Reference
Glossary
Short, stable definitions of the vocabulary used throughout the lessons. Every lesson links here; feel free to use it as a lookup while you read.
- Bloom filter
- A compact probabilistic set membership structure peers exchange to advertise reachability.
- When a peer's filter says 'no', the destination is definitely not reachable through them (no false negatives). When it says 'yes', the destination probably is (small, tunable false-positive rate). Bloom filters bound routing state per peer regardless of mesh size.
- Appears in: Lesson 5
- Coordinate cache
- Per-node lookup table mapping node_addr to current tree coordinates.
- Every node keeps a bounded cache of coordinates for destinations it has forwarded toward. Entries are seeded by SessionSetup, refreshed by CP-flagged data packets and CoordsWarmup messages, and expire by TTL. Without a cache entry for the destination, find_next_hop() returns None before bloom filters are even consulted.
- Appears in: Lesson 5 , Lesson 7 , Lesson 8
- CP flag — Coordinates Piggyback
- An FSP header bit telling transit nodes the packet carries cleartext src and dst coordinates for caching.
- The first five data packets of a session, plus any packet sent after CoordsRequired or PathBroken, set the CP flag and include coordinates between the FSP header and the AEAD ciphertext. Transit nodes parse them without decrypting the payload. The same format is used by the standalone CoordsWarmup (0x14) message.
- Appears in: Lesson 8
- Eclipse attack
- Surrounding a target node with attacker-controlled peers so the target sees a lie.
- If every direct peer of a node is controlled by the same adversary, the adversary fully controls what that node learns about the mesh: which root it picks, which coordinates it caches, which destinations it can reach. The mitigation is diverse peering across independent operators and transports.
- Appears in: Lesson 11
- ECN / CE flag — Explicit Congestion Notification
- A flag bit transit nodes set when they see loss, high ETX, or kernel buffer drops ahead.
- CE is sticky: once set along a path, every downstream hop leaves it set. At the IPv6 adapter, CE-marked FSP packets get CE written into the Traffic Class ECN bits (only if the inner packet was ECT-capable), so guest TCP stacks cut their window without the mesh ever parsing TCP.
- Appears in: Lesson 10
- Error signals
- CoordsRequired, PathBroken, and MtuExceeded: explicit feedback from transit nodes to the source.
- When a transit node cannot forward a SessionDatagram, it builds a new SessionDatagram back to the source with one of three FSP payloads (U flag set, plaintext): CoordsRequired (0x20) if it has no cached coordinates for the destination, PathBroken (0x21) if its cached coordinates put it at a local minimum, MtuExceeded (0x22) if the packet is too large for the next-hop link. Rate-limited to one per destination per 100ms at the transit node.
- Appears in: Lesson 8
- ETX — Expected Transmission Count
- 1 / (forward_ratio × reverse_ratio). A clean link has ETX near 1.
- MMP derives ETX from bidirectional delivery ratios observed over the reporting interval. It is the loss half of link cost: a link with 20% loss in each direction has ETX near 1.56, meaning the mesh effectively has to transmit roughly 1.56 times per successful delivery.
- Appears in: Lesson 10
- FIPS — Free Internetworking Peering System
- A self-organizing, encrypted mesh protocol that runs over any datagram transport.
- FIPS replaces the traditional internet's stack of centralized services (ISPs, DNS, CAs) with a peer-to-peer mesh. Nodes authenticate using Nostr keypairs, route cooperatively via spanning-tree coordinates, and encrypt every packet in two independent Noise layers.
- Appears in: Lesson 1
- fips-gateway
- Sidecar binary that lets unmodified LAN hosts reach mesh destinations through NAT.
- The gateway runs next to the daemon. It forwards .fips DNS queries to the daemon's resolver, allocates a virtual IP from a configured pool (e.g. fd01::/112) for each destination, and installs per-mapping DNAT + SNAT + masquerade rules in an nftables table. LAN clients need only a route to the pool and DNS pointed at the gateway.
- Appears in: Lesson 12
- FMP — FIPS Mesh Protocol
- The hop-by-hop link layer: authentication, link encryption (Noise IK), and routing.
- FMP runs between directly connected peers. It carries the routing envelope (source/destination node_addrs, TTL, path MTU) in a form that transit nodes can read, and re-encrypts every packet for the next link under a fresh Noise IK session.
- Appears in: Lesson 3 , Lesson 5 , Lesson 6
- FSP — FIPS Session Protocol
- The end-to-end session layer: Noise XK encryption between the original sender and final recipient.
- FSP survives all intermediate link encryptions and re-encryptions intact. Transit routers can see the FMP routing envelope but cannot read the FSP payload. Noise XK hides the initiator's static key until the third handshake message.
- Appears in: Lesson 3 , Lesson 6 , Lesson 7
- Identity cache
- Per-node reverse lookup from fd00::/8 address to (node_addr, pubkey). Populated by DNS.
- The IPv6-to-pubkey derivation is one-way, so the adapter cannot recover routing identity from the destination address alone. DNS for npub1...fips names primes the cache as a side effect of resolution. The cache is LRU-only (default 10K entries) with no TTL: the mapping is deterministic and never becomes stale.
- Appears in: Lesson 12
- IPv6 ULA (fd00::/8)
- Unique Local Address range used for FIPS IPv6 addresses so legacy apps can address mesh peers.
- FIPS derives a per-node IPv6 address by prepending 0xfd to the first 15 bytes of the node_addr. The result sits in fd00::/8, which never collides with public IPv6 routing, and lets unmodified IPv6 software speak into the mesh via a TUN adapter.
- Appears in: Lesson 2 , Lesson 7 , Lesson 12
- link_cost
- ETX × (1 + SRTT_ms / 100). The scalar the spanning tree minimizes.
- Every peer link has a link_cost that combines loss (via ETX) and latency (via SRTT). A node's effective_depth through a candidate parent is peer.depth + link_cost. Parent switches require the new candidate to beat the current parent by at least parent_hysteresis (default 20%).
- Appears in: Lesson 10
- MMP — FIPS Metrics / Measurement Protocol
- Background measurement of link quality and path cost.
- MMP runs per peer link in three modes (full, lightweight, minimal). It tracks SRTT, loss, jitter, goodput, OWD trend, and ETX, emits periodic SenderReports and ReceiverReports, and exposes a single link_cost that the spanning tree uses for parent selection.
- Appears in: Lesson 5 , Lesson 7 , Lesson 10
- node_addr
- 128-bit routing identifier derived from SHA-256 of the x-only public key, truncated to 16 bytes.
- node_addr is what transit routers see in the routing envelope. It is a one-way hash of the node's public key — routers cannot recover the npub from it. It is also the input to the node's IPv6 ULA address.
- Appears in: Lesson 2 , Lesson 5
- Noise IK
- The Noise pattern used for FMP link handshakes: single round-trip mutual authentication.
- IK means the Initiator already Knows the responder's static key from configuration. The initiator transmits their static key in message one, encrypted under a shared key derived from ephemeral keys. Fast, which matters for link setup.
- Appears in: Lesson 6
- Noise XK
- The Noise pattern used for FSP session handshakes: initiator identity is hidden until the third message.
- XK delays transmitting the initiator's static key until message three, where it is encrypted under the full shared secret. Transit routers cannot correlate the initiator's identity from an observed handshake, which matters because session traffic traverses untrusted intermediate nodes.
- Appears in: Lesson 6
- npub — Nostr public key, bech32-encoded
- The application-layer identity users share with each other.
- An npub is the bech32 encoding of an x-only secp256k1 public key (the same format Nostr uses). Two people with each other's npubs can open an FSP session directly; transit nodes never learn the endpoints' npubs.
- Appears in: Lesson 2 , Lesson 6
- Path MTU
- Largest SessionDatagram size the current path can carry without fragmentation.
- SessionDatagram and LookupResponse both carry a path_mtu field that tracks the minimum link MTU seen along the forward path. The mesh layer never fragments. If a packet still exceeds the next-hop MTU at some transit node, that node emits MtuExceeded and FSP clamps its estimate accordingly.
- Appears in: Lesson 8
- Spanning tree
- The shared rooted tree the mesh builds over its physical links, used to assign coordinates.
- Each node independently picks the smallest node_addr it has heard as the root, and the cheapest neighbor toward that root as its parent. No election protocol runs — the rules converge on the globally-smallest root as gossip propagates.
- Appears in: Lesson 5 , Lesson 7
- Spin bit
- A single-bit field in the FMP header used for RTT estimation by transit observers.
- The TX side reflects the spin bit back per the QUIC state machine so an on-path observer can derive RTT without decryption. FIPS implements the reflection, but its own RTT samples come only from MMP timestamp-echo: inter-frame processing delays make the spin-bit RTT too noisy to use directly.
- Appears in: Lesson 10
- Sybil attack
- One operator spinning up many fake identities to overwhelm a peer-to-peer protocol.
- FIPS resists Sybil attacks two ways: per-peer handshake rate limits cap how quickly a single attacker can bring new identities online, and discretionary peering means operators in curated deployments hand-pick who they accept as a direct neighbor. Automatic peer discovery falls back to rate limits alone.
- Appears in: Lesson 11
- Traffic analysis
- Correlating packet timing and volume at multiple vantage points to infer who is talking to whom.
- FIPS encrypts content at two layers but does not pad, mix, or cover traffic. A global passive observer who sees several transports at once can still correlate flows and infer communicating pairs. This is a documented non-goal: FIPS is not an anonymity network.
- Appears in: Lesson 11
- Transport
- Any medium that can move datagrams: WiFi, Ethernet, UDP overlay, Tor, serial link.
- FIPS treats transports as pluggable drivers. A node can run multiple transports at once, bridging peers on different media into the same mesh. The protocol above is unchanged: only the framing and peer discovery differ per transport.
- Appears in: Lesson 4 , Lesson 7
- Tree coordinate
- A node's path from itself to the root of the spanning tree, used as its routable address in the mesh.
- Each node's coordinate is an ordered list of node_addrs: [self, parent, grandparent, …, root]. Greedy routing forwards a packet to the peer whose coordinate has the smallest tree distance (longest common suffix) to the destination's coordinate.
- Appears in: Lesson 5 , Lesson 7
- TUN device (fips0)
- The kernel virtual interface the IPv6 adapter attaches to.
- fips0 is a TUN device the adapter creates on startup. The kernel routes every fd00::/8 packet through it. The adapter's reader thread picks up outbound IPv6 packets; its writer thread hands inbound mesh traffic back to the kernel as complete IPv6 datagrams. TUN creation needs CAP_NET_ADMIN.
- Appears in: Lesson 12