Re: [Help-gnunet] setting up a strict f2f network

[Christian Grothoff]

On 03/06/2012 02:23 PM, ug wrote:
> Hello,
>
> we are trying to setup a strict f2f network with gnunet. But we are
> currently struggeling a bit with the text configuration as little
> documentation is found. (we have nodes unable to run the gtk setup)

You can run gnunet-setup on one node and copy the configuration file 
over afterwards, you know? ;-).

> We dont want any other clients involved in our network, not even for
> routing purposes. During the setup we noticed constant network i/o and
> even disk i/o. So i commented the servers section in the [hostlist]
> configuration, to never gain information about other peers. correct?
> I understand that routing and the tmpstorage is crucial to the
> anonymity, but not needed in our case.

Actually, commenting out here is not helpful, as then the defaults will 
take over.  However, you have

[arm]
DEFAULTSERVICES = topology fs

which is all you need to do to disable 'hostlist'.

As for the IO, In your configuration, you still have:
[fs]
CONTENT_PUSHING = YES

which will cause disk IO and network IO.  You might want to disable this 
option -- especially if all nodes have CONTENT_CACHING to NO already.

Now, the above configuration will also not guarantee that your peer 
won't find other peers by
a) IPv6 multicast
b) WLAN discovery
c) from other peers in your "private" network (one peer configured
   differently => all other peers learn from it)
d) from previous runs with other configurations
e) by other peers which learned about your peers previously

As you can see, isolating your network by disabling hostlist is not 
likely to be a good way to do it --- GNUnet is pretty aggressive about 
trying to connect broadly.  The "correct" way to to this is to maintain 
a 'friends' file (collect output of 'gnunet-peerinfo -sq' on each peer, 
one output per line) and store that in

[topology]
MINIMUM-FRIENDS = 0
FRIENDS-ONLY = YES
AUTOCONNECT = YES
FRIENDS = $SERVICEHOME/friends

If all your peers do this, connections from the outside should always be 
rejected (regardless of how the two peers might have learned about each 
other).

> Therefore, it was my understanding that we should use a Zero anonymity
> level, to achieve client-to-client connections for the filesharing. As
> your documentation states, both, the publisher and the downloader have
> to specify no anonymity, but we were unable to figure out how the
> publisher could agree to such a level.

$ gnunet-publish -a 0

> To prevent any tmp storage on other nodes, we switched CONTENT_CACHING
> to NO. But still unsure if this is sufficient.

As I say above, that will prevent content moving to you, but your peer 
will still try to push its content out to others, so you should disable 
CONTENT_PUSHING as well.

> Is the assumption correct, that the private ~/gnunet.conf supersedes the
> default configuration at /etc/gnuntd.conf?

No.  Private ~/.gnunet/gnunet.conf overrides the default configuration 
from /usr/share/gnunet/config.d/*.  /etc/gnunet.conf is just the 
suggested location for a 'system-wide' configuration.

> tl;dr:
> we tried to achieve a strict f2f network, with tcp client-to-client traffic:
> I've pasted my gnunetd.conf file: http://pastebin.com/X102SXpL
>
> Any assistance would be great, as we'd like to share our experience and
> write a small guide for this type of gnunet setup.

I hope this helps!  Also, if you want to post guides on gnunet.org, 
create an account there and let me know -- it's supposed to be a 
community portal, but due to extensive spam abuse we needed to put 
heavy-handed upfront moderation in place.  But that is not supposed to 
mean that only "core" members can post....


Happy hacking!


Christian