billchenchina/n2n
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial packaging for n2n 3.1.1

Browse source
This commit is contained in:
billchenchina 2022-11-15 08:51:52 +08:00
parent e7b41df57b
commit 64c575dfa7
10 changed files with 866 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
debian/README.Debian vendored Normal file
View file

@ -0,0 +1,5 @@
n2n for Debian
Packaging for n2n in Debian.
-- Tianyu Chen <billchenchina2001@gmail.com> Tue, 15 Nov 2022 04:12:12 +0800

91
debian/changelog vendored Normal file
View file

@ -0,0 +1,91 @@
n2n (3.1.1-0.1) UNRELEASED; urgency=medium
* Non-maintainer upload.
* New upstream version 3.1.1. (Closes: #914321)
-- Tianyu Chen <billchenchina2001@gmail.com> Tue, 15 Nov 2022 08:51:52 +0800
n2n (1.3.1~svn3789-7) unstable; urgency=medium
[ Rolf Leggewie ]
* control:
- add run-time depency on net-tools. Closes: #876386
- use publicly accessible Vcs-Git URI
* README: talk a bit about security implications of an abandoned upstream
[ Chris Lamb ]
* patches: Make the build reproducible. Closes: #833819
-- Rolf Leggewie <foss@rolf.leggewie.biz> Tue, 17 Apr 2018 15:52:27 +0800
n2n (1.3.1~svn3789-6) unstable; urgency=medium
* control:
- bump to Debian Standard 4.1.4
- add run-time dependency on lsb-base
- update git URIs
- change priority from extra to optional
- drop inactive co-maintainer
Thank you for your work. Welcome back anytime!
* copyright: update to 2018
* default: change default supernode to bytemark.leggewie.org
* init: merge two N2N_SUPERNODE* variables into one
* README:
- improve some botched wording
- add information about two new public supernodes
-- Rolf Leggewie <foss@rolf.leggewie.biz> Sun, 15 Apr 2018 15:03:20 +0800
n2n (1.3.1~svn3789-5) unstable; urgency=medium
* ship init script for controlling the n2n VPN. Closes: #742098
* make the README more userfriendly and relevant to ordinary users
* control: bump to Standard 3.9.6. No further changes.
-- Rolf Leggewie <foss@rolf.leggewie.biz> Sun, 26 Oct 2014 13:27:55 +0900
n2n (1.3.1~svn3789-4) unstable; urgency=low
* move the updated package from experimental to unstable now
* copyright: Update copyright information.
* control: Update to policy 3.9.4. No further changes.
-- Rolf Leggewie <foss@rolf.leggewie.biz> Wed, 29 May 2013 17:55:10 +0800
n2n (1.3.1~svn3789-3) experimental; urgency=low
* update build process from dh7 to dh9
* backport upstream-svn4235.patch to fix compile error
* patch Makefile to import $LDFLAGS and $CPPFLAGS into $CFLAGS
-- Rolf Leggewie <foss@rolf.leggewie.biz> Fri, 28 Dec 2012 03:09:08 +0100
n2n (1.3.1~svn3789-2) experimental; urgency=low
* debian/control:
- add myself to Uploaders
- add ${misc:Depends} to run-time dependencies
- add Homepage and VCS fields
- bump standards version to 3.9.3 (no further changes)
* debian/rules: radically simplify and rely on dh7 build intelligence
* debian/source/format: use DebSrc3 format
* debian/README.Debian: add information about public supernode
-- Rolf Leggewie <foss@rolf.leggewie.biz> Fri, 14 Dec 2012 13:01:40 +0100
n2n (1.3.1~svn3789-1) unstable; urgency=low
* Update package to version 1.3 from upstream cvs
* Removed "libc6-dev (>= 2.0)" build dependency (closes: Bug#533881)
* DH compatibility level is 7
* Run dh_prep instead of dh_clean -k
* Standards Version is 3.8.2
-- cristian paul peñaranda rojas <kristian.paul@gmail.com> Sun, 22 Jun 2009 21:19:58 -0500
n2n (1.2.2~svn3653) unstable; urgency=low
* Initial release (closes: Bug#507750)
-- cristian paul peñaranda rojas <kristian.paul@gmail.com> Sat, 29 Nov 2008 00:31:58 -0500

19
debian/control vendored Normal file
View file

@ -0,0 +1,19 @@
Source: n2n
Section: net
Priority: optional
Maintainer: Rolf Leggewie <foss@rolf.leggewie.biz>
Build-Depends: cmake, debhelper-compat (= 13)
Standards-Version: 4.5.1
Homepage: http://www.ntop.org/products/n2n/
Vcs-Browser: https://github.com/leggewie-DM/n2n
Vcs-Git: https://github.com/leggewie-DM/n2n.git
Package: n2n
Architecture: any
Multi-Arch: foreign
Depends: ${misc:Depends}, ${shlibs:Depends},
lsb-base (>= 3.0-6), net-tools
Description: Peer-to-Peer VPN network daemon
n2n is an open source VPN application which utilizes
a Peer-to-peer architecture for network membership
and routing.

86
debian/copyright vendored Normal file
View file

@ -0,0 +1,86 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: n2n
Upstream-Contact: Luca Deri <deri@ntop.org>
Source: <https://github.com/ntop/n2n>
#
# Please double check copyright with the licensecheck(1) command.
Files: *
Copyright: 2007-2022 Luca Deri <deri@ntop.org>
2007-2022 ntop.org and contributors
License: GPL-3.0+
Files: legacy/gen_keyfile.py
doc/Hacking.md
Copyright: 2007-2022 Luca Deri <deri@ntop.org>
2007-2022 ntop.org and contributors
2009 Richard Andrews <andrews@ntop.org>
License: GPL-3.0+
Files: include/tf.h
src/tf.c
Copyright: 2007-2022 ntop.org and contributors
2015 Andrew T. Csillag
License: Expat
Files: include/lzoconf.h
include/minilzo.h
include/lzodefs.h
src/minilzo.c
Copyright: 1996-2017 Markus Franz Xaver Johannes Oberhumer
2007-2022 ntop.org and contributors
License: GPL-3.0+
Files: include/uthash.h
Copyright: 2003-2018 Troy D. Hanson http://troydhanson.github.com/uthash/
2007-2022 ntop.org and contributors
License: GPL-3.0+
Files: win32/getopt.c
win32/getopt.h
Copyright: 1992-2015 Free Software Foundation, Inc.
2007-2022 ntop.org and contributors
License: GPL-3.0+
Files: config.guess
packages/debian/configure
packages/rpm/configure
Copyright: 1992-2015 Free Software Foundation, Inc.
License: __AUTO_PERMISSIVE__
Autogenerated files with permissive licenses.
License: GPL-3.0+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
On Debian systems, the complete text of the GNU General
Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
License: Expat
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
.
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

46
debian/patches/0001-fix-version.patch vendored Normal file
View file

@ -0,0 +1,46 @@
From: Tianyu Chen <billchenchen2001@gmail.com>
Date: Tue, 15 Nov 2022 08:00:11 +0800
Subject: fix-version
---
scripts/version.sh | 27 +++------------------------
1 file changed, 3 insertions(+), 24 deletions(-)
diff --git a/scripts/version.sh b/scripts/version.sh
index e551500..07f76f0 100755
--- a/scripts/version.sh
+++ b/scripts/version.sh
@@ -16,30 +16,9 @@ TOPDIR=$(dirname "$0")/..
VER_FILE_SHORT=$(cat "${TOPDIR}/VERSION")
-if [ -d "$TOPDIR/.git" ]; then
- # If there is a .git directory in our TOPDIR, then this is assumed to be
- # real git checkout
-
- cd "$TOPDIR" || exit 1
-
- VER_GIT_SHORT=$(git describe --abbrev=0)
-
- if [ "$VER_FILE_SHORT" != "$VER_GIT_SHORT" ]; then
- echo "Error: VERSION file does not match tag version ($VER_FILE_SHORT != $VER_GIT_SHORT)"
- exit 1
- fi
-
- VER_SHORT="$VER_GIT_SHORT"
- VER_HASH=$(git rev-parse --short HEAD)
- VER=$(git describe --abbrev=7 --dirty)
-else
- # If there is no .git directory in our TOPDIR, we fall back on relying on
- # the VERSION file
-
- VER_SHORT="$VER_FILE_SHORT"
- VER_HASH="HEAD"
- VER="$VER_FILE_SHORT"
-fi
+VER_SHORT="$VER_FILE_SHORT"
+VER_HASH="HEAD"
+VER="$VER_FILE_SHORT"
case "$1" in
hash)

601
debian/patches/move-man-pages.patch vendored Normal file
View file

@ -0,0 +1,601 @@
Move n2n.7, supernode.1 to n2n.8 and supernode.8
--- a/edge.8
+++ b/edge.8
@@ -283,7 +283,7 @@
Don Bindner
(--) - significant contributions to n2n-1
.SH SEE ALSO
-ifconfig(8) supernode(1) tunctl(8) n2n(7)
+ifconfig(8) supernode(8) tunctl(8) n2n(8)
.br
the documentation contained in the source code
.br
--- a/n2n.7
+++ /dev/null
@@ -1,132 +0,0 @@
-.TH "n2n_v3" 7 "Sep 27, 2021" "version 3" "Background"
-.SH NAME
-n2n version 3 \- version 3 of the n2n decentralised peer-to-peer network overlay
-VPN.
-.SH DESCRIPTION
-n2n is a peer-to-peer network overlay or VPN system that provides layer 2 over
-layer 3 encapsulation with data transform capabilities such as encryption and
-compression. This guide also discusses the differences of version 3 of n2n from
-version 2.
-.SH PROTOCOLS
-n2n-3 basically uses the same set of messages to communicate with edges and
-supernodes. However, due to slight packet format changes, the n2n-3 messages
-are not compatible with n2n-2. There is no backward compatibility for n2n-2.
-.SH ENCRYPTION
-n2n-3 offers four different ciphers for payload encryption as well as optional
-header encryption. Earlier versions of n2n-2 provided a mechanism using a key
-schedule which has been removed in n2n-3. A basic user authentication scheme
-relying on asymmetric cryptography has been added to n2n-3.
-
-n2n-3 provides the following ciphers to chose from for payload encryption; more
-can be added as required:
-.TP
-.B (1) NULL
-Data is encapsulated unchanged. Useful for testing and high-performance, low
-sensitivity applications.
-.TP
-.B (2) TF-CTS
-Twofish AES candidate in CTS mode.
-.TP
-.B (3) AES-CTS
-AES in CTS mode with up to 256-bit key.
-.TP
-.B (4) CHACHA20
-ChaCha20, a well known stream cipher developped by Daniel J. Bernstein.
-.TP
-.B (5) SPECK-CTR
-A fast block cipher developped by the NSA used as stream cipher in CTR mode.
-.TP
-Full Header Encyption
-The optional full header encryption also encrypts packets' header which include
-some administrative data. In addition, it adds replay protection.
-.TP
-User Password Authentication
-n2n-3 implements an optional user-password authentication scheme. A key
-generator assists in generating user's public keys to be stored at the
-supernode side.
-.SH COPMPRESSION
-LZO for payload compression is an always available option at n2n-3. If compiled with
-zstdlib support, ZSTD is at optional service as well.
-.SH EXTENSIBILITY
-n2n-3 decouples the data transform system from the core of the edge
-operation. This allows for easier addition of new data transform
-operations. n2n-3 reserves some standard transform identifiers (such as TwoFish
-encryption) but allocates transform identifiers for user-defined
-transforms. This allows anyone to add to n2n new private transforms without
-breaking compatibility with the standard offering.
-.SH FEDERATED SUPERNODES
-n2n-3 incorporates the capability of multiple supernodes to be federated.
-Federation acts transparently and balances the workload evenly among the
-federated supernodes. Supernodes keep track of edges connected to different
-supernodes and forward packets as required. This feature naturally supports
-fail-over and this increases redundancy and resilience.
-.P
-Information on additional supernodes is propagated to all edges. In addition,
-the n2n-3 edge implementation allows multiple supernodes to be specified on the
-command line. Edges monitor the current supernode for responses to
-REGISTER_SUPER as well as PING messages. After three responses from current
-supernode are missed or when a better supernode in terms of significant lower workload
-is found, the edge tries to connect to another supernode. It cycles through the list
-f supernodes which over and over again is sorted according to reported workload.
-
-.SH MANAGEMENT CONSOLE
-Edge and supernode in n2n-3 provide a UDP-based management console. Both listen
-on the localhost address 127.0.0.1. Commands can be sent to the programs by
-sending to the UDP socket. Responses are returned to the socket from which
-commands were issued. This only works from the computer on which the programs
-are running. Statistics can be retrieved and commands issued. The netcat utility
-is all that is required; but more sophisticated tools could be built on the
-interface.
-
-.SH SUPERNODE AUTHENTICATION
-The supernode federation name serves as private key shared between the supernodes only.
-The corresponding public key can be provided to the edges.
-
-.SH MESSAGE SUMMARY
-The following message types work within n2n-3.
-.TP
-REGISTER_SUPER
-Sent from an edge to its local supernode to register its MAC with the community.
-Also, federated supernodes use this packet format to register to each other.
-.TP
-REGISTER_SUPER_ACK
-Sent from a supernode to an edge to confirm registration. This also carries the
-definition of the edge socket as seen at the supernode so NAT can be detected
-and described. Furthermore, it carries information about additional federated
-supernodes.
-.TP
-REGISTER_SUPER_NAK
-Supernode refusing to register an edge.
-.TP
-PACKET
-Encapsulated ethernet packets sent between edges. Supernodes forward or
-broadcast these and edges send them direct in peer-to-peer mode.
-.TP
-REGISTER
-A peer-to-peer mode registration request from one edge to another. Supernodes
-forward these to facilitate NAT crossing introductions.
-.TP
-REGISTER_ACK
-Complete peer-to-peer mode setup between two edges. These messages need to
-travel direct between edges.
-.TP
-QUERY_PEER
-Queries a supernode about another edge, especially its public socket in case of
-no peer-to-peer communication can be established. Additionally, it serves as PING
-to query supernodes about themselves.
-.TP
-PEER_INFO
-Answers the QUERY_PEER; it also covers the special case of the PING query, internally
-called PONG.
-.SH AUTHORS
-.TP
-Richard Andrews andrews (at) ntop.org - main author of n2n-2
-.TP
-Luca Deri
-deri (at) ntop.org - code inherited from n2n-1
-.SH SEE ALSO
-ifconfig(8) edge(8) supernode(1)
-.br
-the documentation contained in the source code
-.br
-the extensive documentation found in n2n's \fBdoc/\fR folder
--- /dev/null
+++ b/n2n.8
@@ -0,0 +1,132 @@
+.TH "n2n_v3" 8 "Sep 27, 2021" "version 3" "Background"
+.SH NAME
+n2n version 3 \- version 3 of the n2n decentralised peer-to-peer network overlay
+VPN.
+.SH DESCRIPTION
+n2n is a peer-to-peer network overlay or VPN system that provides layer 2 over
+layer 3 encapsulation with data transform capabilities such as encryption and
+compression. This guide also discusses the differences of version 3 of n2n from
+version 2.
+.SH PROTOCOLS
+n2n-3 basically uses the same set of messages to communicate with edges and
+supernodes. However, due to slight packet format changes, the n2n-3 messages
+are not compatible with n2n-2. There is no backward compatibility for n2n-2.
+.SH ENCRYPTION
+n2n-3 offers four different ciphers for payload encryption as well as optional
+header encryption. Earlier versions of n2n-2 provided a mechanism using a key
+schedule which has been removed in n2n-3. A basic user authentication scheme
+relying on asymmetric cryptography has been added to n2n-3.
+
+n2n-3 provides the following ciphers to chose from for payload encryption; more
+can be added as required:
+.TP
+.B (1) NULL
+Data is encapsulated unchanged. Useful for testing and high-performance, low
+sensitivity applications.
+.TP
+.B (2) TF-CTS
+Twofish AES candidate in CTS mode.
+.TP
+.B (3) AES-CTS
+AES in CTS mode with up to 256-bit key.
+.TP
+.B (4) CHACHA20
+ChaCha20, a well known stream cipher developped by Daniel J. Bernstein.
+.TP
+.B (5) SPECK-CTR
+A fast block cipher developped by the NSA used as stream cipher in CTR mode.
+.TP
+Full Header Encyption
+The optional full header encryption also encrypts packets' header which include
+some administrative data. In addition, it adds replay protection.
+.TP
+User Password Authentication
+n2n-3 implements an optional user-password authentication scheme. A key
+generator assists in generating user's public keys to be stored at the
+supernode side.
+.SH COPMPRESSION
+LZO for payload compression is an always available option at n2n-3. If compiled with
+zstdlib support, ZSTD is at optional service as well.
+.SH EXTENSIBILITY
+n2n-3 decouples the data transform system from the core of the edge
+operation. This allows for easier addition of new data transform
+operations. n2n-3 reserves some standard transform identifiers (such as TwoFish
+encryption) but allocates transform identifiers for user-defined
+transforms. This allows anyone to add to n2n new private transforms without
+breaking compatibility with the standard offering.
+.SH FEDERATED SUPERNODES
+n2n-3 incorporates the capability of multiple supernodes to be federated.
+Federation acts transparently and balances the workload evenly among the
+federated supernodes. Supernodes keep track of edges connected to different
+supernodes and forward packets as required. This feature naturally supports
+fail-over and this increases redundancy and resilience.
+.P
+Information on additional supernodes is propagated to all edges. In addition,
+the n2n-3 edge implementation allows multiple supernodes to be specified on the
+command line. Edges monitor the current supernode for responses to
+REGISTER_SUPER as well as PING messages. After three responses from current
+supernode are missed or when a better supernode in terms of significant lower workload
+is found, the edge tries to connect to another supernode. It cycles through the list
+f supernodes which over and over again is sorted according to reported workload.
+
+.SH MANAGEMENT CONSOLE
+Edge and supernode in n2n-3 provide a UDP-based management console. Both listen
+on the localhost address 127.0.0.1. Commands can be sent to the programs by
+sending to the UDP socket. Responses are returned to the socket from which
+commands were issued. This only works from the computer on which the programs
+are running. Statistics can be retrieved and commands issued. The netcat utility
+is all that is required; but more sophisticated tools could be built on the
+interface.
+
+.SH SUPERNODE AUTHENTICATION
+The supernode federation name serves as private key shared between the supernodes only.
+The corresponding public key can be provided to the edges.
+
+.SH MESSAGE SUMMARY
+The following message types work within n2n-3.
+.TP
+REGISTER_SUPER
+Sent from an edge to its local supernode to register its MAC with the community.
+Also, federated supernodes use this packet format to register to each other.
+.TP
+REGISTER_SUPER_ACK
+Sent from a supernode to an edge to confirm registration. This also carries the
+definition of the edge socket as seen at the supernode so NAT can be detected
+and described. Furthermore, it carries information about additional federated
+supernodes.
+.TP
+REGISTER_SUPER_NAK
+Supernode refusing to register an edge.
+.TP
+PACKET
+Encapsulated ethernet packets sent between edges. Supernodes forward or
+broadcast these and edges send them direct in peer-to-peer mode.
+.TP
+REGISTER
+A peer-to-peer mode registration request from one edge to another. Supernodes
+forward these to facilitate NAT crossing introductions.
+.TP
+REGISTER_ACK
+Complete peer-to-peer mode setup between two edges. These messages need to
+travel direct between edges.
+.TP
+QUERY_PEER
+Queries a supernode about another edge, especially its public socket in case of
+no peer-to-peer communication can be established. Additionally, it serves as PING
+to query supernodes about themselves.
+.TP
+PEER_INFO
+Answers the QUERY_PEER; it also covers the special case of the PING query, internally
+called PONG.
+.SH AUTHORS
+.TP
+Richard Andrews andrews (at) ntop.org - main author of n2n-2
+.TP
+Luca Deri
+deri (at) ntop.org - code inherited from n2n-1
+.SH SEE ALSO
+ifconfig(8) edge(8) supernode(8)
+.br
+the documentation contained in the source code
+.br
+the extensive documentation found in n2n's \fBdoc/\fR folder
--- a/supernode.1
+++ /dev/null
@@ -1,133 +0,0 @@
-.TH supernode 1 "Jul 16, 2021" "version 3" "USER COMMANDS"
-.SH NAME
-supernode \- n2n supernode daemon
-.SH SYNOPSIS
-.B supernode
-<config file>
-.br
-.B supernode
-[OPTION]...
-.SH DESCRIPTION
-N2N is a peer-to-peer VPN system. Supernode is a node introduction registry,
-broadcast conduit and packet relay node for the n2n system. On startup supernode
-begins listening on the specified UDP port for node registrations, and other
-packets to route. The supernode can service any number of communities and routes
-packets only between members of the same community. The supernode does not hold
-the community encryption key and so cannot snoop or inject packets into the
-community.
-.PP
-Supernode can service a number of n2n communities concurrently. Traffic does not
-cross between communities.
-.PP
-All logging goes to stdout.
-.PP
-The config file is similar to the command line, with one option per line.
-Lines starting with a "#" are ignored.
-An equal sign ('=') should be used between key and value. Example: -p=7777
-.SH OPTIONS FOR THE UNDERLYING NETWORK CONNECTION
-.TP
-\fB\-p \fR<\fIlocal_port\fR>, \fB\-\-local-port\fR=<\fIlocal_port\fR>
-listen on this fixed local UDP port, defaults to 7654
-.TP
-\fB\-F \fR<\fIfed_name\fR>
-name of the supernode's federation, defaults to '*Federation' (see also N2N_FEDERATION in ENVIRONMENT)
-.TP
-\fB\-l \fR<\fIhost:port\fR>
-ip address or name, and port of known supernode
-.TP
-\fB\-m \fR<\fImac_address\fR>
-fixed MAC address for the supernode, e.g.
- '-m 10:20:30:40:50:60', random otherwise
-.TP
-\fB\-M\fR
-disable MAC and IP address spoofing protection for all
-non-username-password-authenticating communities
-.TP
-\fB\-V \fR<\fIversion_string\fR>
-modify the supernode version string which is distributed to the
-edges and shown at their management port output, up to 19 characters
-.TP
-.SH TAP DEVICE AND OVERLAY NETWORK CONFIGURATION
-.TP
-\fB\-c \fR<\fIpath\fR>, \fB\-\-communities\fR=<\fIpath\fR>
-file containing the allowed communities and any User / Password based authentication
-details (See ALLOWED COMMUNITIES FILE section)
-.TP
-\fB\-a \fR<\fInet-net/n\fR>, \fB\-\-autoip\fR=<net-net/n\fR>
-subnet range for auto ip address service,
-.br
-e.g. '-a 192.168.0.0-192.168.255.0/24',
-.br
-defaults to '10.128.255.0-10.255.255.0/24'
-.SH LOCAL OPTIONS
-.TP
-\fB\-f\fR, \fB\-\-foreground\fR
-disable daemon mode (UNIX) and run in foreground.
-.TP
-\fB\-t \fR<\fIport\fR>, \fB\-\-mgmt-port\fR=<\fIport\fR>
-management UDP port, for multiple supernodes on a machine, defaults to 5645
-.TP
-\fB\-\-management-password \fR<\fIpassword\fR>
-sets the password for access to JSON API at the management port, defaults to 'n2n'. The password
-has to be provided for relevant access to JSON API at the management port.
-.TP
-\fB\-v\fR, \fB\-\-verbose\fR
-use verbose logging
-.TP
-\fB\-u \fR<\fIUID\fR>
-numeric user ID to use when privileges are dropped
-.TP
-\fB\-g \fR<\fIGID\fR>
-numeric group ID to use when privileges are dropped
-.TP
-\fB-h\fR
-shows a quick reference including all available options
-.TP
-\fB\-\-help\fR
-shows detailed parameter description
-
-.SH ALLOWED COMMUNITIES FILE
-This file is a plain text file.
-Comments are introduced with a hash at the beginning of the line.
-A line that begins with an asterisk is a user authentication definition and adds an allowed user to the most recently defined community.
-Allowed communities can be specified with a regular expression.
-.PP
-Example community file:
-.PP
-.nf
-.RS
-# List of allowed communities
-mynetwork
-netleo
-* logan nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG
-* sister HwHpPrdMft+38tFDDiunUds6927t0+zhCMMkQdJafcC
-.RE
-.fi
-.PP
-More details on creating the allowed communities file are found in the Communities.md and Authentication.md documentation included with this package.
-.SH ENVIRONMENT
-.TP
-.B N2N_FEDERATION
-set the federation name so it is not visible at the command line
-.SH EXAMPLES
-.TP
-.B supernode -p 7654 -v
-Start supernode listening on UDP port 7654 with verbose output.
-.TP
-.B echo | nc -w1 -u 127.0.0.1 5645
-Shows the management status of a running supernode.
-.PP
-.SH RESTART
-When supernode restarts it loses all registration information from associated
-edge nodes. It can take up to five minutes for the edge nodes to re-register and
-normal traffic flow to resume.
-.SH EXIT STATUS
-supernode is a daemon and any exit is an error
-.SH AUTHOR
-Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner
-.SH SEE ALSO
-ifconfig(8) edge(8)
-.br
-the documentation contained in the source code
-.br
-the extensive documentation found in n2n's \fBdoc/\fR folder
--- /dev/null
+++ b/supernode.8
@@ -0,0 +1,133 @@
+.TH supernode 8 "Jul 16, 2021" "version 3" "USER COMMANDS"
+.SH NAME
+supernode \- n2n supernode daemon
+.SH SYNOPSIS
+.B supernode
+<config file>
+.br
+.B supernode
+[OPTION]...
+.SH DESCRIPTION
+N2N is a peer-to-peer VPN system. Supernode is a node introduction registry,
+broadcast conduit and packet relay node for the n2n system. On startup supernode
+begins listening on the specified UDP port for node registrations, and other
+packets to route. The supernode can service any number of communities and routes
+packets only between members of the same community. The supernode does not hold
+the community encryption key and so cannot snoop or inject packets into the
+community.
+.PP
+Supernode can service a number of n2n communities concurrently. Traffic does not
+cross between communities.
+.PP
+All logging goes to stdout.
+.PP
+The config file is similar to the command line, with one option per line.
+Lines starting with a "#" are ignored.
+An equal sign ('=') should be used between key and value. Example: -p=7777
+.SH OPTIONS FOR THE UNDERLYING NETWORK CONNECTION
+.TP
+\fB\-p \fR<\fIlocal_port\fR>, \fB\-\-local-port\fR=<\fIlocal_port\fR>
+listen on this fixed local UDP port, defaults to 7654
+.TP
+\fB\-F \fR<\fIfed_name\fR>
+name of the supernode's federation, defaults to '*Federation' (see also N2N_FEDERATION in ENVIRONMENT)
+.TP
+\fB\-l \fR<\fIhost:port\fR>
+ip address or name, and port of known supernode
+.TP
+\fB\-m \fR<\fImac_address\fR>
+fixed MAC address for the supernode, e.g.
+ '-m 10:20:30:40:50:60', random otherwise
+.TP
+\fB\-M\fR
+disable MAC and IP address spoofing protection for all
+non-username-password-authenticating communities
+.TP
+\fB\-V \fR<\fIversion_string\fR>
+modify the supernode version string which is distributed to the
+edges and shown at their management port output, up to 19 characters
+.TP
+.SH TAP DEVICE AND OVERLAY NETWORK CONFIGURATION
+.TP
+\fB\-c \fR<\fIpath\fR>, \fB\-\-communities\fR=<\fIpath\fR>
+file containing the allowed communities and any User / Password based authentication
+details (See ALLOWED COMMUNITIES FILE section)
+.TP
+\fB\-a \fR<\fInet-net/n\fR>, \fB\-\-autoip\fR=<net-net/n\fR>
+subnet range for auto ip address service,
+.br
+e.g. '-a 192.168.0.0-192.168.255.0/24',
+.br
+defaults to '10.128.255.0-10.255.255.0/24'
+.SH LOCAL OPTIONS
+.TP
+\fB\-f\fR, \fB\-\-foreground\fR
+disable daemon mode (UNIX) and run in foreground.
+.TP
+\fB\-t \fR<\fIport\fR>, \fB\-\-mgmt-port\fR=<\fIport\fR>
+management UDP port, for multiple supernodes on a machine, defaults to 5645
+.TP
+\fB\-\-management-password \fR<\fIpassword\fR>
+sets the password for access to JSON API at the management port, defaults to 'n2n'. The password
+has to be provided for relevant access to JSON API at the management port.
+.TP
+\fB\-v\fR, \fB\-\-verbose\fR
+use verbose logging
+.TP
+\fB\-u \fR<\fIUID\fR>
+numeric user ID to use when privileges are dropped
+.TP
+\fB\-g \fR<\fIGID\fR>
+numeric group ID to use when privileges are dropped
+.TP
+\fB-h\fR
+shows a quick reference including all available options
+.TP
+\fB\-\-help\fR
+shows detailed parameter description
+
+.SH ALLOWED COMMUNITIES FILE
+This file is a plain text file.
+Comments are introduced with a hash at the beginning of the line.
+A line that begins with an asterisk is a user authentication definition and adds an allowed user to the most recently defined community.
+Allowed communities can be specified with a regular expression.
+.PP
+Example community file:
+.PP
+.nf
+.RS
+# List of allowed communities
+mynetwork
+netleo
+* logan nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG
+* sister HwHpPrdMft+38tFDDiunUds6927t0+zhCMMkQdJafcC
+.RE
+.fi
+.PP
+More details on creating the allowed communities file are found in the Communities.md and Authentication.md documentation included with this package.
+.SH ENVIRONMENT
+.TP
+.B N2N_FEDERATION
+set the federation name so it is not visible at the command line
+.SH EXAMPLES
+.TP
+.B supernode -p 7654 -v
+Start supernode listening on UDP port 7654 with verbose output.
+.TP
+.B echo | nc -w1 -u 127.0.0.1 5645
+Shows the management status of a running supernode.
+.PP
+.SH RESTART
+When supernode restarts it loses all registration information from associated
+edge nodes. It can take up to five minutes for the edge nodes to re-register and
+normal traffic flow to resume.
+.SH EXIT STATUS
+supernode is a daemon and any exit is an error
+.SH AUTHOR
+Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner
+.SH SEE ALSO
+ifconfig(8) edge(8)
+.br
+the documentation contained in the source code
+.br
+the extensive documentation found in n2n's \fBdoc/\fR folder
--- a/Makefile.in
+++ b/Makefile.in
@@ -73,8 +73,6 @@
endif
MANDIR?=$(PREFIX)/share/man
-MAN1DIR=$(MANDIR)/man1
-MAN7DIR=$(MANDIR)/man7
MAN8DIR=$(MANDIR)/man8
N2N_LIB=libn2n.a
@@ -140,7 +138,7 @@
APPS+=example_edge_embed
APPS+=example_sn_embed
-DOCS=edge.8.gz supernode.1.gz n2n.7.gz
+DOCS=edge.8.gz supernode.8.gz n2n.8.gz
# This is the superset of all packages that might be needed during the build.
# Mostly of use in automated build systems.
@@ -265,21 +263,21 @@
rm -f tests/*.out src/*.gcno src/*.gcda src/*.indent src/*.unc-backup*
rm -rf autom4te.cache/
rm -f config.log config.status configure Makefile tools/Makefile include/config.h include/config.h.in
- rm -f doc/edge.8.gz doc/n2n.7.gz doc/supernode.1.gz
+ rm -f doc/edge.8.gz doc/n2n.8.gz doc/supernode.8.gz
rm -f packages/debian/config.log packages/debian/config.status
rm -rf packages/debian/autom4te.cache/
rm -f packages/rpm/config.log packages/rpm/config.status
rm -f $(addprefix src/,$(APPS))
.PHONY: install
-install: edge supernode edge.8.gz supernode.1.gz n2n.7.gz
+install: edge supernode edge.8.gz supernode.8.gz n2n.8.gz
echo "MANDIR=$(MANDIR)"
- $(MKDIR) $(SBINDIR) $(MAN1DIR) $(MAN7DIR) $(MAN8DIR)
+ $(MKDIR) $(SBINDIR) $(MAN8DIR)
$(INSTALL_PROG) supernode $(SBINDIR)/
$(INSTALL_PROG) edge $(SBINDIR)/
$(INSTALL_DOC) edge.8.gz $(MAN8DIR)/
- $(INSTALL_DOC) supernode.1.gz $(MAN1DIR)/
- $(INSTALL_DOC) n2n.7.gz $(MAN7DIR)/
+ $(INSTALL_DOC) supernode.8.gz $(MAN8DIR)/
+ $(INSTALL_DOC) n2n.8.gz $(MAN8DIR)/
$(MAKE) -C tools install SBINDIR=$(abspath $(SBINDIR))
# Docker builder section

2
debian/patches/series vendored Normal file
View file

@ -0,0 +1,2 @@
0001-fix-version.patch
move-man-pages.patch

13
debian/rules vendored Executable file
View file

@ -0,0 +1,13 @@
#!/usr/bin/make -f
# You must remove unused comment lines for the released package.
#export DH_VERBOSE = 1
#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic
#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
%:
dh $@ --buildsystem=autoconf
#override_dh_auto_configure:
# dh_auto_configure -- \
# -DCMAKE_LIBRARY_ARCHITECTURE="$(DEB_TARGET_MULTIARCH)"

1
debian/source/format vendored Normal file
View file

@ -0,0 +1 @@
3.0 (quilt)

2
debian/watch vendored Normal file
View file

@ -0,0 +1,2 @@
# You must remove unused comment lines for the released package.
version=3