"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "n2n.7" between
n2n-2.8.tar.gz and n2n-3.0.tar.gz

About: n2n is a layer-two peer-to-peer virtual private network (VPN) which allows bypassing intermediate firewalls.

n2n.7  (n2n-2.8):n2n.7  (n2n-3.0)
.TH "n2n_v2" 7 "Sep 21, 2009" "revision 3909" "Background" .TH "n2n_v3" 7 "Sep 27, 2021" "version 3" "Background"
.SH NAME .SH NAME
N2n Version 2 \- version 2 of the n2n decentralised peer-to-peer network overlay n2n version 3 \- version 3 of the n2n decentralised peer-to-peer network overlay
VPN. VPN.
.SH DESCRIPTION .SH DESCRIPTION
N2n is a peer-to-peer network overlay or VPN system that provides layer 2 over n2n is a peer-to-peer network overlay or VPN system that provides layer 2 over
layer 3 encapsulation with data transform capabilities such as encryption and layer 3 encapsulation with data transform capabilities such as encryption and
compression. This guide discusses the differences of version 2 or n2n from compression. This guide also discusses the differences of version 3 of n2n from
version 1. version 2.
.SH PROTOCOLS .SH PROTOCOLS
N2n-2 uses a different set of messages to communicate with edges and n2n-3 basically uses the same set of messages to communicate with edges and
supernodes. The n2n-2 messages are not compatible with n2n-1. There is no supernodes. However, due to slight packet format changes, the n2n-3 messages
backward compatibility for n2n-1. are not compatible with n2n-2. There is no backward compatibility for n2n-2.
.SH ENCRYPTION .SH ENCRYPTION
N2n-2 offers a new way of handling encryption compared to n2n-1. N2n-1 provided n2n-3 offers four different ciphers for payload encryption as well as optional
facility for a single community password with no expiration. In n2n-2 this header encryption. Earlier versions of n2n-2 provided a mechanism using a key
method is preserved but a new mechanism has been added using a key schedule schedule which has been removed in n2n-3. A basic user authentication scheme
file. relying on asymmetric cryptography has been added to n2n-3.
.TP
Key Schedule n2n-3 provides the following ciphers to chose from for payload encryption; more
A key schedule file lists a number of keys with the period for which each is can be added as required:
valid along with the encryption type identifier and the actual key value. This
allows the user to define up to 32 keys in advance with a pre-set time at which
they keys will change. The key schedule file can be reloaded while the edge is
running to allow new keys to be loaded and unused keys expunged.
.TP
Timing Requirements When a key rolls over to the next in the schedule, the new
key is used for all transmitted packets; however any packets received using an
older key can still be decoded as the keys from the key schedule are still
known. As a result edges do not need to have accurate time synchronisation. The
accuracy of required synchronisation depends to a large degree on the key
schedule. Rapid key roll-overs requires more accurate time synchronisation.
.P
N2n-2 provides the following encryption ciphers; more can be added as required:
.TP .TP
.B (1) NULL .B (1) NULL
Data is encapsulated unchanged. Useful for testing and high-performance, low Data is encapsulated unchanged. Useful for testing and high-performance, low
sensitivity applications. sensitivity applications.
.TP .TP
.B (2) TF .B (2) TF-CTS
Twofish AES candidate. Twofish AES candidate in CTS mode.
.P
The following additional ciphers are specified but not yet implemented:
.TP
.B (3) AES-CBC
AES in CBC mode with 256-bit key.
.TP .TP
.B (4) LZO .B (3) AES-CTS
LZO compression of data (no encryption). AES in CTS mode with up to 256-bit key.
.TP .TP
.B (5) TF-LZO .B (4) CHACHA20
TF cipher with LZO compression of data prior to encryption. ChaCha20, a well known stream cipher developped by Daniel J. Bernstein.
.TP .TP
.B (6) AES-CBC-LZO .B (5) SPECK-CTR
AES-CBC ciper with LZO compression of data prior to encryption. A fast block cipher developped by the NSA used as stream cipher in CTR mode.
.TP
Full Header Encyption
The optional full header encryption also encrypts packets' header which include
some administrative data. In addition, it adds replay protection.
.TP
User Password Authentication
n2n-3 implements an optional user-password authentication scheme. A key
generator assists in generating user's public keys to be stored at the
supernode side.
.SH COPMPRESSION
LZO for payload compression is an always available option at n2n-3. If compiled
with
zstdlib support, ZSTD is at optional service as well.
.SH EXTENSIBILITY .SH EXTENSIBILITY
N2n-2 decouples the data transform system from the core of the edge n2n-3 decouples the data transform system from the core of the edge
operation. This allows for easier addition of new data transform operation. This allows for easier addition of new data transform
operations. N2n-2 reserves 64 standard transform identifiers (such as TwoFish operations. n2n-3 reserves some standard transform identifiers (such as TwoFish
encryption) but allocates transform identifiers 64 - 65536 for user-defined encryption) but allocates transform identifiers for user-defined
transforms. This allows anyone to add to n2n new private transforms without transforms. This allows anyone to add to n2n new private transforms without
breaking compatibility with the standard offering. breaking compatibility with the standard offering.
.SH FEDERATED SUPERNODES
.SH MULTIPLE SUPERNODES n2n-3 incorporates the capability of multiple supernodes to be federated.
N2n-2 introduces the capability of multiple supernodes to be used by an Federation acts transparently and balances the workload evenly among the
edge. N2n-2 offers supernode in several flavours: federated supernodes. Supernodes keep track of edges connected to different
.TP supernodes and forward packets as required. This feature naturally supports
Stand-alone supernode fail-over and this increases redundancy and resilience.
This is the same concept as from n2n-1. Supernode is a small efficient C program
which operates in isolation.
.TP
Federated supernodes
This is a cluster of supernodes which share information. Edges registered to any
of the cooperating supernodes can relay packets through the supernode federation
and switch supernodes if required. Supernodes can send PACKET or REGISTER
messages to other supernodes to try and find the destination edge.
.P .P
The n2n-2 edge implementation allows multiple supernodes to be specified on the Information on additional supernodes is propagated to all edges. In addition,
the n2n-3 edge implementation allows multiple supernodes to be specified on the
command line. Edges monitor the current supernode for responses to command line. Edges monitor the current supernode for responses to
REGISTER_SUPER messages. If 3 responses are missed then the edge starts looking REGISTER_SUPER as well as PING messages. After three responses from current
for a new supernode. It cycles through the list of supernodes specified until it supernode are missed or when a better supernode in terms of significant lower wo
finds a working one. rkload
is found, the edge tries to connect to another supernode. It cycles through the
.SH EFFICIENCY list
The n2n-2 message formats have been made more efficient. The amount of data f supernodes which over and over again is sorted according to reported workload.
overhead has been reduced by ensuring the messages contain only the data fields
required. Some optional fields do not consume data if they are not present.
.SH DAEMON OPERATION
The supernode and edge use daemon mode of operation by default. This sense is
inverted from n2n-1 where they ran in the foreground by default. They can be
made to run in the foreground so tools such a DJB's daemontools can work with
them. See the
.B -f
option
.SH MANAGEMENT CONSOLE .SH MANAGEMENT CONSOLE
Edge and supernode in n2n-2 provide a UDP-based management console. Both listen Edge and supernode in n2n-3 provide a UDP-based management console. Both listen
on the localhost address 127.0.0.1. Commands can be sent to the programs by on the localhost address 127.0.0.1. Commands can be sent to the programs by
sending to the UDP socket. Responses are returned to the socket from which sending to the UDP socket. Responses are returned to the socket from which
commands were issued. This only works from the computer on which the programs commands were issued. This only works from the computer on which the programs
are running. Statistics can be retrieved and commands issued. The netcat utility are running. Statistics can be retrieved and commands issued. The netcat utility
is all that is required; but more sophisticated tools could be built on the is all that is required; but more sophisticated tools could be built on the
interface. interface.
.SH SUPERNODE AUTHENTICATION .SH SUPERNODE AUTHENTICATION
.B (To be implemented) The supernode federation name serves as private key shared between the supernode
Space has been reserved in the supernode registration messages for an s only.
authentication mechanism. The corresponding public key can be provided to the edges.
.SH MESSAGE SUMMARY .SH MESSAGE SUMMARY
The following message types work within n2n-2. The following message types work within n2n-3.
.TP .TP
REGISTER_SUPER REGISTER_SUPER
Sent from an edge to its local supernode to register its MAC with the community. Sent from an edge to its local supernode to register its MAC with the community.
Also, federated supernodes use this packet format to register to each other.
.TP .TP
REGISTER_SUPER_ACK REGISTER_SUPER_ACK
Sent from a supernode to an edge to confirm registration. This also carries the Sent from a supernode to an edge to confirm registration. This also carries the
definition of the edge socket as seen at the supernode so NAT can be detected definition of the edge socket as seen at the supernode so NAT can be detected
and described. and described. Furthermore, it carries information about additional federated
supernodes.
.TP .TP
REGISTER_SUPER_NAK REGISTER_SUPER_NAK
Supernode refusing to register an edge. Supernode refusing to register an edge.
.TP .TP
PACKET PACKET
Encapsulated ethernet packets sent between edges. Supernodes forward or Encapsulated ethernet packets sent between edges. Supernodes forward or
broadcast these and edges send them direct in peer-to-peer mode. broadcast these and edges send them direct in peer-to-peer mode.
.TP .TP
REGISTER REGISTER
A peer-to-peer mode registration request from one edge to another. Supernodes A peer-to-peer mode registration request from one edge to another. Supernodes
forward these to facilitate NAT crossing introductions. forward these to facilitate NAT crossing introductions.
.TP .TP
REGISTER_ACK REGISTER_ACK
Complete peer-to-peer mode setup between two edges. These messages need to Complete peer-to-peer mode setup between two edges. These messages need to
travel direct between edges. travel direct between edges.
.TP .TP
FEDERATION QUERY_PEER
Federated supernodes exchanging community information. Queries a supernode about another edge, especially its public socket in case of
no peer-to-peer communication can be established. Additionally, it serves as PIN
.SH OTHER DIFFERENCES G
.TP to query supernodes about themselves.
HTTP Tunneling .TP
This experimental feature (-t option in n2n_v1) of n2n_v1 has been removed PEER_INFO
entirely from n2n_v2. Answers the QUERY_PEER; it also covers the special case of the PING query, inter
nally
called PONG.
.SH AUTHORS .SH AUTHORS
.TP .TP
Richard Andrews andrews (at) ntop.org - main author of n2n-2 Richard Andrews andrews (at) ntop.org - main author of n2n-2
.TP .TP
Luca Deri Luca Deri
deri (at) ntop.org - code inherited from n2n-1 deri (at) ntop.org - code inherited from n2n-1
.SH SEE ALSO .SH SEE ALSO
ifconfig(8) edge(8) supernode(1) ifconfig(8) edge(8) supernode(1)
.br
the documentation contained in the source code
.br
the extensive documentation found in n2n's \fBdoc/\fR folder
 End of changes. 22 change blocks. 
93 lines changed or deleted 71 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)