Kjell Rune Skaaraas (skaaraas at yahoo.no) wrote:
> However, rather than defining it myself
> whenever my IP changes, or running some kind of
> dynamic DNS, applications like mIRC do a server-side
> lookup. How difficult would it be to do the same for
> Freenet?
mjr and I have told Matthew, more than once, that this is going to
be required eventually. Last time it was brought up, he rejected
it because he was eager to get 0.5.1 released -- fair enough.
It's a protocol change, so it's a fairly significant addition to
the code and must be done with due caution. Only Ian (and his
hirelings, Matthew and so forth) can make the decisions as to
whether, and when, to make such changes.
Also, the details need to be worked out. Since there is no central
server, there's no authoritative answer. Nodes can and will lie
to each other -- we have to assume a hostile environment until
trust is established.
One of the simpler forms of the proposal is this:
1) New node A starts up, and does not have an IP address in the
config file. An IP address or hostname in the config file bypasses
all this, of course.
2) A sends requests to B and C (chosen randomly from the routing table)
saying "what is my IP address?"
3) A gets responses back and compares them. If they agree, then we
assume the response is truthful, and we advertise that IP
address in subsequent announcements and data source resets.
4) If the responses do not agree, or do not arrive within a reasonable
period of time, we go back to step 2.
5) Until we have established the local IP address, we do not announce,
and we do not reset the data source.
More complex variations are also possible.
The following must also be noted, because it wasn't known to all the
members of the discussion at the time:
*) You CANNOT be sure of the ability to connect to your own IP
address to verify it. Port forwarding through a NAT is done
on a per-interface basis. If a packet comes into the firewall
from the internal interface, it may or may not be forwarded to
the Freenet machine correctly, depending on the firewall and
its configuration. Therefore, if you can connect to yourself
on the IP address that the nodes give you, that's great -- but
failure to do so does NOT invalidate the answer.
--
Greg Wooledge | "Truth belongs to everybody."
greg at wooledge.org | - The Red Hot Chili Peppers
http://wooledge.org/~greg/ |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20030528/dbab6094/attachment.pgp>
