Skip to content
Maxim Kammerer edited this page Sep 24, 2011 · 12 revisions

Cables Communication Sources

This wiki is intended to document cables communication sources. For general documentation, head over to the project site.

Protocol

The self-stabilizing communication protocol for a stateless web service-like implementation is specified in doc/cable.txt, and is quite simple: peers push short messages via the CGI service on the remote end, and pull files that the other end prepares for them (everything happens via HTTP GETs). The protocol is self-stabilizing in the sense that all actions are eventually retried, and an injected/modified message or file will not confuse the peer.

Sources overview

The key source files that realize the communication protocol are:

Certificates generation

If you want to understand what's going on, I suggest to start with the generation of public encryption/verification certificates and private decryption/signing keys. gen-cable-username generates three public certificates: ca, verify and encrypt (based on the private keys root, sign and decrypt). The first certificate is the “root CA”, and the persistent username is generated from its fingerprint. The two other certificates, verify and encrypt, are issued by ca. In the current implementation, root, sign and decrypt private keys are the same key (due to the resources required to generate a long RSA key), but they don't have to be — that's why three certificates are used instead of just one.

Communication loops

After the certificates, continue to cable/loop, which realizes a complete loop sequence for each of the possible states for a peer. doc/cable.txt is your friend here — there is a very close correspondence between the protocol specification and the individual source files.

Other source files

src/daemon.c is probably the hardest to understand, since its purpose is to efficiently launch cable/loop whenever a new message is registered by src/service.c. It employs inotify to listen for filesystem events, retries after randomized time periods (to prevent fingerprinting) when no events are detected (since inotify is not too reliable with fuse filesystems), goes into standby while the filesystem is unmounted, waits when too many child processes have been launched, etc.

src/service.c does the simple tasks specified for the service loop, but is extremely carefully written, since it is the most sensitive point of the framework (handling requests). src/service.c should also work very fast, since the FCGI spawner launches at most one CGI process by default.

Clone this wiki locally