diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..df52bad --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,5 @@ +n2n for Debian + +Packaging for n2n in Debian. + + -- Tianyu Chen Tue, 15 Nov 2022 04:12:12 +0800 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..5099e70 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,91 @@ +n2n (3.1.1-0.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * New upstream version 3.1.1. (Closes: #914321) + + -- Tianyu Chen Tue, 15 Nov 2022 08:51:52 +0800 + +n2n (1.3.1~svn3789-7) unstable; urgency=medium + + [ Rolf Leggewie ] + * control: + - add run-time depency on net-tools. Closes: #876386 + - use publicly accessible Vcs-Git URI + * README: talk a bit about security implications of an abandoned upstream + + [ Chris Lamb ] + * patches: Make the build reproducible. Closes: #833819 + + -- Rolf Leggewie Tue, 17 Apr 2018 15:52:27 +0800 + +n2n (1.3.1~svn3789-6) unstable; urgency=medium + + * control: + - bump to Debian Standard 4.1.4 + - add run-time dependency on lsb-base + - update git URIs + - change priority from extra to optional + - drop inactive co-maintainer + Thank you for your work. Welcome back anytime! + * copyright: update to 2018 + * default: change default supernode to bytemark.leggewie.org + * init: merge two N2N_SUPERNODE* variables into one + * README: + - improve some botched wording + - add information about two new public supernodes + + -- Rolf Leggewie Sun, 15 Apr 2018 15:03:20 +0800 + +n2n (1.3.1~svn3789-5) unstable; urgency=medium + + * ship init script for controlling the n2n VPN. Closes: #742098 + * make the README more userfriendly and relevant to ordinary users + * control: bump to Standard 3.9.6. No further changes. + + -- Rolf Leggewie Sun, 26 Oct 2014 13:27:55 +0900 + +n2n (1.3.1~svn3789-4) unstable; urgency=low + + * move the updated package from experimental to unstable now + * copyright: Update copyright information. + * control: Update to policy 3.9.4. No further changes. + + -- Rolf Leggewie Wed, 29 May 2013 17:55:10 +0800 + +n2n (1.3.1~svn3789-3) experimental; urgency=low + + * update build process from dh7 to dh9 + * backport upstream-svn4235.patch to fix compile error + * patch Makefile to import $LDFLAGS and $CPPFLAGS into $CFLAGS + + -- Rolf Leggewie Fri, 28 Dec 2012 03:09:08 +0100 + +n2n (1.3.1~svn3789-2) experimental; urgency=low + + * debian/control: + - add myself to Uploaders + - add ${misc:Depends} to run-time dependencies + - add Homepage and VCS fields + - bump standards version to 3.9.3 (no further changes) + * debian/rules: radically simplify and rely on dh7 build intelligence + * debian/source/format: use DebSrc3 format + * debian/README.Debian: add information about public supernode + + -- Rolf Leggewie Fri, 14 Dec 2012 13:01:40 +0100 + +n2n (1.3.1~svn3789-1) unstable; urgency=low + + * Update package to version 1.3 from upstream cvs + * Removed "libc6-dev (>= 2.0)" build dependency (closes: Bug#533881) + * DH compatibility level is 7 + * Run dh_prep instead of dh_clean -k + * Standards Version is 3.8.2 + + -- cristian paul peƱaranda rojas Sun, 22 Jun 2009 21:19:58 -0500 + +n2n (1.2.2~svn3653) unstable; urgency=low + + * Initial release (closes: Bug#507750) + + -- cristian paul peƱaranda rojas Sat, 29 Nov 2008 00:31:58 -0500 + diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..9f217f5 --- /dev/null +++ b/debian/control @@ -0,0 +1,19 @@ +Source: n2n +Section: net +Priority: optional +Maintainer: Rolf Leggewie +Build-Depends: cmake, debhelper-compat (= 13) +Standards-Version: 4.5.1 +Homepage: http://www.ntop.org/products/n2n/ +Vcs-Browser: https://github.com/leggewie-DM/n2n +Vcs-Git: https://github.com/leggewie-DM/n2n.git + +Package: n2n +Architecture: any +Multi-Arch: foreign +Depends: ${misc:Depends}, ${shlibs:Depends}, + lsb-base (>= 3.0-6), net-tools +Description: Peer-to-Peer VPN network daemon + n2n is an open source VPN application which utilizes + a Peer-to-peer architecture for network membership + and routing. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..d7dc3c2 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,86 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: n2n +Upstream-Contact: Luca Deri +Source: +# +# Please double check copyright with the licensecheck(1) command. + +Files: * +Copyright: 2007-2022 Luca Deri + 2007-2022 ntop.org and contributors +License: GPL-3.0+ + +Files: legacy/gen_keyfile.py + doc/Hacking.md +Copyright: 2007-2022 Luca Deri + 2007-2022 ntop.org and contributors + 2009 Richard Andrews +License: GPL-3.0+ + +Files: include/tf.h + src/tf.c +Copyright: 2007-2022 ntop.org and contributors + 2015 Andrew T. Csillag +License: Expat + +Files: include/lzoconf.h + include/minilzo.h + include/lzodefs.h + src/minilzo.c +Copyright: 1996-2017 Markus Franz Xaver Johannes Oberhumer + 2007-2022 ntop.org and contributors +License: GPL-3.0+ + +Files: include/uthash.h +Copyright: 2003-2018 Troy D. Hanson http://troydhanson.github.com/uthash/ + 2007-2022 ntop.org and contributors +License: GPL-3.0+ + +Files: win32/getopt.c + win32/getopt.h +Copyright: 1992-2015 Free Software Foundation, Inc. + 2007-2022 ntop.org and contributors +License: GPL-3.0+ + +Files: config.guess + packages/debian/configure + packages/rpm/configure +Copyright: 1992-2015 Free Software Foundation, Inc. +License: __AUTO_PERMISSIVE__ + Autogenerated files with permissive licenses. + +License: GPL-3.0+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. diff --git a/debian/patches/0001-fix-version.patch b/debian/patches/0001-fix-version.patch new file mode 100644 index 0000000..2398e11 --- /dev/null +++ b/debian/patches/0001-fix-version.patch @@ -0,0 +1,46 @@ +From: Tianyu Chen +Date: Tue, 15 Nov 2022 08:00:11 +0800 +Subject: fix-version + +--- + scripts/version.sh | 27 +++------------------------ + 1 file changed, 3 insertions(+), 24 deletions(-) + +diff --git a/scripts/version.sh b/scripts/version.sh +index e551500..07f76f0 100755 +--- a/scripts/version.sh ++++ b/scripts/version.sh +@@ -16,30 +16,9 @@ TOPDIR=$(dirname "$0")/.. + + VER_FILE_SHORT=$(cat "${TOPDIR}/VERSION") + +-if [ -d "$TOPDIR/.git" ]; then +- # If there is a .git directory in our TOPDIR, then this is assumed to be +- # real git checkout +- +- cd "$TOPDIR" || exit 1 +- +- VER_GIT_SHORT=$(git describe --abbrev=0) +- +- if [ "$VER_FILE_SHORT" != "$VER_GIT_SHORT" ]; then +- echo "Error: VERSION file does not match tag version ($VER_FILE_SHORT != $VER_GIT_SHORT)" +- exit 1 +- fi +- +- VER_SHORT="$VER_GIT_SHORT" +- VER_HASH=$(git rev-parse --short HEAD) +- VER=$(git describe --abbrev=7 --dirty) +-else +- # If there is no .git directory in our TOPDIR, we fall back on relying on +- # the VERSION file +- +- VER_SHORT="$VER_FILE_SHORT" +- VER_HASH="HEAD" +- VER="$VER_FILE_SHORT" +-fi ++VER_SHORT="$VER_FILE_SHORT" ++VER_HASH="HEAD" ++VER="$VER_FILE_SHORT" + + case "$1" in + hash) diff --git a/debian/patches/move-man-pages.patch b/debian/patches/move-man-pages.patch new file mode 100644 index 0000000..e158a2a --- /dev/null +++ b/debian/patches/move-man-pages.patch @@ -0,0 +1,601 @@ +Move n2n.7, supernode.1 to n2n.8 and supernode.8 +--- a/edge.8 ++++ b/edge.8 +@@ -283,7 +283,7 @@ + Don Bindner + (--) - significant contributions to n2n-1 + .SH SEE ALSO +-ifconfig(8) supernode(1) tunctl(8) n2n(7) ++ifconfig(8) supernode(8) tunctl(8) n2n(8) + .br + the documentation contained in the source code + .br +--- a/n2n.7 ++++ /dev/null +@@ -1,132 +0,0 @@ +-.TH "n2n_v3" 7 "Sep 27, 2021" "version 3" "Background" +-.SH NAME +-n2n version 3 \- version 3 of the n2n decentralised peer-to-peer network overlay +-VPN. +-.SH DESCRIPTION +-n2n is a peer-to-peer network overlay or VPN system that provides layer 2 over +-layer 3 encapsulation with data transform capabilities such as encryption and +-compression. This guide also discusses the differences of version 3 of n2n from +-version 2. +-.SH PROTOCOLS +-n2n-3 basically uses the same set of messages to communicate with edges and +-supernodes. However, due to slight packet format changes, the n2n-3 messages +-are not compatible with n2n-2. There is no backward compatibility for n2n-2. +-.SH ENCRYPTION +-n2n-3 offers four different ciphers for payload encryption as well as optional +-header encryption. Earlier versions of n2n-2 provided a mechanism using a key +-schedule which has been removed in n2n-3. A basic user authentication scheme +-relying on asymmetric cryptography has been added to n2n-3. +- +-n2n-3 provides the following ciphers to chose from for payload encryption; more +-can be added as required: +-.TP +-.B (1) NULL +-Data is encapsulated unchanged. Useful for testing and high-performance, low +-sensitivity applications. +-.TP +-.B (2) TF-CTS +-Twofish AES candidate in CTS mode. +-.TP +-.B (3) AES-CTS +-AES in CTS mode with up to 256-bit key. +-.TP +-.B (4) CHACHA20 +-ChaCha20, a well known stream cipher developped by Daniel J. Bernstein. +-.TP +-.B (5) SPECK-CTR +-A fast block cipher developped by the NSA used as stream cipher in CTR mode. +-.TP +-Full Header Encyption +-The optional full header encryption also encrypts packets' header which include +-some administrative data. In addition, it adds replay protection. +-.TP +-User Password Authentication +-n2n-3 implements an optional user-password authentication scheme. A key +-generator assists in generating user's public keys to be stored at the +-supernode side. +-.SH COPMPRESSION +-LZO for payload compression is an always available option at n2n-3. If compiled with +-zstdlib support, ZSTD is at optional service as well. +-.SH EXTENSIBILITY +-n2n-3 decouples the data transform system from the core of the edge +-operation. This allows for easier addition of new data transform +-operations. n2n-3 reserves some standard transform identifiers (such as TwoFish +-encryption) but allocates transform identifiers for user-defined +-transforms. This allows anyone to add to n2n new private transforms without +-breaking compatibility with the standard offering. +-.SH FEDERATED SUPERNODES +-n2n-3 incorporates the capability of multiple supernodes to be federated. +-Federation acts transparently and balances the workload evenly among the +-federated supernodes. Supernodes keep track of edges connected to different +-supernodes and forward packets as required. This feature naturally supports +-fail-over and this increases redundancy and resilience. +-.P +-Information on additional supernodes is propagated to all edges. In addition, +-the n2n-3 edge implementation allows multiple supernodes to be specified on the +-command line. Edges monitor the current supernode for responses to +-REGISTER_SUPER as well as PING messages. After three responses from current +-supernode are missed or when a better supernode in terms of significant lower workload +-is found, the edge tries to connect to another supernode. It cycles through the list +-f supernodes which over and over again is sorted according to reported workload. +- +-.SH MANAGEMENT CONSOLE +-Edge and supernode in n2n-3 provide a UDP-based management console. Both listen +-on the localhost address 127.0.0.1. Commands can be sent to the programs by +-sending to the UDP socket. Responses are returned to the socket from which +-commands were issued. This only works from the computer on which the programs +-are running. Statistics can be retrieved and commands issued. The netcat utility +-is all that is required; but more sophisticated tools could be built on the +-interface. +- +-.SH SUPERNODE AUTHENTICATION +-The supernode federation name serves as private key shared between the supernodes only. +-The corresponding public key can be provided to the edges. +- +-.SH MESSAGE SUMMARY +-The following message types work within n2n-3. +-.TP +-REGISTER_SUPER +-Sent from an edge to its local supernode to register its MAC with the community. +-Also, federated supernodes use this packet format to register to each other. +-.TP +-REGISTER_SUPER_ACK +-Sent from a supernode to an edge to confirm registration. This also carries the +-definition of the edge socket as seen at the supernode so NAT can be detected +-and described. Furthermore, it carries information about additional federated +-supernodes. +-.TP +-REGISTER_SUPER_NAK +-Supernode refusing to register an edge. +-.TP +-PACKET +-Encapsulated ethernet packets sent between edges. Supernodes forward or +-broadcast these and edges send them direct in peer-to-peer mode. +-.TP +-REGISTER +-A peer-to-peer mode registration request from one edge to another. Supernodes +-forward these to facilitate NAT crossing introductions. +-.TP +-REGISTER_ACK +-Complete peer-to-peer mode setup between two edges. These messages need to +-travel direct between edges. +-.TP +-QUERY_PEER +-Queries a supernode about another edge, especially its public socket in case of +-no peer-to-peer communication can be established. Additionally, it serves as PING +-to query supernodes about themselves. +-.TP +-PEER_INFO +-Answers the QUERY_PEER; it also covers the special case of the PING query, internally +-called PONG. +-.SH AUTHORS +-.TP +-Richard Andrews andrews (at) ntop.org - main author of n2n-2 +-.TP +-Luca Deri +-deri (at) ntop.org - code inherited from n2n-1 +-.SH SEE ALSO +-ifconfig(8) edge(8) supernode(1) +-.br +-the documentation contained in the source code +-.br +-the extensive documentation found in n2n's \fBdoc/\fR folder +--- /dev/null ++++ b/n2n.8 +@@ -0,0 +1,132 @@ ++.TH "n2n_v3" 8 "Sep 27, 2021" "version 3" "Background" ++.SH NAME ++n2n version 3 \- version 3 of the n2n decentralised peer-to-peer network overlay ++VPN. ++.SH DESCRIPTION ++n2n is a peer-to-peer network overlay or VPN system that provides layer 2 over ++layer 3 encapsulation with data transform capabilities such as encryption and ++compression. This guide also discusses the differences of version 3 of n2n from ++version 2. ++.SH PROTOCOLS ++n2n-3 basically uses the same set of messages to communicate with edges and ++supernodes. However, due to slight packet format changes, the n2n-3 messages ++are not compatible with n2n-2. There is no backward compatibility for n2n-2. ++.SH ENCRYPTION ++n2n-3 offers four different ciphers for payload encryption as well as optional ++header encryption. Earlier versions of n2n-2 provided a mechanism using a key ++schedule which has been removed in n2n-3. A basic user authentication scheme ++relying on asymmetric cryptography has been added to n2n-3. ++ ++n2n-3 provides the following ciphers to chose from for payload encryption; more ++can be added as required: ++.TP ++.B (1) NULL ++Data is encapsulated unchanged. Useful for testing and high-performance, low ++sensitivity applications. ++.TP ++.B (2) TF-CTS ++Twofish AES candidate in CTS mode. ++.TP ++.B (3) AES-CTS ++AES in CTS mode with up to 256-bit key. ++.TP ++.B (4) CHACHA20 ++ChaCha20, a well known stream cipher developped by Daniel J. Bernstein. ++.TP ++.B (5) SPECK-CTR ++A fast block cipher developped by the NSA used as stream cipher in CTR mode. ++.TP ++Full Header Encyption ++The optional full header encryption also encrypts packets' header which include ++some administrative data. In addition, it adds replay protection. ++.TP ++User Password Authentication ++n2n-3 implements an optional user-password authentication scheme. A key ++generator assists in generating user's public keys to be stored at the ++supernode side. ++.SH COPMPRESSION ++LZO for payload compression is an always available option at n2n-3. If compiled with ++zstdlib support, ZSTD is at optional service as well. ++.SH EXTENSIBILITY ++n2n-3 decouples the data transform system from the core of the edge ++operation. This allows for easier addition of new data transform ++operations. n2n-3 reserves some standard transform identifiers (such as TwoFish ++encryption) but allocates transform identifiers for user-defined ++transforms. This allows anyone to add to n2n new private transforms without ++breaking compatibility with the standard offering. ++.SH FEDERATED SUPERNODES ++n2n-3 incorporates the capability of multiple supernodes to be federated. ++Federation acts transparently and balances the workload evenly among the ++federated supernodes. Supernodes keep track of edges connected to different ++supernodes and forward packets as required. This feature naturally supports ++fail-over and this increases redundancy and resilience. ++.P ++Information on additional supernodes is propagated to all edges. In addition, ++the n2n-3 edge implementation allows multiple supernodes to be specified on the ++command line. Edges monitor the current supernode for responses to ++REGISTER_SUPER as well as PING messages. After three responses from current ++supernode are missed or when a better supernode in terms of significant lower workload ++is found, the edge tries to connect to another supernode. It cycles through the list ++f supernodes which over and over again is sorted according to reported workload. ++ ++.SH MANAGEMENT CONSOLE ++Edge and supernode in n2n-3 provide a UDP-based management console. Both listen ++on the localhost address 127.0.0.1. Commands can be sent to the programs by ++sending to the UDP socket. Responses are returned to the socket from which ++commands were issued. This only works from the computer on which the programs ++are running. Statistics can be retrieved and commands issued. The netcat utility ++is all that is required; but more sophisticated tools could be built on the ++interface. ++ ++.SH SUPERNODE AUTHENTICATION ++The supernode federation name serves as private key shared between the supernodes only. ++The corresponding public key can be provided to the edges. ++ ++.SH MESSAGE SUMMARY ++The following message types work within n2n-3. ++.TP ++REGISTER_SUPER ++Sent from an edge to its local supernode to register its MAC with the community. ++Also, federated supernodes use this packet format to register to each other. ++.TP ++REGISTER_SUPER_ACK ++Sent from a supernode to an edge to confirm registration. This also carries the ++definition of the edge socket as seen at the supernode so NAT can be detected ++and described. Furthermore, it carries information about additional federated ++supernodes. ++.TP ++REGISTER_SUPER_NAK ++Supernode refusing to register an edge. ++.TP ++PACKET ++Encapsulated ethernet packets sent between edges. Supernodes forward or ++broadcast these and edges send them direct in peer-to-peer mode. ++.TP ++REGISTER ++A peer-to-peer mode registration request from one edge to another. Supernodes ++forward these to facilitate NAT crossing introductions. ++.TP ++REGISTER_ACK ++Complete peer-to-peer mode setup between two edges. These messages need to ++travel direct between edges. ++.TP ++QUERY_PEER ++Queries a supernode about another edge, especially its public socket in case of ++no peer-to-peer communication can be established. Additionally, it serves as PING ++to query supernodes about themselves. ++.TP ++PEER_INFO ++Answers the QUERY_PEER; it also covers the special case of the PING query, internally ++called PONG. ++.SH AUTHORS ++.TP ++Richard Andrews andrews (at) ntop.org - main author of n2n-2 ++.TP ++Luca Deri ++deri (at) ntop.org - code inherited from n2n-1 ++.SH SEE ALSO ++ifconfig(8) edge(8) supernode(8) ++.br ++the documentation contained in the source code ++.br ++the extensive documentation found in n2n's \fBdoc/\fR folder +--- a/supernode.1 ++++ /dev/null +@@ -1,133 +0,0 @@ +-.TH supernode 1 "Jul 16, 2021" "version 3" "USER COMMANDS" +-.SH NAME +-supernode \- n2n supernode daemon +-.SH SYNOPSIS +-.B supernode +- +-.br +-.B supernode +-[OPTION]... +-.SH DESCRIPTION +-N2N is a peer-to-peer VPN system. Supernode is a node introduction registry, +-broadcast conduit and packet relay node for the n2n system. On startup supernode +-begins listening on the specified UDP port for node registrations, and other +-packets to route. The supernode can service any number of communities and routes +-packets only between members of the same community. The supernode does not hold +-the community encryption key and so cannot snoop or inject packets into the +-community. +-.PP +-Supernode can service a number of n2n communities concurrently. Traffic does not +-cross between communities. +-.PP +-All logging goes to stdout. +-.PP +-The config file is similar to the command line, with one option per line. +-Lines starting with a "#" are ignored. +-An equal sign ('=') should be used between key and value. Example: -p=7777 +-.SH OPTIONS FOR THE UNDERLYING NETWORK CONNECTION +-.TP +-\fB\-p \fR<\fIlocal_port\fR>, \fB\-\-local-port\fR=<\fIlocal_port\fR> +-listen on this fixed local UDP port, defaults to 7654 +-.TP +-\fB\-F \fR<\fIfed_name\fR> +-name of the supernode's federation, defaults to '*Federation' (see also N2N_FEDERATION in ENVIRONMENT) +-.TP +-\fB\-l \fR<\fIhost:port\fR> +-ip address or name, and port of known supernode +-.TP +-\fB\-m \fR<\fImac_address\fR> +-fixed MAC address for the supernode, e.g. +- '-m 10:20:30:40:50:60', random otherwise +-.TP +-\fB\-M\fR +-disable MAC and IP address spoofing protection for all +-non-username-password-authenticating communities +-.TP +-\fB\-V \fR<\fIversion_string\fR> +-modify the supernode version string which is distributed to the +-edges and shown at their management port output, up to 19 characters +-.TP +-.SH TAP DEVICE AND OVERLAY NETWORK CONFIGURATION +-.TP +-\fB\-c \fR<\fIpath\fR>, \fB\-\-communities\fR=<\fIpath\fR> +-file containing the allowed communities and any User / Password based authentication +-details (See ALLOWED COMMUNITIES FILE section) +-.TP +-\fB\-a \fR<\fInet-net/n\fR>, \fB\-\-autoip\fR= +-subnet range for auto ip address service, +-.br +-e.g. '-a 192.168.0.0-192.168.255.0/24', +-.br +-defaults to '10.128.255.0-10.255.255.0/24' +-.SH LOCAL OPTIONS +-.TP +-\fB\-f\fR, \fB\-\-foreground\fR +-disable daemon mode (UNIX) and run in foreground. +-.TP +-\fB\-t \fR<\fIport\fR>, \fB\-\-mgmt-port\fR=<\fIport\fR> +-management UDP port, for multiple supernodes on a machine, defaults to 5645 +-.TP +-\fB\-\-management-password \fR<\fIpassword\fR> +-sets the password for access to JSON API at the management port, defaults to 'n2n'. The password +-has to be provided for relevant access to JSON API at the management port. +-.TP +-\fB\-v\fR, \fB\-\-verbose\fR +-use verbose logging +-.TP +-\fB\-u \fR<\fIUID\fR> +-numeric user ID to use when privileges are dropped +-.TP +-\fB\-g \fR<\fIGID\fR> +-numeric group ID to use when privileges are dropped +-.TP +-\fB-h\fR +-shows a quick reference including all available options +-.TP +-\fB\-\-help\fR +-shows detailed parameter description +- +-.SH ALLOWED COMMUNITIES FILE +-This file is a plain text file. +-Comments are introduced with a hash at the beginning of the line. +-A line that begins with an asterisk is a user authentication definition and adds an allowed user to the most recently defined community. +-Allowed communities can be specified with a regular expression. +-.PP +-Example community file: +-.PP +-.nf +-.RS +-# List of allowed communities +-mynetwork +-netleo +-* logan nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG +-* sister HwHpPrdMft+38tFDDiunUds6927t0+zhCMMkQdJafcC +-.RE +-.fi +-.PP +-More details on creating the allowed communities file are found in the Communities.md and Authentication.md documentation included with this package. +-.SH ENVIRONMENT +-.TP +-.B N2N_FEDERATION +-set the federation name so it is not visible at the command line +-.SH EXAMPLES +-.TP +-.B supernode -p 7654 -v +-Start supernode listening on UDP port 7654 with verbose output. +-.TP +-.B echo | nc -w1 -u 127.0.0.1 5645 +-Shows the management status of a running supernode. +-.PP +-.SH RESTART +-When supernode restarts it loses all registration information from associated +-edge nodes. It can take up to five minutes for the edge nodes to re-register and +-normal traffic flow to resume. +-.SH EXIT STATUS +-supernode is a daemon and any exit is an error +-.SH AUTHOR +-Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner +-.SH SEE ALSO +-ifconfig(8) edge(8) +-.br +-the documentation contained in the source code +-.br +-the extensive documentation found in n2n's \fBdoc/\fR folder +--- /dev/null ++++ b/supernode.8 +@@ -0,0 +1,133 @@ ++.TH supernode 8 "Jul 16, 2021" "version 3" "USER COMMANDS" ++.SH NAME ++supernode \- n2n supernode daemon ++.SH SYNOPSIS ++.B supernode ++ ++.br ++.B supernode ++[OPTION]... ++.SH DESCRIPTION ++N2N is a peer-to-peer VPN system. Supernode is a node introduction registry, ++broadcast conduit and packet relay node for the n2n system. On startup supernode ++begins listening on the specified UDP port for node registrations, and other ++packets to route. The supernode can service any number of communities and routes ++packets only between members of the same community. The supernode does not hold ++the community encryption key and so cannot snoop or inject packets into the ++community. ++.PP ++Supernode can service a number of n2n communities concurrently. Traffic does not ++cross between communities. ++.PP ++All logging goes to stdout. ++.PP ++The config file is similar to the command line, with one option per line. ++Lines starting with a "#" are ignored. ++An equal sign ('=') should be used between key and value. Example: -p=7777 ++.SH OPTIONS FOR THE UNDERLYING NETWORK CONNECTION ++.TP ++\fB\-p \fR<\fIlocal_port\fR>, \fB\-\-local-port\fR=<\fIlocal_port\fR> ++listen on this fixed local UDP port, defaults to 7654 ++.TP ++\fB\-F \fR<\fIfed_name\fR> ++name of the supernode's federation, defaults to '*Federation' (see also N2N_FEDERATION in ENVIRONMENT) ++.TP ++\fB\-l \fR<\fIhost:port\fR> ++ip address or name, and port of known supernode ++.TP ++\fB\-m \fR<\fImac_address\fR> ++fixed MAC address for the supernode, e.g. ++ '-m 10:20:30:40:50:60', random otherwise ++.TP ++\fB\-M\fR ++disable MAC and IP address spoofing protection for all ++non-username-password-authenticating communities ++.TP ++\fB\-V \fR<\fIversion_string\fR> ++modify the supernode version string which is distributed to the ++edges and shown at their management port output, up to 19 characters ++.TP ++.SH TAP DEVICE AND OVERLAY NETWORK CONFIGURATION ++.TP ++\fB\-c \fR<\fIpath\fR>, \fB\-\-communities\fR=<\fIpath\fR> ++file containing the allowed communities and any User / Password based authentication ++details (See ALLOWED COMMUNITIES FILE section) ++.TP ++\fB\-a \fR<\fInet-net/n\fR>, \fB\-\-autoip\fR= ++subnet range for auto ip address service, ++.br ++e.g. '-a 192.168.0.0-192.168.255.0/24', ++.br ++defaults to '10.128.255.0-10.255.255.0/24' ++.SH LOCAL OPTIONS ++.TP ++\fB\-f\fR, \fB\-\-foreground\fR ++disable daemon mode (UNIX) and run in foreground. ++.TP ++\fB\-t \fR<\fIport\fR>, \fB\-\-mgmt-port\fR=<\fIport\fR> ++management UDP port, for multiple supernodes on a machine, defaults to 5645 ++.TP ++\fB\-\-management-password \fR<\fIpassword\fR> ++sets the password for access to JSON API at the management port, defaults to 'n2n'. The password ++has to be provided for relevant access to JSON API at the management port. ++.TP ++\fB\-v\fR, \fB\-\-verbose\fR ++use verbose logging ++.TP ++\fB\-u \fR<\fIUID\fR> ++numeric user ID to use when privileges are dropped ++.TP ++\fB\-g \fR<\fIGID\fR> ++numeric group ID to use when privileges are dropped ++.TP ++\fB-h\fR ++shows a quick reference including all available options ++.TP ++\fB\-\-help\fR ++shows detailed parameter description ++ ++.SH ALLOWED COMMUNITIES FILE ++This file is a plain text file. ++Comments are introduced with a hash at the beginning of the line. ++A line that begins with an asterisk is a user authentication definition and adds an allowed user to the most recently defined community. ++Allowed communities can be specified with a regular expression. ++.PP ++Example community file: ++.PP ++.nf ++.RS ++# List of allowed communities ++mynetwork ++netleo ++* logan nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG ++* sister HwHpPrdMft+38tFDDiunUds6927t0+zhCMMkQdJafcC ++.RE ++.fi ++.PP ++More details on creating the allowed communities file are found in the Communities.md and Authentication.md documentation included with this package. ++.SH ENVIRONMENT ++.TP ++.B N2N_FEDERATION ++set the federation name so it is not visible at the command line ++.SH EXAMPLES ++.TP ++.B supernode -p 7654 -v ++Start supernode listening on UDP port 7654 with verbose output. ++.TP ++.B echo | nc -w1 -u 127.0.0.1 5645 ++Shows the management status of a running supernode. ++.PP ++.SH RESTART ++When supernode restarts it loses all registration information from associated ++edge nodes. It can take up to five minutes for the edge nodes to re-register and ++normal traffic flow to resume. ++.SH EXIT STATUS ++supernode is a daemon and any exit is an error ++.SH AUTHOR ++Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner ++.SH SEE ALSO ++ifconfig(8) edge(8) ++.br ++the documentation contained in the source code ++.br ++the extensive documentation found in n2n's \fBdoc/\fR folder +--- a/Makefile.in ++++ b/Makefile.in +@@ -73,8 +73,6 @@ + endif + + MANDIR?=$(PREFIX)/share/man +-MAN1DIR=$(MANDIR)/man1 +-MAN7DIR=$(MANDIR)/man7 + MAN8DIR=$(MANDIR)/man8 + + N2N_LIB=libn2n.a +@@ -140,7 +138,7 @@ + APPS+=example_edge_embed + APPS+=example_sn_embed + +-DOCS=edge.8.gz supernode.1.gz n2n.7.gz ++DOCS=edge.8.gz supernode.8.gz n2n.8.gz + + # This is the superset of all packages that might be needed during the build. + # Mostly of use in automated build systems. +@@ -265,21 +263,21 @@ + rm -f tests/*.out src/*.gcno src/*.gcda src/*.indent src/*.unc-backup* + rm -rf autom4te.cache/ + rm -f config.log config.status configure Makefile tools/Makefile include/config.h include/config.h.in +- rm -f doc/edge.8.gz doc/n2n.7.gz doc/supernode.1.gz ++ rm -f doc/edge.8.gz doc/n2n.8.gz doc/supernode.8.gz + rm -f packages/debian/config.log packages/debian/config.status + rm -rf packages/debian/autom4te.cache/ + rm -f packages/rpm/config.log packages/rpm/config.status + rm -f $(addprefix src/,$(APPS)) + + .PHONY: install +-install: edge supernode edge.8.gz supernode.1.gz n2n.7.gz ++install: edge supernode edge.8.gz supernode.8.gz n2n.8.gz + echo "MANDIR=$(MANDIR)" +- $(MKDIR) $(SBINDIR) $(MAN1DIR) $(MAN7DIR) $(MAN8DIR) ++ $(MKDIR) $(SBINDIR) $(MAN8DIR) + $(INSTALL_PROG) supernode $(SBINDIR)/ + $(INSTALL_PROG) edge $(SBINDIR)/ + $(INSTALL_DOC) edge.8.gz $(MAN8DIR)/ +- $(INSTALL_DOC) supernode.1.gz $(MAN1DIR)/ +- $(INSTALL_DOC) n2n.7.gz $(MAN7DIR)/ ++ $(INSTALL_DOC) supernode.8.gz $(MAN8DIR)/ ++ $(INSTALL_DOC) n2n.8.gz $(MAN8DIR)/ + $(MAKE) -C tools install SBINDIR=$(abspath $(SBINDIR)) + + # Docker builder section diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..74f0a7b --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,2 @@ +0001-fix-version.patch +move-man-pages.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..d86a8cf --- /dev/null +++ b/debian/rules @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +# You must remove unused comment lines for the released package. +#export DH_VERBOSE = 1 +#export DEB_BUILD_MAINT_OPTIONS = hardening=+all +#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic +#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + +%: + dh $@ --buildsystem=autoconf + +#override_dh_auto_configure: +# dh_auto_configure -- \ +# -DCMAKE_LIBRARY_ARCHITECTURE="$(DEB_TARGET_MULTIARCH)" diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..46ebe02 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) \ No newline at end of file diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..76575dc --- /dev/null +++ b/debian/watch @@ -0,0 +1,2 @@ +# You must remove unused comment lines for the released package. +version=3