Bootstrapping to Anonymous P2P Networks

Even P2P overlays need some way to bootstrap in disconnected networks.

While DNS typically bootstraps with hardcoded IP addresses of the 13
root servers.

Ants p2p (version 2) kerjodando bootstraps using the itsdargens.com website.

Any user website can be set-up and used for this purpose.

Basically, all code is open source so that users can set-up own bootstrapping website.

The website replaces the current ANts p2p bootstrapping methods:

1. irc (why use this method when a website is much more friendly)
   
2. Gwebcache (this openly displays your ip address to strangers) and
3. Random walk accross the ad-hoc network. This allows users who you are not connected to (and don't know) to find out who else is connected.
   

The itsdargens.com Ruby on Rails bootstrapping website will provides the following functions:

1. Bootstrapping to a friend to friend group
2. TCP NAT traversal

STUNT P2P TCP NAT Traversal on a Ad-hoc Overlay Network

I've been thinking about this TCP NAT Traversal (TCP hole punching a method that allows everyone to connect quickly without port forwarding).

I think the following changes are needed to kerjodando to make it work.

1. Trusted Peers list (and itsDargens User database table) need to include two extra hidden fields, User ID (prob already in itsDargens database) and "use STUNT" flag. For example, if 100 users on a LAN connect to one group they will all have different user IDs although they have the same ip+port. Then when a user wants to connect to another user (after trying direct connection) they connect to STUNT using their user ID and signal (using SIPS) to another users ID. STUNT then tell them what ip+port to use to connect to that user ID. Also STUNT would set the "use STUNT flag" to yes.
2. ItsDargens user database to change to include "use STUNT" flag
3. Trusted peer file needs to download and use the included user IDs and "use STUNT" flag as well as ip+port.
   

The other thing I realised is that for signaling, users will have to maintain a connection to the STUNT server as long as they have a user (user ID) in their trusted peers list that they are not connected to.

However, once they have connected to all their trusted peers they can disconnect form the STUNT server.

Also, probably there will be some users that you can't connect to even with STUNT, maybe these should be marked as such in "use STUNT" flag and counted as connected when deciding if should disconnect form STUNT server.

To me a STUNT server consists of the following processes:

1. Maintaing TCP user connections with many users (User IDs)
   
2. Recording user (user ID) ip+port for at least two test connections from the user
3. Calculating predicted ip+port for a user (User ID)
4. Reply to a request to connect to a User ID with predicted ip+port
   
5. Telling other User to also make a request etc
6. Recording "STUNT flag" in user database table so that it can be included in downloaded trusted peers
7. Recording if STUNT does not work
   

More About STUNT:

Found STUNT ( Simple Traversal of UDP Through NATs and TCP too) library in java:

http://nutss.gforge.cis.cornell.edu//jstunt-faq.php


What does the stunt.jar library provide?

It provides a way to establish unproxied TCP connections between two end-points, both of which can be behind a NAT. It returns a SocketChannel that can be used for blocking or non-blocking IO as the application desires.


How does one write a server-client or peer-to-peer applications with the library?

We have provided a simple server-client application consisting of an EchoServer ( http://nutss.gforge.cis.cornell.edu//EchoServer.java ) that accepts inbound connections from one or more EchoClient ( http://nutss.gforge.cis.cornell.edu//EchoClient.java ) applications.


Does the library require some infrastructure?

Yes. The library requires a rendezvous server (much like a directory server) where applications with one URI can find the application with another URI and coordinate to establish a connection. The library also requires some STUNT servers that help applications find out their external IP address and port for establishing the real connection.


Does the rendezvous server proxy data?

No. The rendezvous server only helps set up the connection. After that, all data is exchanged directly between the end-points and does not go through the rendezvous server.


Who provides the rendezvous and STUNT service? Who can use them?

We at Cornell University are providing a rendezvous and STUNT service for developers and researchers to use. However, if you wish to deploy your own application that uses the library, we ask that you set up rendezvous and STUNT servers only for your own applications such that you do not overburden the Cornell service (which is for research and development purposes) and so that outages and changes in the Cornell service doesn't affect your application. The rendezvous server ( https://gforge.cis.cornell.edu/frs/?group_id=15 )and STUNT server ( https://gforge.cis.cornell.edu/frs/?group_id=15 )code is freely available.


Is this library under active development? Will you implement feature X?

The library is a proof of concept that TCP NAT Traversal is possible and is intended to be a starting-poing for application developers who want to use it in a real-world deployable project. At the same time, it is a library that can be used more-or-less unmodified for research and quicky-development and prototyping of applications. Time permitting, I would like to implement various features that are requested; but I cannot promise that all features will be implemented in a timely fashion. I will do my best to make the library more suited to its primary goal -- show how the NAT TCP problem can be solved easily by applications.


I want to implement TCP NAT traversal in my application but don't want to use your library?

The TCP NAT traversal code is contained in the file STUNTCont.java ( https://gforge.cis.cornell.edu/plugins/scmcvs/cvsweb.php/old/stunt_java/src/net/nutss/stunt/STUNCont.java?cvsroot=cvsroot%2Fnutss ). It includes extensive documentation. Feel free to adapt the code to your application. The rendezvous service and the STUNT service are modular and may be replaced by your own implementations if you wish to use the rest of the library.


Also see http://en.wikipedia.org/wiki/STUN

Aslo see:

see STUNT

http://nutss.gforge.cis.cornell.edu/stunt.php

and

http://www1.ietf.org/mail-archive/web/p2prg/current/msg00789.html

and

http://en.wikipedia.org/wiki/NAT_traversal

and

http://reports-archive.adm.cs.cmu.edu/anon/isri2005/CMU-ISRI-05-104.pdf

and

http://emu.freenetproject.org/pipermail/tech/2005-September/011611.html

kerjodando p2p - Your Own Private Internet

Hi

Now testing kerjodando p2p, your own private internet.

Search, download, enjoy.

1. Goto test page here http://www.itsdargens.com/swarm/show_one/86d1cca8104f981648eb1b1d0f0f3a39
2. Click START to open torrent file to download and install kerjodando p2p client
3. Click RUN to accept kerjodando digital signature.
4. When kerjodando opens wait for connection (3 minutes)
5. Search
6. Download by right-clicking on file and selecting download

Currently beta testing so email me back with comments.

Thanks

TCP NAT TRAVERSAL and WEB GUI

I'm really excited at the moment.

Development is moving forward very quickly as my two developers and me are now working on ANts p2p everyday and they seem to be very enthused.

Once we have finished some house-keeping on the SVN and sorted out connections using trusted peers only we have two big things to work on.

They are working on are:

TCP NAT traversal and

Web Gui.

Both are very important for kerjodando as it is meant to be user friendly (web gui) and should be easy for small groups to use (TCP NAT traversal).

One big reason why ANts p2p version 1 does not work that well is because of human nature.

People in general (including me) are stupid and lazy.

So most people do not 'port forward' - so can only connect to those select few who do - this creates VERY BIG BOTTLE NECKS and security weaknesses.

Do you know how many people are connected to Ts**a and one or two others only - whereas Ts**a and one or two others have 20 connections!

Secondly, most people (even me ) can't be bothered to put their correct ip address in connections page - this stops them from being used by the random walk function, looking for peers with free slots, as it will show only user's internal ip address.

This leads to a very fragmented network with bottle necks.

Where there are no NAT issues for example on a LAN ANts version 1 works fine but put a NAT in and it doesn't for the reasons I mentioned earlier.

Well anyway TCP NAT traversal will make it possible for anyone to connect to anyone else this will mean that all peers will use up their maximum connections and so there WILL BE NO BOTTLENECKS ;-)

And the web gui will mean that ANYONE (who can code a web page) will be able to design a new GUI and that our GUI will be as EASY AS YOUTUBE or SEEQPOD to use ;-)

As for the new version of ANts p2p I am not convinced - it is either better or worse it can't be no change!

Firewall Tunnelling and Quicker User Connection

Tne next project is ensure that users connect quickly and easily to kerjodando. It has two parts:

1. Ensure that users connect quickly and easily to trusted peers ONLY (except for users using Upnp to connect to other LAN users)

Currently "Ants" has several methods of connecting these need to be removed leaving only trusted peers and Upnp.

There might be more than this but here are the methods I know:

1. irc - REMOVED
   
2. gwebcache - REMOVED
   
3. peers - previous connections - LEAVE
   
4. random walk across the network from peer to peer recording peers with free slots - TO BE REMOVED
   
5. manual connect in advance tab - LEAVE
   
6. trusted peers - IMPROVE SO THAT IT KEEPS TRYING UNTIL CONNECTION MADE WITHOUT ANY BANDWIDTH TESTING
7. Upnp - LEAVE

This is important as with fewer users in each group quick connection is very important.


2. Using the itsDargens website as an intermediary develop a simple process to allow two peers with un-forwarded ports to connect.

I must admit that I don't fully understand the TCP/IP protocol but I would prefer if the solution involved a client connecting to website and then the website updating the trusted peers file to reflect the external port that was used. (This could be total rubbish on my part) The solution must be SIMPLE.

This is important as with fewer users in each group quick connection is very important and there is a high probability that both users may not have kerj ports forwarded.

Both jobs are urgent as the point of the application is to CONNECT and DOWNLOAD and currently about 50% of users can't connect!



The full list of things added and removed are:

Needed:
Own folder, separate from Ants - JAVA - OUTSTANDING
Client minimize to systems tray on opening - JAVA- OUTSTANDING
try to connect to trusted peers - JAVA- OUTSTANDING
itsdargens itermediate connection help where two users behind a firewall - RAILS - OUTSTANDING
ipfilter.dat - RAILS - OUTSTANDING
irc applet to website - RAILS- OUTSTANDING
email invite from google and IM on website - RAILS - OUTSTANDING


Not Needed:
Help page not needed as it is no help! - JAVA - DONE
Browser location setting no longer needed - JAVA - DONE
Monitor clip board for ed2k and ants links - JAVA - DONE
Random walk for new peers with free slots (must use trusted peers) - JAVA - OUTSTANDING
irc - JAVA - DONE
http tunnel - JAVA - DONE
ed2k hashes - JAVA - DONE
Search for peers on Gwebcache - JAVA - DONE
publish ip on gwebcache - JAVA - DONE
any restriction on peers connected to e.g. bandwidth - JAVA - OUTSTANDING

kerjodando Cutting it Back to the Core

2007-6-26 remove skin
SettingsAntPanel.java, jLabel18 and jComboBox4 removed.Four setLookAndFeel() have been modified. LookAndFeel were set to getCrossPlatformLookAndFeelClassName()
remove Trendy,Napkin,Liquid related jars

2007-7-9 http tunnel
HttpAntPanel class was totally removed, and other places where HttpAntPanel is used are also modified
HttpAntPanel.java modified, leaving only one static attribute 07-07-08
HttpPopupMenu.java removed. This popuo menu is only use in http tunnel tab

2007-7-9 ed2k hash
shared file no need to calculate its hashvalue
BackgroundEngine.java, leave sharedFilesIndexED2KHash as an empty object,DonkeyHashFile object removed
DonkeyHashFile.java removed
removed ants.p2p.utils.donkey.*, including Convert.java,DonkeyHashFile.java,DonkeyPacketConstant.java,MD4.java
In SharePopupMenu.java,jMenuItem2 was removed, generating a ed2k link is removed
FileInfos.java, calculating the ed2k hash of a file is replace with an empty string

2007-7-10 GWebCache
SettingsAntPanel.java: removed jCheckBox8 and jCheckBox9 and all concerning GWebCache
ConnectionManager.java: lastGWebCacheUpdate,lastGWebCacheFetch,publishIpOnGWebCache,searchIpOnGWebCache all removed
delete com.limegroup

2007-7-10 IRC bots
ConnectionManager.java, irc concerning things removed,org.jibble.pircbot.* not need again
SettingAntsPanel.java, a panel concerning IRC is removed
ConnectionAntPanel.jave,this.container.sap.* concerning IRC is removed,IrcBot related things removed
ICRbot.java deleted
ChatAntPanel.java deleted
ChatPopMenu.java deleted
UsersComparator.java deleted
SettingAntsPanel.java, checking if it is null before updating its look and feel

2007-7-10 Not monitor ed2k: link in clipboard
QueryLinkDaemon.java set ed2kFound=false;SettingAntsPanel.jCheckBox7.tooltips changed

You Can Use Any Port on ANts p2p version 2 (kerjodando)

The development team has just added a new option to use any port to connect to Ants p2p (kerjodando) YUM YUM!

See http://www.itsdargens.com/swarm/show_one/86d1cca8104f981648eb1b1d0f0f3a39

If you don't put a port then 443 is used.

443 is still the recommended port as it allows people behind firewalls to connect easily.

Please try it we need some feedback.