mirror of
https://github.com/ntop/n2n.git
synced 2024-09-19 16:41:11 +02:00
Updated formatting
This commit is contained in:
parent
c43c929080
commit
cca6f1068c
37
README.md
37
README.md
|
@ -1,5 +1,6 @@
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Edge node
|
Edge node
|
||||||
---------
|
---------
|
||||||
|
|
||||||
|
@ -9,24 +10,26 @@ community.
|
||||||
0. become root
|
0. become root
|
||||||
|
|
||||||
1. create tun device
|
1. create tun device
|
||||||
$ tunctl -t tun0
|
`$ tunctl -t tun0`
|
||||||
|
|
||||||
3. enable the edge process
|
2. enable the edge process
|
||||||
$ ./edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw
|
`$ ./edge -d n2n0 -c mynetwork -k encryptme -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw`
|
||||||
or
|
or
|
||||||
$ N2N_KEY=encryptme ./edge -d n2n0 -c mynetwork -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw
|
`$ N2N_KEY=encryptme ./edge -d n2n0 -c mynetwork -u 99 -g 99 -m 3C:A0:12:34:56:78 -a 1.2.3.4 -l a.b.c.d:xyw`
|
||||||
|
|
||||||
Once you have this worked out, you can add the "-f" option to make edge detach
|
Once you have this worked out, you can add the `-f` option to make edge detach
|
||||||
and run as a daemon.
|
and run as a daemon.
|
||||||
|
|
||||||
Note that -u, -g and -f options are not available for Windows.
|
Note that `-u`, `-g` and `-f` options are not available for Windows.
|
||||||
|
|
||||||
|
|
||||||
Supernode
|
Supernode
|
||||||
--------
|
--------
|
||||||
|
|
||||||
You need to start the supernode once
|
You need to start the supernode once
|
||||||
|
|
||||||
1. ./supernode -l 1234 -v
|
1. `./supernode -l 1234 -v`
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Dropping Root Privileges and SUID-Root Executables (UNIX)
|
Dropping Root Privileges and SUID-Root Executables (UNIX)
|
||||||
|
@ -36,15 +39,15 @@ The edge node uses superuser privileges to create a TAP network interface
|
||||||
device. Once this is created root privileges are not required and can constitute
|
device. Once this is created root privileges are not required and can constitute
|
||||||
a security hazard if there is some way for an attacker to take control of an
|
a security hazard if there is some way for an attacker to take control of an
|
||||||
edge process while it is running. Edge will drop to a non-privileged user if you
|
edge process while it is running. Edge will drop to a non-privileged user if you
|
||||||
specify the -u <uid> and -g <gid> options. These are numeric IDs. Consult
|
specify the `-u <uid>` and `-g <gid>` options. These are numeric IDs. Consult
|
||||||
/etc/passwd.
|
`/etc/passwd`.
|
||||||
|
|
||||||
You may choose to install edge SUID-root to do this:
|
You may choose to install edge SUID-root to do this:
|
||||||
|
|
||||||
1. Become root
|
1. Become root
|
||||||
2. chown root:root edge
|
2. `chown root:root edge`
|
||||||
3. chmod +s edge
|
3. `chmod +s edge`
|
||||||
done
|
done
|
||||||
|
|
||||||
Any user can now run edge. You may not want this, but it may be convenient and
|
Any user can now run edge. You may not want this, but it may be convenient and
|
||||||
safe if your host has only one login user.
|
safe if your host has only one login user.
|
||||||
|
@ -53,7 +56,7 @@ safe if your host has only one login user.
|
||||||
Running As a Daemon (UNIX)
|
Running As a Daemon (UNIX)
|
||||||
-------------------
|
-------------------
|
||||||
|
|
||||||
Unless given "-f" as a command line option, edge will call daemon(3) after
|
Unless given `-f` as a command line option, edge will call daemon(3) after
|
||||||
successful setup. This causes the process to fork a child which closes stdin,
|
successful setup. This causes the process to fork a child which closes stdin,
|
||||||
stdout and stderr then sets itself as process group leader. When this is done,
|
stdout and stderr then sets itself as process group leader. When this is done,
|
||||||
the edge command returns immediately and you will only see the edge process in
|
the edge command returns immediately and you will only see the edge process in
|
||||||
|
@ -77,10 +80,10 @@ the edge command line.
|
||||||
eg. under linux:
|
eg. under linux:
|
||||||
|
|
||||||
on hostA:
|
on hostA:
|
||||||
[hostA] $ /sbin/ip -6 addr add fc00:abcd:1234::7/48 dev n2n0
|
`[hostA] $ /sbin/ip -6 addr add fc00:abcd:1234::7/48 dev n2n0`
|
||||||
|
|
||||||
on hostB:
|
on hostB:
|
||||||
[hostB] $ /sbin/ip -6 addr add fc00:abcd:1234::6/48 dev n2n0
|
`[hostB] $ /sbin/ip -6 addr add fc00:abcd:1234::6/48 dev n2n0`
|
||||||
|
|
||||||
You may find it useful to make use of tunctl from the uml-utilities
|
You may find it useful to make use of tunctl from the uml-utilities
|
||||||
package. Tunctl allow you to bring up a TAP interface and configure addressing
|
package. Tunctl allow you to bring up a TAP interface and configure addressing
|
||||||
|
@ -97,7 +100,7 @@ Performance Notes
|
||||||
|
|
||||||
The time taken to perform a ping test for various ciphers is given below:
|
The time taken to perform a ping test for various ciphers is given below:
|
||||||
|
|
||||||
Test: ping -f -l 8 -s 800 -c 10000 <far_edge>
|
Test: `ping -f -l 8 -s 800 -c 10000 <far_edge>`
|
||||||
|
|
||||||
AES (-O0) 11820
|
AES (-O0) 11820
|
||||||
TF (-O0) 25761
|
TF (-O0) 25761
|
||||||
|
|
Loading…
Reference in New Issue
Block a user