Browse Source

Merge pull request #276 from Logan007/updateReadme

updated README.md
pull/282/head
Luca Deri 4 years ago
committed by GitHub
parent
commit
6bdffb918a
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 19
      README.md

19
README.md

@ -77,6 +77,10 @@ make
make install make install
``` ```
Parts of the code – especially Speck cipher and the header encryption – speedwise benefit
from compiler optimizations and platform features such as NEON, SSE and AVX. To enable,
use `./configure CFLAGS="-O3 -march=native"` for configuration instead.
For Windows, check out [Windows.md](doc/Windows.md) for compilation and run instuctions. For Windows, check out [Windows.md](doc/Windows.md) for compilation and run instuctions.
For MacOS, check out [macOS.md](doc/macOS.md). For MacOS, check out [macOS.md](doc/macOS.md).
@ -102,18 +106,25 @@ Check out [IPv6.md](https://github.com/ntop/n2n/blob/dev/doc/IPv6.md) for more i
n2n edge nodes use twofish encryption by default for compatibility reasons with existing versions. n2n edge nodes use twofish encryption by default for compatibility reasons with existing versions.
**IMPORTANT** Encryption is only applied to the packet payload. Some metadata like the virtual MAC address Different encryption schemes are applied to the packet payload and to the header which
of the edge nodes, their IP address and the community are sent in cleartext. contains some metadata like the virtual MAC address of the edge nodes, their IP address and the community
name.
When encryption is enabled, the supernode will not be able to decrypt the traffic exchanged between When encryption is enabled, the supernode will not be able to decrypt the traffic exchanged between
two edge nodes, but it will know that edge A is talking with edge B. two edge nodes, but it will know that edge A is talking with edge B.
Recently AES encryption support has been implemented, which increases both security and performance, Recently AES encryption support has been implemented, which increases both security and performance,
so it is recommended to enable it on all the edge nodes that must have the -Ax value. When possible so it is recommended to enable it on all the edge nodes that must have the -Ax value. When possible
(i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use -A4 (i.e. when n2n is compiled with OpenSSL 1.1) we recommend to use `-A3`.
A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`. A benchmark of the encryption methods is available when compiled from source with `tools/n2n-benchmark`.
Use `-H` on the edges to enable header encryption. Note, that header encryption is a per-community
decision, i.e. _all_ edges of one community need to have it either enabled or disabled. The supernode
can handle encrypted and unencrypted headers. As the key for header encryption is derived from the
community names, it requires the supernode to be used with fixed communities `-c <path>`
parameter. Also, reuse of once-publically-used community names for header encryption is not recomended.
## Contribution ## Contribution
You can contribute to n2n in various ways: You can contribute to n2n in various ways:
@ -136,4 +147,4 @@ Here is a list of third-party projects connected to this repository.
--- ---
(C) 2007-2019 - ntop.org and contributors (C) 2007-2020 - ntop.org and contributors

Loading…
Cancel
Save