Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
C JavaScript C++ Python PHP Perl Other
Pull request Compare This branch is 3610 commits behind cjdelisle:master.

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
cmake/modules
crypto
dht
dns
exception
interface
io
libbenc
memory
net
rfcs
switch
util
wire
.gitignore
BridgeModule.c
BridgeModule.h
CMakeLists.txt
README
cjdns.c
cjdvpn.c

README

Dear Reader,
    I suppose you are here because you are interested in alternative networks,
perhaps for censorship resistance, perhaps network security and I have no doubt you are wondering what
the hell this thing is supposed to do.
We can all find common ground in the statement that The Internet is painfully insecure. Free speech
and privacy advocates find it insecure against government listening and blocking, governments find
it insecure against hackers taking systems over and leaking secrets, and internet service providers
find it insecure against DDoS kiddies who use large swarms of zombie machines to send enough traffic
to overload a network link. These are, however, all different views of the same problem.

We have a number of somewhat competing offerings to solve this problem from ISPs and government.
We have IPSEC, DNSSEC, numerous proposals from the mundane to the wild and whacky such as "internet
drivers licenses".
The people who have developed these proposals are unfortunately limited in their thinking. ISPs are
unable to see past the now almost 30 year old routing protocols which glue together the internet of
today. Government actors are conditioned to think of something as secure when they have control over
it. A quick look at x509 (the authentication system behind SSL) shows us that central points of
failure inevitably live up to their name. In order to have a central authority, the people must not
only be able to trust his motives but they must be able to trust his system's integrity as well.
Recently people's email was compromised when DigiNotar certificate authority was hacked and used to
forge gmail certificates.

It is worthy of note that the vulnerability in DNS which ICE exploited to take down websites
they deemed "dedicated to copyright infringement" was also used by Anonymous to replace a movie
industry website with a manifesto.



--------------------   A System Is Only Secure When Nobody Has Total Control   --------------------



What is cjdns?
It is a routing engine designed for security, scalability, speed and ease of use.
The dream: You type ./cjdns and give it an interface which connects another node and it gives you an
ipv6 address generated from a public encryption key and a virtual network card (TUN device) which
you can use to send packets to anyone in the cjdns network to which you are connected.

How does it work?
In order to understand how cjdns works, it is important to understand how the existing internet works
when you send a packet, at each "intersection in the road" the router reads the address on the packet
and decides which turn it should take. In the cjdns net, a packet goes to a router and the router
labels the packet with directions to a router which will be able to best handle it. That is, a router
which is near by in physical space and has an address which is numerically close to the destination
address of the packet. The directions which are added to the packet allow it to go through a number
of routers without much handling, they just read the label and bounce the packet wherever the next
bits in the label tell them to. Routers have a responsibility to "keep in touch" with other routers
that are numerically close to their address and also routers which are physically close to them.
The router engine is a modified implementation of the Kademlia DHT design.

How close is it to complete?
If we're lucky, we'll have a live test network for Christmas.

What about DNS?
DNS is a complex system to implement and highly complex to implement without central authority, if
you would like to offer help with this part, I invite you to come join.

If you are still interested in this project and want to follow it, get in the channel on IRC:
http://chat.efnet.org:9090/?channels=%23cjdns&Login=Login



Thank you for your time and interest,

Caleb James DeLisle  ==  cjdelisle  ==  cjd








20110216-20110414
ircerr@EFNet
irc://irc.EFNet.org/#cjdns

How To compile cjdns on Debian
-Tested on Debian 6 (Squeeze) and Debian 5 (Lenny)

**UNTESTED/INCOMPLETE/RFC**
**UNTESTED/INCOMPLETE/RFC**
**UNTESTED/INCOMPLETE/RFC**

Assumed:
-You use debian (probally works on ubuntu)
-You did a backup recently ;)

# [command] lines are commands..
- [comment] lines are comments (or instructions/commands.. do it!)
* [therest] is obvious

-Remove older versions of deps

-Be sure libevent is gone
# dpkg -l | grep ^ii| grep libevent
ii  libevent-dev                    1.3e-3                     Development libraries, header files and docs
ii  libevent1                       1.3e-3                     An asynchronous event notification library

--Remove it if found
# apt-get remove libevent-dev

-Note: You may need to (re)compile TOR if you use it.

--Get newest versions of deps

--Get gcrypt
# apt-get install libgcrypt11-dev

--Get some additional things
# apt-get install build-essential cmake git

--libevent2 required:

***OPTION ONE - unstable branch of debian ***
--Check http://ftp.debian.org/debian/pool/main/libe/libevent/ for current

--Make a new dir for deps
# mkdir .deps
--Go There
# cd .deps
--Fetch deb packages:
# wget -N \
http://ftp.debian.org/debian/pool/main/libe/libevent/libevent-2.0-5_2.0.10-stable-1_i386.deb \
http://ftp.debian.org/debian/pool/main/libe/libevent/libevent-core-2.0-5_2.0.10-stable-1_i386.deb \
http://ftp.debian.org/debian/pool/main/libe/libevent/libevent-dev_2.0.10-stable-1_i386.deb \
http://ftp.debian.org/debian/pool/main/libe/libevent/libevent-extra-2.0-5_2.0.10-stable-1_i386.deb \
http://ftp.debian.org/debian/pool/main/libe/libevent/libevent-openssl-2.0-5_2.0.10-stable-1_i386.deb \
http://ftp.debian.org/debian/pool/main/libe/libevent/libevent-pthreads-2.0-5_2.0.10-stable-1_i386.deb \
http://ftp.ca.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze1_i386.deb
--Install them
# dpkg -i libevent-*.deb libssl*.deb
--Back to first dir
# cd ..


*** OPTION TWO - fetch git version, compile it ***
-Grab a copy of libevent ( http://monkey.org/~provos/libevent/ )
# git clone git://levent.git.sourceforge.net/gitroot/levent/libevent libevent
-Go there
# cd libevent
-Pre-config, detect what ya got
# ./autogen.sh
-Config
# ./configure
-Build
# make
-Install
# make install
-Go back.. DoH
# cd ..
--Libevent is now done.

*** OPTION THREE - man up and use the experimental repo! ***
-Add the repo to your sources.
# echo 'deb http://ftp.debian.org/debian experimental main' >> /etc/apt/sources.list
-Install it. Everything you need will be pulled in as dependencies.
# apt-get install libevent-dev=2.0.10-stable-1
--Was that so hard?

*** PICK ONE OF THE ABOVE ***

--cjdns
-Grab it
# git clone https://github.com/cjdelisle/cjdns.git cjdns

-Go there
# cd cjdns

-Setup build dir
# mkdir build

-Go there
# cd build

-pre-build
# cmake ..

-Build
# make

-Look for:
Linking C executable DNSTools_test
[100%] Built target DNSTools_test

--ALL DONE

--Test? Sure.

-use screen or such to get a few ttys, Xshells, pipe to log and bg, whatever.
-Setup a session, pointing at 2nd session
# ./cjdns 127.0.0.1:5353 127.0.0.1:5000 127.0.0.1:5001
-Setup 2nd session pointing at first session
# ./cjdns 127.0.0.1:5354 127.0.0.1:5001 127.0.0.1:5000

--Look for this line when it starts:
ANNOUNCING: 01901520f60cf0d7ed23521288cf5bf640bb7608.dht
This is your domain address.

-Whatever that number is points to you. If you shut down cjdns or it (OMG) crashes,
-you can and should enter that number again in the command line like so:
# ./cjdns 127.0.0.1:5354 127.0.0.1:5001 127.0.0.1:5000 01901520f60cf0d7ed23521288cf5bf640bb7608
-This is more important when in the real swarm since you will not suddenly be
-in the wrong neighborhood for your id.

Now for the fun:  ** REPLACE [string].dht with YOUR DHT ^^ seen above **

-Do a lookup via DHT
# dig @127.0.0.1 -p 5353 01901520f60cf0d7ed23521288cf5bf640bb7608.dht

; <<>> DiG 9.6-ESV-R1 <<>> @127.0.0.1 -p 5353 01901520f60cf0d7ed23521288cf5bf640bb7608.dht
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12313
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;01901520f60cf0d7ed23521288cf5bf640bb7608.dht. IN A

;; ANSWER SECTION:
01901520f60cf0d7ed23521288cf5bf640bb7608.dht. 30 IN A 208.91.129.187

;; Query time: 71 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Thu Feb 17 18:53:43 2011
;; MSG SIZE  rcvd: 78

^that's a real query of another dht node on the net,
yea 71 msec
really ;)

--Thats IT for now.
-Run it again on a public IP with a known dht host

#EOF#
Something went wrong with that request. Please try again.