[tahoe-lafs-trac-stream] [Tahoe-LAFS] #517: make tahoe Tor- and I2P-friendly

Tahoe-LAFS trac at tahoe-lafs.org
Mon Jul 18 11:28:17 UTC 2016 

#517: make tahoe Tor- and I2P-friendly
-------------------------+-------------------------------------------------
     Reporter:  warner   |      Owner:  warner
         Type:           |     Status:  new
  enhancement            |
     Priority:  minor    |  Milestone:  1.13.0
    Component:  code-    |    Version:  1.2.0
  network                |   Keywords:  privacy anonymity anti-censorship
   Resolution:           |  i2p tor-protocol usability
Launchpad Bug:           |
-------------------------+-------------------------------------------------

Comment (by str4d):

 Here is my equivalent to the above for I2P.

 ----

 `tahoe.cfg` acquires an `[i2p]` section, with the following keys (and
 their defaults):

 - `enable = true`
 - `sam.port =` (empty, uses `tcp:127.0.0.1:7656` by default)
 - `launch = false`
 - `i2p.executable =` (empty, looks for common installation locations by
 default)
 - `i2p.configdir =` (empty, looks for common config directories by
 default)

 The highest-priority setting is `enable`. If `enable` is false, all other
 settings are ignored, and nothing uses I2P. If `enable` is true, the
 client attempts to import `foolscap.handlers.i2p` (which needs `txi2p`) at
 startup, and if that is successful, it installs a Foolscap connection
 handler for `i2p:` hints that route them to a
 `SAMI2PStreamClientEndpoint`.

 The next-highest priority is `sam.port`. The `sam.port` value is a Twisted
 client endpoint descriptor, pointing to a SAM API. If `sam.port` is not
 set, then we'll use `tcp:127.0.0.1:7656`. The `tcp:127.0.0.1:7656`
 fallback behavior is part of the `txi2p` client and server endpoint string
 syntax, but is not part of the `SAMI2PStreamClientEndpoint` and
 `SAMI2PStreamServerEndpoint` APIs (which require that the caller pass in
 an `IStreamClientEndpoint` that will connect to the SAM API).

 If `launch` is true, the client uses `txi2p` to start the given existing
 I2P installation if it is not already running. Connections are made
 through the I2P installation's SAM port as above. `i2p.executable` can be
 used to specify the exact I2P binary to run (if empty, the default
 behavior is to search `$PATH` and common installation locations for
 `i2prouter`).

 If `i2p.configdir` is set, the configuration files within will be parsed
 to obtain the current SAM port.

 || `enable` ||  `sam.port`  || `launch`  || `i2p.configdir` || ||
 ||  false   ||     *      ||    *      ||  *  || (1) No I2P
 ||  (true)  ||  (empty)   ||  (false)  ||  (empty)  || (2) SAM on
 `tcp:127.0.0.1:7656`
 ||  (true)  ||  (empty)   ||   true    ||  (empty)  || (3) Launch I2P, try
 to parse config for SAM port, fall back on `tcp:127.0.0.1:7656`
 ||  (true)  ||  (empty)   ||  (false)  || `path/to/.i2p` || (4) Parse
 config for SAM port
 ||  (true)  ||  (empty)   ||   true    || `path/to/.i2p` || (5) Launch
 I2P, parse config for SAM port
 ||  (true)  || `tcp:HOST:PORT` ||  (false)  ||  *  || (6) SAM on
 `tcp:HOST:PORT`
 ||  (true)  || `tcp:HOST:PORT` ||   true    ||  *  || INVALID

 Note that all of this merely controls **how** we use I2P, not **when** we
 use it. By default (unless `enable = false`), I2P-based connection hints
 (for external servers, which we learn through the Introducer) will use
 I2P, as specified by this config. To make the local storage server listen
 on the I2P destination (most likely the same one outgoing connections are
 made on), we'll use something else (#2773, although we can reuse at least
 part of this config, because listening happens through the same SAM API).
 To make the connection to the introducer(s) use I2P, see something in
 #2788.

 So, as far as use cases go:

 - Leaving everything set to the defaults will Just Work (i.e. outbound
 `i2p:` hints should connect) when:
   - an existing I2P process is running locally
   - and (Python) `txi2p` is installed
 - If you know you have some other I2P running (local or remote), set
 `sam.port=` to use it, and install at least `txi2p`. Use this if you want
 to leverage a 24/7 router on another machine (with the SAM port either
 port-forwarded, or directly-accessible and protected with SSL and
 authentication).
 - If you have I2P installed but not running, use `launch = true`, and
 maybe `i2p.executable=` if your I2P lives in an unusual place.
 - If you have I2P/`txi2p` installed, but for whatever reason (company
 policy?) do *not* want to use I2P, set `enable = false`.

 Note that `txi2p` currently does not have the functionality to implement
 `launch`, `i2p.executable` or `i2p.configdir`. Until that is implemented,
 only cases 1, 2 and 6 will work. I'm also not entirely sure about cases 3
 and 4 yet; that will crystallize after implementation.

--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/517#comment:86>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage

More information about the tahoe-lafs-trac-stream mailing list