From cca6f1068cad806ee1c389b32bcb787cf39e9483 Mon Sep 17 00:00:00 2001 From: Babak Farrokhi Date: Tue, 25 Oct 2016 18:00:04 +0330 Subject: [PATCH] Updated formatting --- README.md | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 467bcc7..c786f12 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ + Edge node --------- @@ -9,24 +10,26 @@ community. 0. become root 1. create tun device -$ tunctl -t tun0 + `$ tunctl -t tun0` -3. enable the edge process -$ ./edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw - or -$ N2N_KEY=encryptme ./edge -d n2n0 -c mynetwork -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw +2. enable the edge process + `$ ./edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw` + or + `$ N2N_KEY=encryptme ./edge -d n2n0 -c mynetwork -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw` -Once you have this worked out, you can add the "-f" option to make edge detach +Once you have this worked out, you can add the `-f` option to make edge detach and run as a daemon. -Note that -u, -g and -f options are not available for Windows. +Note that `-u`, `-g` and `-f` options are not available for Windows. + Supernode -------- You need to start the supernode once -1. ./supernode -l 1234 -v +1. `./supernode -l 1234 -v` + Dropping Root Privileges and SUID-Root Executables (UNIX) @@ -36,15 +39,15 @@ The edge node uses superuser privileges to create a TAP network interface device. Once this is created root privileges are not required and can constitute a security hazard if there is some way for an attacker to take control of an edge process while it is running. Edge will drop to a non-privileged user if you -specify the -u and -g options. These are numeric IDs. Consult -/etc/passwd. +specify the `-u ` and `-g ` options. These are numeric IDs. Consult +`/etc/passwd`. You may choose to install edge SUID-root to do this: 1. Become root -2. chown root:root edge -3. chmod +s edge -done +2. `chown root:root edge` +3. `chmod +s edge` + done Any user can now run edge. You may not want this, but it may be convenient and safe if your host has only one login user. @@ -53,7 +56,7 @@ safe if your host has only one login user. Running As a Daemon (UNIX) ------------------- -Unless given "-f" as a command line option, edge will call daemon(3) after +Unless given `-f` as a command line option, edge will call daemon(3) after successful setup. This causes the process to fork a child which closes stdin, stdout and stderr then sets itself as process group leader. When this is done, the edge command returns immediately and you will only see the edge process in @@ -77,10 +80,10 @@ the edge command line. eg. under linux: on hostA: -[hostA] $ /sbin/ip -6 addr add fc00:abcd:1234::7/48 dev n2n0 +`[hostA] $ /sbin/ip -6 addr add fc00:abcd:1234::7/48 dev n2n0` on hostB: -[hostB] $ /sbin/ip -6 addr add fc00:abcd:1234::6/48 dev n2n0 +`[hostB] $ /sbin/ip -6 addr add fc00​:abcd:​1234::6/48 dev n2n0` You may find it useful to make use of tunctl from the uml-utilities package. Tunctl allow you to bring up a TAP interface and configure addressing @@ -97,7 +100,7 @@ Performance Notes The time taken to perform a ping test for various ciphers is given below: -Test: ping -f -l 8 -s 800 -c 10000 +Test: `ping -f -l 8 -s 800 -c 10000 ` AES (-O0) 11820 TF (-O0) 25761