I2P 隐形网项目 (I2P)

I2P是一个匿名网络,它只暴露一个简单的层,提供给应用程序之间进行匿名和安全的通讯。 这个网络本身是严格基于消息的(通过IP方式),但也存在一个库可用于在其之上传输可靠的信息流(通过TCP方式)。 所有的通讯都是端到端加密的(发送一条消息总共会进行四层加密),甚至是终结点(目标)也是加密的标识(本质上是一对公钥)。


匿名的发送消息时,每个客户端程序都会用到他们自己的I2P“路由器”,这个路由器是由一些列出站和入站的“隧道”组成的,而每一条隧道则是在一个方向(分为出站方向和入站方向)上传递信息的节点队列。 当一个客户端想要发送信息给另一个客户端时,发送端会通过他的一条出站隧道将信息发出,发向接收端的一条入站隧道,并最终到达消息的终点。 网络中的参与者可以根据他们的需要,通过设置他们隧道的长度——并且他们正在这样做——在匿名性、延时、和带宽之间取得平衡。其结果就是,大量的节点中继了每一条端到端的消息,这样的模型将消息发送者和消息接受者的暴露风险降到了最小。

当一个客户端第一次试图与另一个客户端取得联系时,它将会去查询一个完全分布式的“网络数据库”——一个自定义结构的、基于Kademlia算法分布式哈希表(DHT)。 这样做是为了有效地找到其他客户端的入站隧道,但它们之间的后续消息中通常包含有那些数据,因此就没必要进行进一步的网络数据库查找了。



Within the I2P network, applications are not restricted in how they can communicate - those that typically use UDP can make use of the base I2P functionality, and those that typically use TCP can use the TCP-like streaming library. We have a generic TCP/I2P bridge application ("I2PTunnel") that enables people to forward TCP streams into the I2P network as well as to receive streams out of the network and forward them towards a specific TCP/IP address.

I2PTunnel is currently used to let people run their own anonymous website ("eepsite") by running a normal webserver and pointing an I2PTunnel 'server' at it, which people can access anonymously over I2P with a normal web browser by running an I2PTunnel HTTP proxy ("eepproxy"). In addition, we use the same technique to run an anonymous IRC network (where the IRC server is hosted anonymously, and standard IRC clients use an I2PTunnel to contact it). There are other application development efforts going on as well, such as one to build an optimized swarming file transfer application (a la BitTorrent), a distributed data store (a la Freenet / MNet), and a blogging system (a fully distributed LiveJournal), but those are not ready for use yet.

I2P is not inherently an "outproxy" network - the client you send a message to is the cryptographic identifier, not some IP address, so the message must be addressed to someone running I2P. However, it is possible for that client to be an outproxy, allowing you to anonymously make use of their Internet connection. To demonstrate this, the "eepproxy" will accept normal non-I2P URLs (e.g. "http://www.i2p.net") and forward them to a specific destination that runs a squid HTTP proxy, allowing simple anonymous browsing of the normal web. Simple outproxies like that are not viable in the long run for several reasons (including the cost of running one as well as the anonymity and security issues they introduce), but in certain circumstances the technique could be appropriate.

The I2P development team is an open group, welcome to all who are interested in getting involved, and all of the code is open source. The core I2P SDK and the current router implementation is done in Java (currently working with both sun and kaffe, gcj support planned for later), and there is a simple socket based API for accessing the network from other languages (with a C library available, and both Python and Perl in development). The network is actively being developed and has not yet reached the 1.0 release, but the current roadmap describes our schedule.