-MACing is performed over the ciphertext. Ciphertext and MAC tag
+go after header.
@end enumerate
@node Sync
-@unnumbered Sync protocol
+@unnumbered Synchronization protocol
-So-called sync protocol (SP) is used in current TCP daemon's
+So-called synchronization protocol (SP) is used in current TCP daemon's
implementation. It is used for synchronizing @ref{Spool, spool}
directory contents between two nodes.
It is aimed to be very simple and effective. It uses reliable transport
like TCP connections. It must be effective both on single-duplex and
-full-duplex links: for example satellites have very high throughput and
+full-duplex links: for example satellites have very high throughput but
high-delay links, so acknowledging of each received packet, like
@url{https://en.wikipedia.org/wiki/XMODEM, XMODEM} does, causes
unacceptable performance degradation.
hiding actual number of @code{INFO} packets (number of files available
for transmission).
-Each SP payload is a concatenation of various SP packets. Each packet
-has XDR-encoded header and then corresponding XDR-encoded body. Header
-is just an unsigned integer telling what body structure follows.
+Each SP payload is a concatenation of SP packets. Each packet has
+XDR-encoded header and then corresponding XDR-encoded body. Header is
+just an unsigned integer telling what body structure follows.
@table @code
@headitem @tab XDR type @tab Value
@item Niceness @tab
unsigned integer @tab
- 1-255, file niceness level, its priority
+ 1-255, file niceness level
@item Size @tab
unsigned hyper integer @tab
File size
example.com nncp:bob
@end verbatim
-Now, all mail will be stored in NNCP spool, that after exchanging and
-tossing will call local @code{sendmail} command to deliver them just
-that was happened on the same machine.
+Now, all mail will be stored in NNCP @ref{Spool, spool}, that after
+exchanging and tossing will call local @code{sendmail} command to
+deliver them just that was happened on the same machine.
@node UsecaseUnreliable
@section Unreliable/expensive communication link
the same data retransmission again, that can be expensive to afford.
Just send your mail and files through NNCP. You can use either offline
-delivery methods -- read about them below, or you can use included NNCP
-TCP daemon.
+delivery methods -- read about them in the next section, or you can use
+included NNCP TCP daemon.
The command below:
drives? This type of data exchange is called
@url{https://en.wikipedia.org/wiki/Sneakernet, sneakernet}/floppynet.
-NNCP allows traffic prioritizing: each packet has niceness level,
-that will guarantee that it will be processed earlier or later than the
-other ones. Nearly all commands has corresponding option:
+NNCP allows traffic @ref{Niceness, prioritizing}: each packet has
+niceness level, that will guarantee that it will be processed earlier or
+later than the other ones. Nearly all commands has corresponding option:
@verbatim
% nncp-file -nice 32 myfile node:dst
@section Extreme terrestrial environments, no link
This is some kind of too slow link. Offline delivery methods is the only
-choice. Just send files as shown above, but use removable media for
-transferring packets to other nodes.
+choice. Just send files as shown in previous section, but use removable
+media for transferring packets to other nodes.
Assume that you send two files to @code{bob} node. Insert USB storage
device, mount it and run:
read if private keys are compromised.
Friend-to-friend networks, darknets can mitigate risks related to fake
-and forged nodes. However they are harder to support require more time
-to be done right.
+and forged nodes. However they are harder to support and require more
+time to be done right.
NNCP's TCP daemon uses @url{http://noiseprotocol.org/, Noise-IK}
protocol to mutually authenticate peers and provide effective (both
via: [bob]
@end verbatim
-That configuration file tells that we have got two known neighbours
-(nodes, peers): @code{bob} and @code{bob-airgap}. @code{bob} can be
-reached via online connection using @code{lan} address.
-@code{bob-airgap} can be reached by sending intermediate relay packet
-through the @code{bob}.
+That configuration file tells that we have got two known neighbours:
+@code{bob} and @code{bob-airgap}. @code{bob} can be reached via online
+connection using @code{lan} address. @code{bob-airgap} can be reached by
+sending intermediate relay packet through the @code{bob}.
Any command like @code{nncp-file myfile bob-airgap:} will automatically
-create two packets: one for the destination endpoint, other for
-intermediate relaying node.
+create an encapsulated packet: one for the destination endpoint, and
+other carrying it for intermediate relaying node.
Pay attention that relaying node knows nothing about the packet inside,
but just its size and priority. Transition packets are encrypted too.
This is some kind of bad link too. Some governments tend to forbid
@strong{any} kind of private communication between people, allowing only
entertainment content delivering and popular social networks access
-(that are already bloated with advertisements, local proprietary
-JavaScript code execution (for spying on user activities, collect data
+(that are already bloated with advertisements, locally executed
+proprietary JavaScript code (for spying on user activities, collect data
on them), shamelessly exploiting of very basic interhuman need of
communication).
-This is their natural right and wish. Nobody forces you to obey huge
+This is their natural wish. But nobody forces you to obey huge
corporations like Apple, Google or Microsoft. It is your choice to
create isolated friend-to-friend network with piles of harmless content
and private messaging. Only predators silently watch for their victims
Very important property is that compromising of those dead drops and
storages must not be fatal and even dangerous. Packets sent through the
-network and exchanged via those devices are end-to-end encrypted (but
-unfortunately lacking forward secrecy). No filenames, mail recipients
-are seen.
-
-All communications are done with so-called spool area: directory
-containing only those unprocessed encrypted packets. After packet
-transfer you still can not read any mail of get files: you have to run
-another stage: tossing. Only that stage involves your private
-cryptographic keys. So even if your loose your computer, storage devices
-and so on -- it is not so bad, because you are not carrying private keys
-with it, you do not "toss" those packets immediately on the same device.
-Tossing (reading those encrypted packets and extracting transferred
-files and mail messages) could and should be done on a separate
-computer.
+network and exchanged via those devices are end-to-end @ref{Encrypted,
+encrypted} (but unfortunately lacking forward secrecy). No filenames,
+mail recipients are seen.
+
+All communications are done with so-called @ref{Spool, spool} area:
+directory containing only those unprocessed encrypted packets. After
+packet transfer you still can not read any of them: you have to run
+another stage: tossing, that involves your private cryptographic keys.
+So even if your loose your computer, storage devices and so on -- it is
+not so bad, because you are not carrying private keys with it, you do
+not "toss" those packets immediately on the same device. Tossing
+(reading those encrypted packets and extracting transferred files and
+mail messages) could and should be done on a separate computer.
@item Tune it up and set at least @ref{Spool, spool} and log paths.
@item Share your public keys and reachability addressees with your
neighbours. Add their keys to your configuration file and do any other
-required configuration about their reachability, allowance of file or
-freq transmissions.
+required configuration about their reachability, permissions of file or
+freq transmission.
@item Use @ref{nncp-file}, @ref{nncp-freq}, @ref{nncp-mail}
(@ref{Postfix, look how} Postfix SMTP server could be configured for its
usage) commands to queue file, freq and mail transmissions. Repeat as