idk/sam-forwarder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added remaining encrypted leaseset options to tunconf.

Browse Source
This commit is contained in:
idk
2018-09-13 22:13:44 -04:00
parent 1f8c617eb5
commit 6c044b2029
9 changed files with 147 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -28,7 +28,8 @@ Current limitations:
====================
I need to document it better.
[Besides fixing up the comments, this should help for now.](USAGE.md).
[Besides fixing up the comments, this should help for now.](USAGE.md). I also
need to control output verbosity better.
TCP is working very well. HTTP mode also exists, which just adds the X-I2P-DEST
headers in. It does this both ways, for applying the dest headers inbound to
@ -48,10 +49,9 @@ people use the most. They're pretty easy to add, it's just boring. *If you*
*please.* I'm pretty responsive when people actually contact me, it'll probably
be added within 24 hours. I intend to have configuration options for all
relevant i2cp and tunnel options, which I'm keeping track of
[here](config/CHECKLIST.md).
Encrypted leasesets are only half-implemented. The option seems to do nothing at
the moment. Soon it will be configurable.
[here](config/CHECKLIST.md). In particular, *Encrypted leasesets are only*
*half-implemented. The option seems to do nothing at the moment. Soon it will*
*be configurable.*
I should probably have some options that are available in other general network
utilities. I've started to do this with samcatd.

26
README.md.asc
View File

@ -31,7 +31,8 @@ Current limitations:
====================
I need to document it better.
[Besides fixing up the comments, this should help for now.](USAGE.md).
[Besides fixing up the comments, this should help for now.](USAGE.md). I also
need to control output verbosity better.
TCP is working very well. HTTP mode also exists, which just adds the X-I2P-DEST
headers in. It does this both ways, for applying the dest headers inbound to
@ -51,10 +52,9 @@ people use the most. They're pretty easy to add, it's just boring. *If you*
*please.* I'm pretty responsive when people actually contact me, it'll probably
be added within 24 hours. I intend to have configuration options for all
relevant i2cp and tunnel options, which I'm keeping track of
[here](config/CHECKLIST.md).
Encrypted leasesets are only half-implemented. The option seems to do nothing at
the moment. Soon it will be configurable.
[here](config/CHECKLIST.md). In particular, *Encrypted leasesets are only*
*half-implemented. The option seems to do nothing at the moment. Soon it will*
*be configurable.*
I should probably have some options that are available in other general network
utilities. I've started to do this with samcatd.
@ -77,12 +77,12 @@ I'm eventually going to make the manager implement net.Conn. This won't be
exposed in the default application probably though, but rather as a library.
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEcNIGBzi++AUjrK/311wDs5teFOEFAlubDuMACgkQ11wDs5te
FOG8vAf/bTScp2rmQtZJKlyviM7P2/2ZPwRdrnX8n5GwWH2zLssefXSJmC5FPC4D
DQz+6IM8KrIIMyq8COA77gOAGVE3WwR2kzjJRFYL9wDKXE73lb34872EwJaHdA5p
z6kpHK6EO8VewB4Hno2fbMJfsEUeUpnfqqk0pz+LsxMejyMpwiS/nTz0gkOfuCsA
SRSppzm/mAaVlwSdJbCLbpS5pi5usOUZu2O2yWKjMHBJzBqEFxZj/n1odpHFXeOh
EX2kQz0vyfClwrb0KlNrFLdG4hmVMoY7Sk0mBFjUbM3PKGG9BcK4Xc6etLyAsWld
pzA3i+0SRrQOPzYipU0GcALsHroPfg==
=KnhH
iQEzBAEBCAAdFiEEcNIGBzi++AUjrK/311wDs5teFOEFAlubGVEACgkQ11wDs5te
FOHvXAgAgoXgK31y8PwcCVyf2pb3ON6GasWTV6G3C0G+0KI39nHsCK9PXFC9AJwN
W7EvScly4cSWE2Pmf6Kmsh3AX2ckVcIDjBWWT3iX+8us84xKkyac9z1KDMRqsCM5
xBrxLIkabDy/uiJQK9RJ86Ka8ueMa59GxIIH795QQTy2uIstBjq+OTu59tT3KxlF
dI3V4EnGydzClrBy1tX7bkTvFQwlBsHZJ8Nm1b+7Pgab2v5XhmurY5YMl0aiQZSH
UrHVXmD8eXSLL98/LNOAI03InhCAYMn+GBCTE9AhR0wHnn7KeoYXB7VBFH2mM6ss
UWS4KJeC1MD5sKvyaeDQr6k6AGdAJQ==
=dmJ4
-----END PGP SIGNATURE-----

16
config/CHECKLIST.md
View File

@ -4,18 +4,20 @@ I2CP/Tunnel Options Implementation Checklist
This version of this document is valid for sam-forwarder. If you'd like to use
it, the original is at [CHECKLIST.orig.md](CHECKLIST.orig.md).
28/41 planned options complete.
key:
- \[U\] - Undone/Unknoqn
- \[C\] - Confirmed Working
- \[W\] - Work in progress
- \[N\] - Not applicable
- \[N\] - Not applicable/Won't be implemented without good reason.
- \[*\] - See also
Version Recommended Allowable Default
[U] - clientMessageTimeout 8*1000 - 120*1000 60*1000 The timeout (ms) for all sent messages. Unused. See the protocol specification for per-message settings.
[U] - crypto.lowTagThreshold 0.9.2 1-128 30 Minimum number of ElGamal/AES Session Tags before we send more. Recommended: approximately tagsToSend * 2/3
[U] - crypto.tagsToSend 0.9.2 1-128 40 Number of ElGamal/AES Session Tags to send at a time. For clients with relatively low bandwidth per-client-pair (IRC, some UDP apps), this may be set lower.
[N] - crypto.lowTagThreshold 0.9.2 1-128 30 Minimum number of ElGamal/AES Session Tags before we send more. Recommended: approximately tagsToSend * 2/3
[N] - crypto.tagsToSend 0.9.2 1-128 40 Number of ElGamal/AES Session Tags to send at a time. For clients with relatively low bandwidth per-client-pair (IRC, some UDP apps), this may be set lower.
[U] - explicitPeers null Comma-separated list of Base 64 Hashes of peers to build tunnels through; for debugging only
[C] - i2cp.dontPublishLeaseSet true,false false Should generally be set to true for clients and false for servers
[C] - i2cp.fastReceive 0.9.4 true,false false If true, the router just sends the MessagePayload instead of sending a MessageStatus and awaiting a ReceiveMessageBegin.
@ -42,7 +44,6 @@ key:
[*] - inbound.* Any other options prefixed with "inbound." are stored in the "unknown options" properties of the inbound tunnel pool's settings.
[*] - outbound.* Any other options prefixed with "outbound." are stored in the "unknown options" properties of the outbound tunnel pool's settings.
[U] - shouldBundleReplyInfo 0.9.2 true,false true Set to false to disable ever bundling a reply LeaseSet. For clients that do not publish their LeaseSet, this option must be true for any reply to be possible. "true" is also recommended for multihomed servers with long connection times. Setting to "false" may save significant outbound bandwidth, especially if the client is configured with a large number of inbound tunnels (Leases). If replies are still required, this may shift the bandwidth burden to the far-end client and the floodfill. There are several cases where "false" may be appropriate: Unidirectional communication, no reply required LeaseSet is published and higher reply latency is acceptable LeaseSet is published, client is a "server", all connections are inbound so the connecting far-end destination obviously has the leaseset already. Connections are either short, or it is acceptable for latency on a long-lived connection to temporarily increase while the other end re-fetches the LeaseSet after expiration. HTTP servers may fit these requirements.
[C] - i2cp.closeIdleTime 0.7.1 1800000 300000 minimum (ms) Idle time required (default 30 minutes)
[C] - i2cp.closeOnIdle 0.7.1 true,false false Close I2P session when idle
[W] - i2cp.encryptLeaseSet 0.7.1 true,false false Encrypt the lease
@ -51,10 +52,15 @@ key:
[W] - i2cp.leaseSetKey 0.7.1 For encrypted leasesets. Base 64 SessionKey (44 characters)
[W] - i2cp.leaseSetPrivateKey 0.9.18 Base 64 private key for encryption. Optionally preceded by the key type and ':'. Only "ELGAMAL_2048:" is supported, which is the default. I2CP will generate the public key from the private key. Use for persistent leaseset keys across restarts.
[W] - i2cp.leaseSetSigningPrivateKey 0.9.18 Base 64 private key for signatures. Optionally preceded by the key type and ':'. DSA_SHA1 is the default. Key type must match the signature type in the destination. I2CP will generate the public key from the private key. Use for persistent leaseset keys across restarts.
[U] - i2cp.messageReliability BestEffort, None None Guaranteed is disabled; None implemented in 0.8.1; None is the default as of 0.9.4
[C] - i2cp.reduceIdleTime 0.7.1 1200000 300000 minimum (ms) Idle time required (default 20 minutes, minimum 5 minutes)
[C] - i2cp.reduceOnIdle 0.7.1 true,false false Reduce tunnel quantity when idle
[C] - i2cp.reduceQuantity 0.7.1 1 1 to 5 1 Tunnel quantity when reduced (applies to both inbound and outbound)
[U] - i2cp.SSL 0.8.3 true,false false Connect to the router using SSL. If the client is running in the same JVM as a router, this option is ignored, and the client connects to that router internally.
[U] - i2cp.tcp.host 127.0.0.1 Router hostname. If the client is running in the same JVM as a router, this option is ignored, and the client connects to that router internally.
[U] - i2cp.tcp.port 1-65535 7654 Router I2CP port. If the client is running in the same JVM as a router, this option is ignored, and the client connects to that router internally.
\* : I'd like to have something like this setting internal to samcatd, but it
might not always be relevant to pass it through to the real i2p router. Right
now, I'm leaning toward a samcatd specific setting, but maybe just alter the
behavior of this setting for use with samcatd instead? Probably just give
samcatd it's own thing.

1
config/auth.go Normal file
View File

@ -0,0 +1 @@
package i2ptunconf

1
config/bundle.go Normal file
View File

@ -0,0 +1 @@
package i2ptunconf

78
config/leasesets.go
View File

@ -25,3 +25,81 @@ func (c *Conf) SetEncryptLease(label ...string) {
c.EncryptLeaseSet = false
}
}
// GetLeasesetKey takes an argument and a default. If the argument differs from the
// default, the argument is always returned. If the argument and default are
// the same and the key exists, the key is returned. If the key is absent, the
// default is returned.
func (c *Conf) GetLeasesetKey(arg, def string, label ...string) string {
if arg != def {
return arg
}
if c.config == nil {
return arg
}
if x, o := c.Get("i2cp.leaseSetKey", label...); o {
return x
}
return arg
}
// SetEncryptLease tells the conf to use encrypted leasesets the from the config file
func (c *Conf) SetLeasesetKey(label ...string) {
if v, ok := c.Get("i2cp.leaseSetKey", label...); ok {
c.LeaseSetKey = v
} else {
c.LeaseSetKey = ""
}
}
// GetLeasesetPrivateKey takes an argument and a default. If the argument differs from the
// default, the argument is always returned. If the argument and default are
// the same and the key exists, the key is returned. If the key is absent, the
// default is returned.
func (c *Conf) GetLeasesetPrivateKey(arg, def string, label ...string) string {
if arg != def {
return arg
}
if c.config == nil {
return arg
}
if x, o := c.Get("i2cp.leaseSetPrivateKey", label...); o {
return x
}
return arg
}
// SetLeasesetPrivateKey tells the conf to use encrypted leasesets the from the config file
func (c *Conf) SetLeasesetPrivateKey(label ...string) {
if v, ok := c.Get("i2cp.leaseSetPrivateKey", label...); ok {
c.LeaseSetPrivateKey = v
} else {
c.LeaseSetPrivateKey = ""
}
}
// GetLeasesetPrivateSigningKey takes an argument and a default. If the argument differs from the
// default, the argument is always returned. If the argument and default are
// the same and the key exists, the key is returned. If the key is absent, the
// default is returned.
func (c *Conf) GetLeasesetPrivateSigningKey(arg, def string, label ...string) string {
if arg != def {
return arg
}
if c.config == nil {
return arg
}
if x, o := c.Get("i2cp.leaseSetPrivateSigningKey", label...); o {
return x
}
return arg
}
// SetLeasesetPrivateSigningKey tells the conf to use encrypted leasesets the from the config file
func (c *Conf) SetLeasesetPrivateSigningKey(label ...string) {
if v, ok := c.Get("i2cp.leaseSetPrivateKey", label...); ok {
c.LeaseSetPrivateSigningKey = v
} else {
c.LeaseSetPrivateSigningKey = ""
}
}

1
config/reliability.go Normal file
View File

@ -0,0 +1 @@
package i2ptunconf

1
config/timeout.go Normal file
View File

@ -0,0 +1 @@
package i2ptunconf

69
config/tunconf.go
View File

@ -16,39 +16,42 @@ import (
// Conf is a tructure containing an ini config, with some functions to help
// when you use it for in conjunction with command-line flags
type Conf struct {
config *goini.INI
FilePath string
Labels []string
Client bool
Type string
SaveDirectory string
SaveFile bool
TargetHost string
TargetPort string
SamHost string
SamPort string
TargetForPort443 string
TunName string
EncryptLeaseSet bool
InAllowZeroHop bool
OutAllowZeroHop bool
InLength int
OutLength int
InQuantity int
OutQuantity int
InVariance int
OutVariance int
InBackupQuantity int
OutBackupQuantity int
UseCompression bool
FastRecieve bool
ReduceIdle bool
ReduceIdleTime int
ReduceIdleQuantity int
CloseIdle bool
CloseIdleTime int
AccessListType string
AccessList []string
config *goini.INI
FilePath string
Labels []string
Client bool
Type string
SaveDirectory string
SaveFile bool
TargetHost string
TargetPort string
SamHost string
SamPort string
TargetForPort443 string
TunName string
EncryptLeaseSet bool
LeaseSetKey string
LeaseSetPrivateKey string
LeaseSetPrivateSigningKey string
InAllowZeroHop bool
OutAllowZeroHop bool
InLength int
OutLength int
InQuantity int
OutQuantity int
InVariance int
OutVariance int
InBackupQuantity int
OutBackupQuantity int
UseCompression bool
FastRecieve bool
ReduceIdle bool
ReduceIdleTime int
ReduceIdleQuantity int
CloseIdle bool
CloseIdleTime int
AccessListType string
AccessList []string
}
// Print returns and prints a formatted list of configured tunnel settings.