headers
Alpt | 7 Dec 2005 15:42
Gravatar

Yet another NTK_RFC: 0007

About a vital change in the counter_gnode system used by ANDNA:

http://lab.dyne.org/Ntk_andna_counter_pubk

== NTK_RFC 0007 ==

Subject: ANDNA counter system based on public key

----
This text describes a change to the counter_gnode system in ANDNA.
It will be included in the final documentation, so feel free to correct it.
But if you want to change the system here described, please contact us first.
----

The counter_gnode is used to prevent massive registrations of hnames by a
single node, however there is a bug in the actual protocol.

Actually the IP of the counter_gnode is the hash of the public key of the
register node.

The public key is part of the key pair used by the register_node to register
and update its hnames, therefore there should be only one key pair for each
node. 

However, nothing prevents the register node to create multiple key pairs,
modify the netsukuku_d code and use them at the same time. 
With this technique, the register node can have a new counter_gnode for each 
new generated key pair, avoiding in this way the registration limit.

The solution is to calculate the IP of the hash_gnode using the hash of the IP
(Continue reading)

Permalink | Reply | 0 comments |
headers
Alpt | 9 Dec 2005 19:54
Gravatar

Re: netsukuku: ANDNA question

On Fri, Dec 09, 2005 at 06:14:11PM +0000, <Richard Lyons>:
~>   As I understand it, it is impossible to have a single computer set up
~>   to access either the internet or nesukuku, because management of
~>   resolv.conf and the DNS would conflict -- is that right?

Efphe is doing the work to resolve this problem.
Read this NTK_RFC:
http://lab.dyne.org/Ntk_andna_and_dns

Other RFC are here:
http://lab.dyne.org/Netsukuku_RFC

~> I am not really much of a hacker, or I would offer to contribute.  I
~> could improve the english text of the website (which is very good but
~> not natural english, and in some places is truly wrong), if that would
~> be appreciated by the team.

Of course, any help is appreciated.

Best regards.
--

-- 
:wq!
"I don't know nothing" The One Who reached the Thinking Matter   '.'

[ Alpt --- Freaknet Medialab ]
[ GPG Key ID 441CF0EE ]
[ Key fingerprint = 8B02 26E8 831A 7BB9 81A9  5277 BFF8 037E 441C F0EE ]
Permalink | Reply | 0 comments |
headers
Alpt | 13 Dec 2005 02:53
Gravatar

Call for testers

Hi there,

with this night commit, the code for the main part of NTK_RFC 0001 seems to be
stable enough, this means that, just for me, it works.

I don't know if the code wants to be friendly with you too, 
why don't you try, 
oh brave testers?

Cya
--

-- 
:wq!
"I don't know nothing" The One Who reached the Thinking Matter   '.'

[ Alpt --- Freaknet Medialab ]
[ GPG Key ID 441CF0EE ]
[ Key fingerprint = 8B02 26E8 831A 7BB9 81A9  5277 BFF8 037E 441C F0EE ]
Permalink | Reply | 2 comments |
headers
ordex-8cRKiK8W3qA@public.gmane.org | 13 Dec 2005 12:06
Picon
Favicon

Re: Call for testers

Nice ;)
I'll test it as soon as possible!
I'll post here all the results of the test.
On the next night try to sleep :) 
bye

> Da: Alpt <alpt@...>
> Data: Tue, 13 Dec 2005 02:53:50 +0100
> A: netsukuku <netsukuku@...>
> Oggetto:
>
> Hi there,
> 
> with this night commit, the code for the main part of NTK_RFC 0001 seems to be
> stable enough, this means that, just for me, it works.
> 
> I don't know if the code wants to be friendly with you too, 
> why don't you try, 
> oh brave testers?
> 
> Cya
> -- 
> :wq!
> "I don't know nothing" The One Who reached the Thinking Matter   '.'
> 
> [ Alpt --- Freaknet Medialab ]
> [ GPG Key ID 441CF0EE ]
> [ Key fingerprint = 8B02 26E8 831A 7BB9 81A9  5277 BFF8 037E 441C F0EE ]>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Massimiliano (MaZ | 13 Dec 2005 14:44

Re: Call for testers

> ..if the code wants to be..

Alpt, you make me smile.

Cya
Permalink | Reply | 0 comments |
headers
Aleksej R. Serdyukov | 16 Dec 2005 18:08
Picon
Favicon

network range

Hello

Can the restricted mode use 192.168 or something else that's free 
instead of 10.*?
In Russia, it is very popular to provide Internet access through big 
LANs, so 10 is busy.
Permalink | Reply | 9 comments |
headers
Alpt | 16 Dec 2005 19:55
Gravatar

Re: network range

On Fri, Dec 16, 2005 at 08:08:48PM +0300, <Aleksej R. Serdyukov>:
~> Hello
~> 
~> Can the restricted mode use 192.168 or something else that's free 
~> instead of 10.*?
~> In Russia, it is very popular to provide Internet access through big 
~> LANs, so 10 is busy.

Other than 10.* there is:

172.16.0.0 - 172.31.255.255	= 2097152 IPs
192.168.0.0 - 192.168.255.255	= 65536	  IPs

but they are too small, so there would be too many
collisions.

Then there is 127.0.0.0/8... but it is really a mess to get this range
working, 'cause there are many application which have hardcoded checks on the
IPs (i.e. the Linux kernel).
It is possible to use 127.x.x.x but you have to patch the kernel.

In other words, we can only use 10.0.0.0/8 for the default restricted class 
but...
it is a good idea to let the user choose the private class to use.

There are some issues when two different restricted network meet, but they
can be solved.

Wait for the 0.0.5b ^_^
--

--
(Continue reading)

Permalink | Reply | 8 comments |
headers
Aleksej R. Serdyukov | 16 Dec 2005 20:13
Picon
Favicon

Re: network range

Alpt wrote:
> In other words, we can only use 10.0.0.0/8 for the default restricted class 

I don't understand how the netmasks work...
The LAN is in 255.255.0.0, VPN to Internet is in 255.255.255.255.
What is /8?
If the masks are different, how does it appear to programs and me?

Is it possible to watch it all working well if I run two virtual
interfaces connected with VPN using minchiavpn? Does the vpn make
possible for me to participate in some remote Ntk (I don't have two
spare network cards that I could put into a second computer I'm going to
put here)?
With two virtual interfaces, does the daemon NOT do ANDNA?
Permalink | Reply | 7 comments |
headers
Alpt | 17 Dec 2005 22:44
Gravatar

Re: network range

On Fri, Dec 16, 2005 at 10:13:14PM +0300, <Aleksej R. Serdyukov>:
~> Alpt wrote:
~> >In other words, we can only use 10.0.0.0/8 for the default restricted 
~> >class 
~> 
~> The LAN is in 255.255.0.0, VPN to Internet is in 255.255.255.255.
~> What is /8?

10.0.0.0/8 means you are using 8 bits of the IP, so you have 32-8 bits free.
In this case 2^24 = 16777216 which are all the IPs in the range of
10.0.0.0 - 10.255.255.255

~> If the masks are different, how does it appear to programs and me?

The mask specify the part of the IP you can change, when an IP is set to a net
interface the kernel chooses the appropriate netmask.

~> Is it possible to watch it all working well if I run two virtual
~> interfaces connected with VPN using minchiavpn? Does the vpn make
~> possible for me to participate in some remote Ntk (I don't have two
~> spare network cards that I could put into a second computer I'm going to
~> put here)?

Yes, I've tried it and it worked.

~> With two virtual interfaces, does the daemon NOT do ANDNA?

what do you mean?
Maybe you want to use the -R option (-R == do not edit /etc/resolv.conf).
NetsukukuD doesn't distinguish an interface from another,
(Continue reading)

Permalink | Reply | 6 comments |
headers
Aleksej R. Serdyukov | 18 Dec 2005 10:53
Picon
Favicon

Re: network range

Alpt wrote:
> On Fri, Dec 16, 2005 at 10:13:14PM +0300, <Aleksej R. Serdyukov>:
> ~> With two virtual interfaces, does the daemon NOT do ANDNA?
> 
> what do you mean?
> Maybe you want to use the -R option (-R == do not edit /etc/resolv.conf).
> NetsukukuD doesn't distinguish an interface from another,
> there is no difference between a virtual if and a real if for it.

Well, I ran two interfaces, wrote "tester" into the ANDNA list, ran a 
Netsukuku for each of them. It corrected the /etc/resolv.conf, but 
nothing could be resolved then, and as the domain name was configured 
for the eth0 interface before (by dpkg-reconfigure etherconf), it was 
saying like "tester.mitino.com does not exist (idiot!)"
"tester.NTK" didn't make any difference.

If I get two computers with network cards, one of them connected to 
Internet, can the connected spread the Internet access by Netsukuku to 
another?
Permalink | Reply | 5 comments |

Gmane