Initial packaging for n2n 3.1.1

debian/README.Debian

@@ -0,0 +1,5 @@
+n2n for Debian
+
+Packaging for n2n in Debian.
+
+ -- Tianyu Chen <billchenchina2001@gmail.com>  Tue, 15 Nov 2022 04:12:12 +0800

debian/changelog

@@ -0,0 +1,91 @@
+n2n (3.1.1-0.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * New upstream version 3.1.1. (Closes: #914321)
+
+ -- Tianyu Chen <billchenchina2001@gmail.com>  Tue, 15 Nov 2022 08:51:52 +0800
+
+n2n (1.3.1~svn3789-7) unstable; urgency=medium
+
+  [ Rolf Leggewie ]
+  * control:
+    - add run-time depency on net-tools. Closes: #876386
+    - use publicly accessible Vcs-Git URI
+  * README: talk a bit about security implications of an abandoned upstream
+
+  [ Chris Lamb ]
+  * patches: Make the build reproducible. Closes: #833819
+
+ -- Rolf Leggewie <foss@rolf.leggewie.biz>  Tue, 17 Apr 2018 15:52:27 +0800
+
+n2n (1.3.1~svn3789-6) unstable; urgency=medium
+
+  * control:
+    - bump to Debian Standard 4.1.4
+    - add run-time dependency on lsb-base
+    - update git URIs
+    - change priority from extra to optional
+    - drop inactive co-maintainer
+      Thank you for your work. Welcome back anytime!
+  * copyright: update to 2018
+  * default: change default supernode to bytemark.leggewie.org
+  * init: merge two N2N_SUPERNODE* variables into one
+  * README:
+    - improve some botched wording
+    - add information about two new public supernodes
+
+ -- Rolf Leggewie <foss@rolf.leggewie.biz>  Sun, 15 Apr 2018 15:03:20 +0800
+
+n2n (1.3.1~svn3789-5) unstable; urgency=medium
+
+  * ship init script for controlling the n2n VPN. Closes: #742098
+  * make the README more userfriendly and relevant to ordinary users
+  * control: bump to Standard 3.9.6. No further changes.
+
+ -- Rolf Leggewie <foss@rolf.leggewie.biz>  Sun, 26 Oct 2014 13:27:55 +0900
+
+n2n (1.3.1~svn3789-4) unstable; urgency=low
+
+  * move the updated package from experimental to unstable now
+  * copyright: Update copyright information.
+  * control: Update to policy 3.9.4. No further changes.
+
+ -- Rolf Leggewie <foss@rolf.leggewie.biz>  Wed, 29 May 2013 17:55:10 +0800
+
+n2n (1.3.1~svn3789-3) experimental; urgency=low
+
+  * update build process from dh7 to dh9
+  * backport upstream-svn4235.patch to fix compile error
+  * patch Makefile to import $LDFLAGS and $CPPFLAGS into $CFLAGS
+
+ -- Rolf Leggewie <foss@rolf.leggewie.biz>  Fri, 28 Dec 2012 03:09:08 +0100
+
+n2n (1.3.1~svn3789-2) experimental; urgency=low
+
+  * debian/control:
+    - add myself to Uploaders
+    - add ${misc:Depends} to run-time dependencies
+    - add Homepage and VCS fields
+    - bump standards version to 3.9.3 (no further changes)
+  * debian/rules: radically simplify and rely on dh7 build intelligence
+  * debian/source/format: use DebSrc3 format
+  * debian/README.Debian: add information about public supernode
+
+ -- Rolf Leggewie <foss@rolf.leggewie.biz>  Fri, 14 Dec 2012 13:01:40 +0100
+
+n2n (1.3.1~svn3789-1) unstable; urgency=low
+
+  * Update package to version 1.3 from upstream cvs
+  * Removed "libc6-dev (>= 2.0)" build dependency (closes: Bug#533881)
+  * DH compatibility level is 7
+  * Run dh_prep instead of dh_clean -k
+  * Standards Version is 3.8.2
+
+ -- cristian paul peñaranda rojas <kristian.paul@gmail.com>  Sun, 22 Jun 2009 21:19:58 -0500
+
+n2n (1.2.2~svn3653) unstable; urgency=low
+
+  * Initial release (closes: Bug#507750)
+
+ -- cristian paul peñaranda rojas <kristian.paul@gmail.com>  Sat, 29 Nov 2008 00:31:58 -0500
+

debian/control

@@ -0,0 +1,19 @@
+Source: n2n
+Section: net
+Priority: optional
+Maintainer: Rolf Leggewie <foss@rolf.leggewie.biz>
+Build-Depends: cmake, debhelper-compat (= 13)
+Standards-Version: 4.5.1
+Homepage: http://www.ntop.org/products/n2n/
+Vcs-Browser: https://github.com/leggewie-DM/n2n
+Vcs-Git: https://github.com/leggewie-DM/n2n.git
+
+Package: n2n
+Architecture: any
+Multi-Arch: foreign
+Depends: ${misc:Depends}, ${shlibs:Depends},
+ lsb-base (>= 3.0-6), net-tools
+Description: Peer-to-Peer VPN network daemon
+ n2n is an open source VPN application which utilizes 
+ a Peer-to-peer architecture for network membership 
+ and routing.

debian/copyright

@@ -0,0 +1,86 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: n2n
+Upstream-Contact: Luca Deri <deri@ntop.org>
+Source: <https://github.com/ntop/n2n>
+#
+# Please double check copyright with the licensecheck(1) command.
+
+Files:     *
+Copyright: 2007-2022 Luca Deri <deri@ntop.org>
+           2007-2022 ntop.org and contributors
+License:   GPL-3.0+
+
+Files:     legacy/gen_keyfile.py
+           doc/Hacking.md
+Copyright: 2007-2022 Luca Deri <deri@ntop.org>
+           2007-2022 ntop.org and contributors
+           2009 Richard Andrews <andrews@ntop.org>
+License:   GPL-3.0+
+
+Files:     include/tf.h
+           src/tf.c
+Copyright: 2007-2022 ntop.org and contributors
+           2015 Andrew T. Csillag
+License:   Expat
+
+Files:     include/lzoconf.h
+           include/minilzo.h
+           include/lzodefs.h
+           src/minilzo.c
+Copyright: 1996-2017 Markus Franz Xaver Johannes Oberhumer
+           2007-2022 ntop.org and contributors
+License:   GPL-3.0+
+
+Files:     include/uthash.h
+Copyright: 2003-2018 Troy D. Hanson     http://troydhanson.github.com/uthash/
+           2007-2022 ntop.org and contributors
+License:   GPL-3.0+
+
+Files:     win32/getopt.c
+           win32/getopt.h
+Copyright: 1992-2015 Free Software Foundation, Inc.
+           2007-2022 ntop.org and contributors
+License:   GPL-3.0+
+
+Files:     config.guess
+           packages/debian/configure
+           packages/rpm/configure
+Copyright: 1992-2015 Free Software Foundation, Inc.
+License:   __AUTO_PERMISSIVE__
+ Autogenerated files with permissive licenses.
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.

debian/patches/0001-fix-version.patch

@@ -0,0 +1,46 @@
+From: Tianyu Chen <billchenchen2001@gmail.com>
+Date: Tue, 15 Nov 2022 08:00:11 +0800
+Subject: fix-version
+
+---
+ scripts/version.sh | 27 +++------------------------
+ 1 file changed, 3 insertions(+), 24 deletions(-)
+
+diff --git a/scripts/version.sh b/scripts/version.sh
+index e551500..07f76f0 100755
+--- a/scripts/version.sh
++++ b/scripts/version.sh
+@@ -16,30 +16,9 @@ TOPDIR=$(dirname "$0")/..
+ 
+ VER_FILE_SHORT=$(cat "${TOPDIR}/VERSION")
+ 
+-if [ -d "$TOPDIR/.git" ]; then
+-    # If there is a .git directory in our TOPDIR, then this is assumed to be
+-    # real git checkout
+-
+-    cd "$TOPDIR" || exit 1
+-
+-    VER_GIT_SHORT=$(git describe --abbrev=0)
+-
+-    if [ "$VER_FILE_SHORT" != "$VER_GIT_SHORT" ]; then
+-        echo "Error: VERSION file does not match tag version ($VER_FILE_SHORT != $VER_GIT_SHORT)"
+-        exit 1
+-    fi
+-
+-    VER_SHORT="$VER_GIT_SHORT"
+-    VER_HASH=$(git rev-parse --short HEAD)
+-    VER=$(git describe --abbrev=7 --dirty)
+-else
+-    # If there is no .git directory in our TOPDIR, we fall back on relying on
+-    # the VERSION file
+-
+-    VER_SHORT="$VER_FILE_SHORT"
+-    VER_HASH="HEAD"
+-    VER="$VER_FILE_SHORT"
+-fi
++VER_SHORT="$VER_FILE_SHORT"
++VER_HASH="HEAD"
++VER="$VER_FILE_SHORT"
+ 
+ case "$1" in
+     hash)

debian/patches/move-man-pages.patch

@@ -0,0 +1,601 @@
+Move n2n.7, supernode.1 to n2n.8 and supernode.8
+--- a/edge.8
++++ b/edge.8
+@@ -283,7 +283,7 @@
+ Don Bindner
+ (--) - significant contributions to n2n-1
+ .SH SEE ALSO
+-ifconfig(8) supernode(1) tunctl(8) n2n(7)
++ifconfig(8) supernode(8) tunctl(8) n2n(8)
+ .br
+ the documentation contained in the source code
+ .br
+--- a/n2n.7
++++ /dev/null
+@@ -1,132 +0,0 @@
+-.TH "n2n_v3" 7 "Sep 27, 2021" "version 3" "Background"
+-.SH NAME
+-n2n version 3 \- version 3 of the n2n decentralised peer-to-peer network overlay
+-VPN.
+-.SH DESCRIPTION
+-n2n is a peer-to-peer network overlay or VPN system that provides layer 2 over
+-layer 3 encapsulation with data transform capabilities such as encryption and
+-compression. This guide also discusses the differences of version 3 of n2n from
+-version 2.
+-.SH PROTOCOLS
+-n2n-3 basically uses the same set of messages to communicate with edges and
+-supernodes. However, due to slight packet format changes, the n2n-3 messages
+-are not compatible with n2n-2. There is no backward compatibility for n2n-2.
+-.SH ENCRYPTION
+-n2n-3 offers four different ciphers for payload encryption as well as optional
+-header encryption. Earlier versions of n2n-2 provided a mechanism using a key
+-schedule which has been removed in n2n-3. A basic user authentication scheme
+-relying on asymmetric cryptography has been added to n2n-3.
+-
+-n2n-3 provides the following ciphers to chose from for payload encryption; more
+-can be added as required:
+-.TP
+-.B (1) NULL
+-Data is encapsulated unchanged. Useful for testing and high-performance, low
+-sensitivity applications.
+-.TP
+-.B (2) TF-CTS
+-Twofish AES candidate in CTS mode.
+-.TP
+-.B (3) AES-CTS
+-AES in CTS mode with up to 256-bit key.
+-.TP
+-.B (4) CHACHA20
+-ChaCha20, a well known stream cipher developped by Daniel J. Bernstein.
+-.TP
+-.B (5) SPECK-CTR
+-A fast block cipher developped by the NSA used as stream cipher in CTR mode.
+-.TP
+-Full Header Encyption
+-The optional full header encryption also encrypts packets' header which include
+-some administrative data. In addition, it adds replay protection.
+-.TP
+-User Password Authentication
+-n2n-3 implements an optional user-password authentication scheme. A key
+-generator assists in generating user's public keys to be stored at the
+-supernode side.
+-.SH COPMPRESSION
+-LZO for payload compression is an always available option at n2n-3. If compiled with
+-zstdlib support, ZSTD is at optional service as well.
+-.SH EXTENSIBILITY
+-n2n-3 decouples the data transform system from the core of the edge
+-operation. This allows for easier addition of new data transform
+-operations. n2n-3 reserves some standard transform identifiers (such as TwoFish
+-encryption) but allocates transform identifiers for user-defined
+-transforms. This allows anyone to add to n2n new private transforms without
+-breaking compatibility with the standard offering.
+-.SH FEDERATED SUPERNODES
+-n2n-3 incorporates the capability of multiple supernodes to be federated.
+-Federation acts transparently and balances the workload evenly among the
+-federated supernodes. Supernodes keep track of edges connected to different
+-supernodes and forward packets as required. This feature naturally supports
+-fail-over and this increases redundancy and resilience.
+-.P
+-Information on additional supernodes is propagated to all edges. In addition,
+-the n2n-3 edge implementation allows multiple supernodes to be specified on the
+-command line. Edges monitor the current supernode for responses to
+-REGISTER_SUPER as well as PING messages. After three responses from current
+-supernode are missed or when a better supernode in terms of significant lower workload
+-is found, the edge tries to connect to another supernode. It cycles through the list
+-f supernodes which over and over again is sorted according to reported workload.
+-
+-.SH MANAGEMENT CONSOLE
+-Edge and supernode in n2n-3 provide a UDP-based management console. Both listen
+-on the localhost address 127.0.0.1. Commands can be sent to the programs by
+-sending to the UDP socket. Responses are returned to the socket from which
+-commands were issued. This only works from the computer on which the programs
+-are running. Statistics can be retrieved and commands issued. The netcat utility
+-is all that is required; but more sophisticated tools could be built on the
+-interface.
+-
+-.SH SUPERNODE AUTHENTICATION
+-The supernode federation name serves as private key shared between the supernodes only.
+-The corresponding public key can be provided to the edges.
+-
+-.SH MESSAGE SUMMARY
+-The following message types work within n2n-3.
+-.TP
+-REGISTER_SUPER
+-Sent from an edge to its local supernode to register its MAC with the community.
+-Also, federated supernodes use this packet format to register to each other.
+-.TP
+-REGISTER_SUPER_ACK
+-Sent from a supernode to an edge to confirm registration. This also carries the
+-definition of the edge socket as seen at the supernode so NAT can be detected
+-and described. Furthermore, it carries information about additional federated
+-supernodes.
+-.TP
+-REGISTER_SUPER_NAK
+-Supernode refusing to register an edge.
+-.TP
+-PACKET
+-Encapsulated ethernet packets sent between edges. Supernodes forward or
+-broadcast these and edges send them direct in peer-to-peer mode.
+-.TP
+-REGISTER
+-A peer-to-peer mode registration request from one edge to another. Supernodes
+-forward these to facilitate NAT crossing introductions.
+-.TP
+-REGISTER_ACK
+-Complete peer-to-peer mode setup between two edges. These messages need to
+-travel direct between edges.
+-.TP
+-QUERY_PEER
+-Queries a supernode about another edge, especially its public socket in case of
+-no peer-to-peer communication can be established. Additionally, it serves as PING
+-to query supernodes about themselves.
+-.TP
+-PEER_INFO
+-Answers the QUERY_PEER; it also covers the special case of the PING query, internally
+-called PONG.
+-.SH AUTHORS
+-.TP
+-Richard Andrews andrews (at) ntop.org - main author of n2n-2
+-.TP
+-Luca Deri
+-deri (at) ntop.org - code inherited from n2n-1
+-.SH SEE ALSO
+-ifconfig(8) edge(8) supernode(1)
+-.br
+-the documentation contained in the source code
+-.br
+-the extensive documentation found in n2n's \fBdoc/\fR folder
+--- /dev/null
++++ b/n2n.8
+@@ -0,0 +1,132 @@
++.TH "n2n_v3" 8 "Sep 27, 2021" "version 3" "Background"
++.SH NAME
++n2n version 3 \- version 3 of the n2n decentralised peer-to-peer network overlay
++VPN.
++.SH DESCRIPTION
++n2n is a peer-to-peer network overlay or VPN system that provides layer 2 over
++layer 3 encapsulation with data transform capabilities such as encryption and
++compression. This guide also discusses the differences of version 3 of n2n from
++version 2.
++.SH PROTOCOLS
++n2n-3 basically uses the same set of messages to communicate with edges and
++supernodes. However, due to slight packet format changes, the n2n-3 messages
++are not compatible with n2n-2. There is no backward compatibility for n2n-2.
++.SH ENCRYPTION
++n2n-3 offers four different ciphers for payload encryption as well as optional
++header encryption. Earlier versions of n2n-2 provided a mechanism using a key
++schedule which has been removed in n2n-3. A basic user authentication scheme
++relying on asymmetric cryptography has been added to n2n-3.
++
++n2n-3 provides the following ciphers to chose from for payload encryption; more
++can be added as required:
++.TP
++.B (1) NULL
++Data is encapsulated unchanged. Useful for testing and high-performance, low
++sensitivity applications.
++.TP
++.B (2) TF-CTS
++Twofish AES candidate in CTS mode.
++.TP
++.B (3) AES-CTS
++AES in CTS mode with up to 256-bit key.
++.TP
++.B (4) CHACHA20
++ChaCha20, a well known stream cipher developped by Daniel J. Bernstein.
++.TP
++.B (5) SPECK-CTR
++A fast block cipher developped by the NSA used as stream cipher in CTR mode.
++.TP
++Full Header Encyption
++The optional full header encryption also encrypts packets' header which include
++some administrative data. In addition, it adds replay protection.
++.TP
++User Password Authentication
++n2n-3 implements an optional user-password authentication scheme. A key
++generator assists in generating user's public keys to be stored at the
++supernode side.
++.SH COPMPRESSION
++LZO for payload compression is an always available option at n2n-3. If compiled with
++zstdlib support, ZSTD is at optional service as well.
++.SH EXTENSIBILITY
++n2n-3 decouples the data transform system from the core of the edge
++operation. This allows for easier addition of new data transform
++operations. n2n-3 reserves some standard transform identifiers (such as TwoFish
++encryption) but allocates transform identifiers for user-defined
++transforms. This allows anyone to add to n2n new private transforms without
++breaking compatibility with the standard offering.
++.SH FEDERATED SUPERNODES
++n2n-3 incorporates the capability of multiple supernodes to be federated.
++Federation acts transparently and balances the workload evenly among the
++federated supernodes. Supernodes keep track of edges connected to different
++supernodes and forward packets as required. This feature naturally supports
++fail-over and this increases redundancy and resilience.
++.P
++Information on additional supernodes is propagated to all edges. In addition,
++the n2n-3 edge implementation allows multiple supernodes to be specified on the
++command line. Edges monitor the current supernode for responses to
++REGISTER_SUPER as well as PING messages. After three responses from current
++supernode are missed or when a better supernode in terms of significant lower workload
++is found, the edge tries to connect to another supernode. It cycles through the list
++f supernodes which over and over again is sorted according to reported workload.
++
++.SH MANAGEMENT CONSOLE
++Edge and supernode in n2n-3 provide a UDP-based management console. Both listen
++on the localhost address 127.0.0.1. Commands can be sent to the programs by
++sending to the UDP socket. Responses are returned to the socket from which
++commands were issued. This only works from the computer on which the programs
++are running. Statistics can be retrieved and commands issued. The netcat utility
++is all that is required; but more sophisticated tools could be built on the
++interface.
++
++.SH SUPERNODE AUTHENTICATION
++The supernode federation name serves as private key shared between the supernodes only.
++The corresponding public key can be provided to the edges.
++
++.SH MESSAGE SUMMARY
++The following message types work within n2n-3.
++.TP
++REGISTER_SUPER
++Sent from an edge to its local supernode to register its MAC with the community.
++Also, federated supernodes use this packet format to register to each other.
++.TP
++REGISTER_SUPER_ACK
++Sent from a supernode to an edge to confirm registration. This also carries the
++definition of the edge socket as seen at the supernode so NAT can be detected
++and described. Furthermore, it carries information about additional federated
++supernodes.
++.TP
++REGISTER_SUPER_NAK
++Supernode refusing to register an edge.
++.TP
++PACKET
++Encapsulated ethernet packets sent between edges. Supernodes forward or
++broadcast these and edges send them direct in peer-to-peer mode.
++.TP
++REGISTER
++A peer-to-peer mode registration request from one edge to another. Supernodes
++forward these to facilitate NAT crossing introductions.
++.TP
++REGISTER_ACK
++Complete peer-to-peer mode setup between two edges. These messages need to
++travel direct between edges.
++.TP
++QUERY_PEER
++Queries a supernode about another edge, especially its public socket in case of
++no peer-to-peer communication can be established. Additionally, it serves as PING
++to query supernodes about themselves.
++.TP
++PEER_INFO
++Answers the QUERY_PEER; it also covers the special case of the PING query, internally
++called PONG.
++.SH AUTHORS
++.TP
++Richard Andrews andrews (at) ntop.org - main author of n2n-2
++.TP
++Luca Deri
++deri (at) ntop.org - code inherited from n2n-1
++.SH SEE ALSO
++ifconfig(8) edge(8) supernode(8)
++.br
++the documentation contained in the source code
++.br
++the extensive documentation found in n2n's \fBdoc/\fR folder
+--- a/supernode.1
++++ /dev/null
+@@ -1,133 +0,0 @@
+-.TH supernode 1  "Jul 16, 2021" "version 3" "USER COMMANDS"
+-.SH NAME
+-supernode \- n2n supernode daemon
+-.SH SYNOPSIS
+-.B supernode
+-<config file>
+-.br
+-.B supernode
+-[OPTION]...
+-.SH DESCRIPTION
+-N2N is a peer-to-peer VPN system. Supernode is a node introduction registry,
+-broadcast conduit and packet relay node for the n2n system. On startup supernode
+-begins listening on the specified UDP port for node registrations, and other
+-packets to route. The supernode can service any number of communities and routes
+-packets only between members of the same community. The supernode does not hold
+-the community encryption key and so cannot snoop or inject packets into the
+-community.
+-.PP
+-Supernode can service a number of n2n communities concurrently. Traffic does not
+-cross between communities.
+-.PP
+-All logging goes to stdout.
+-.PP
+-The config file is similar to the command line, with one option per line.
+-Lines starting with a "#" are ignored.
+-An equal sign ('=') should be used between key and value. Example: -p=7777
+-.SH OPTIONS FOR THE UNDERLYING NETWORK CONNECTION
+-.TP
+-\fB\-p \fR<\fIlocal_port\fR>, \fB\-\-local-port\fR=<\fIlocal_port\fR>
+-listen on this fixed local UDP port, defaults to 7654
+-.TP
+-\fB\-F \fR<\fIfed_name\fR>
+-name of the supernode's federation, defaults to '*Federation' (see also N2N_FEDERATION in ENVIRONMENT)
+-.TP
+-\fB\-l \fR<\fIhost:port\fR>
+-ip address or name, and port of known supernode
+-.TP
+-\fB\-m \fR<\fImac_address\fR>
+-fixed MAC address for the supernode, e.g.
+- '-m 10:20:30:40:50:60', random otherwise
+-.TP
+-\fB\-M\fR
+-disable MAC and IP address spoofing protection for all
+-non-username-password-authenticating communities
+-.TP
+-\fB\-V \fR<\fIversion_string\fR>
+-modify the supernode version string which is distributed to the
+-edges and shown at their management port output, up to 19 characters
+-.TP
+-.SH TAP DEVICE AND OVERLAY NETWORK CONFIGURATION
+-.TP
+-\fB\-c \fR<\fIpath\fR>, \fB\-\-communities\fR=<\fIpath\fR>
+-file containing the allowed communities and any User / Password based authentication
+-details (See ALLOWED COMMUNITIES FILE section)
+-.TP
+-\fB\-a \fR<\fInet-net/n\fR>, \fB\-\-autoip\fR=<net-net/n\fR>
+-subnet range for auto ip address service,
+-.br
+-e.g.  '-a 192.168.0.0-192.168.255.0/24',
+-.br
+-defaults to '10.128.255.0-10.255.255.0/24'
+-.SH LOCAL OPTIONS
+-.TP
+-\fB\-f\fR, \fB\-\-foreground\fR
+-disable daemon mode (UNIX) and run in foreground.
+-.TP
+-\fB\-t \fR<\fIport\fR>, \fB\-\-mgmt-port\fR=<\fIport\fR>
+-management UDP port, for multiple supernodes on a machine, defaults to 5645
+-.TP
+-\fB\-\-management-password \fR<\fIpassword\fR>
+-sets the password for access to JSON API at the management port, defaults to 'n2n'. The password
+-has to be provided for relevant access to JSON API at the management port.
+-.TP
+-\fB\-v\fR, \fB\-\-verbose\fR
+-use verbose logging
+-.TP
+-\fB\-u \fR<\fIUID\fR>
+-numeric user ID to use when privileges are dropped
+-.TP
+-\fB\-g \fR<\fIGID\fR>
+-numeric group ID to use when privileges are dropped
+-.TP
+-\fB-h\fR
+-shows a quick reference including all available options
+-.TP
+-\fB\-\-help\fR
+-shows detailed parameter description
+-
+-.SH ALLOWED COMMUNITIES FILE
+-This file is a plain text file.
+-Comments are introduced with a hash at the beginning of the line.
+-A line that begins with an asterisk is a user authentication definition and adds an allowed user to the most recently defined community.
+-Allowed communities can be specified with a regular expression.
+-.PP
+-Example community file:
+-.PP
+-.nf
+-.RS
+-# List of allowed communities
+-mynetwork
+-netleo
+-* logan nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG
+-* sister HwHpPrdMft+38tFDDiunUds6927t0+zhCMMkQdJafcC
+-.RE
+-.fi
+-.PP
+-More details on creating the allowed communities file are found in the Communities.md and Authentication.md documentation included with this package.
+-.SH ENVIRONMENT
+-.TP
+-.B N2N_FEDERATION
+-set the federation name so it is not visible at the command line
+-.SH EXAMPLES
+-.TP
+-.B supernode -p 7654 -v
+-Start supernode listening on UDP port 7654 with verbose output.
+-.TP
+-.B echo | nc -w1 -u 127.0.0.1 5645
+-Shows the management status of a running supernode.
+-.PP
+-.SH RESTART
+-When supernode restarts it loses all registration information from associated
+-edge nodes. It can take up to five minutes for the edge nodes to re-register and
+-normal traffic flow to resume.
+-.SH EXIT STATUS
+-supernode is a daemon and any exit is an error
+-.SH AUTHOR
+-Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner
+-.SH SEE ALSO
+-ifconfig(8) edge(8)
+-.br
+-the documentation contained in the source code
+-.br
+-the extensive documentation found in n2n's \fBdoc/\fR folder
+--- /dev/null
++++ b/supernode.8
+@@ -0,0 +1,133 @@
++.TH supernode 8  "Jul 16, 2021" "version 3" "USER COMMANDS"
++.SH NAME
++supernode \- n2n supernode daemon
++.SH SYNOPSIS
++.B supernode
++<config file>
++.br
++.B supernode
++[OPTION]...
++.SH DESCRIPTION
++N2N is a peer-to-peer VPN system. Supernode is a node introduction registry,
++broadcast conduit and packet relay node for the n2n system. On startup supernode
++begins listening on the specified UDP port for node registrations, and other
++packets to route. The supernode can service any number of communities and routes
++packets only between members of the same community. The supernode does not hold
++the community encryption key and so cannot snoop or inject packets into the
++community.
++.PP
++Supernode can service a number of n2n communities concurrently. Traffic does not
++cross between communities.
++.PP
++All logging goes to stdout.
++.PP
++The config file is similar to the command line, with one option per line.
++Lines starting with a "#" are ignored.
++An equal sign ('=') should be used between key and value. Example: -p=7777
++.SH OPTIONS FOR THE UNDERLYING NETWORK CONNECTION
++.TP
++\fB\-p \fR<\fIlocal_port\fR>, \fB\-\-local-port\fR=<\fIlocal_port\fR>
++listen on this fixed local UDP port, defaults to 7654
++.TP
++\fB\-F \fR<\fIfed_name\fR>
++name of the supernode's federation, defaults to '*Federation' (see also N2N_FEDERATION in ENVIRONMENT)
++.TP
++\fB\-l \fR<\fIhost:port\fR>
++ip address or name, and port of known supernode
++.TP
++\fB\-m \fR<\fImac_address\fR>
++fixed MAC address for the supernode, e.g.
++ '-m 10:20:30:40:50:60', random otherwise
++.TP
++\fB\-M\fR
++disable MAC and IP address spoofing protection for all
++non-username-password-authenticating communities
++.TP
++\fB\-V \fR<\fIversion_string\fR>
++modify the supernode version string which is distributed to the
++edges and shown at their management port output, up to 19 characters
++.TP
++.SH TAP DEVICE AND OVERLAY NETWORK CONFIGURATION
++.TP
++\fB\-c \fR<\fIpath\fR>, \fB\-\-communities\fR=<\fIpath\fR>
++file containing the allowed communities and any User / Password based authentication
++details (See ALLOWED COMMUNITIES FILE section)
++.TP
++\fB\-a \fR<\fInet-net/n\fR>, \fB\-\-autoip\fR=<net-net/n\fR>
++subnet range for auto ip address service,
++.br
++e.g.  '-a 192.168.0.0-192.168.255.0/24',
++.br
++defaults to '10.128.255.0-10.255.255.0/24'
++.SH LOCAL OPTIONS
++.TP
++\fB\-f\fR, \fB\-\-foreground\fR
++disable daemon mode (UNIX) and run in foreground.
++.TP
++\fB\-t \fR<\fIport\fR>, \fB\-\-mgmt-port\fR=<\fIport\fR>
++management UDP port, for multiple supernodes on a machine, defaults to 5645
++.TP
++\fB\-\-management-password \fR<\fIpassword\fR>
++sets the password for access to JSON API at the management port, defaults to 'n2n'. The password
++has to be provided for relevant access to JSON API at the management port.
++.TP
++\fB\-v\fR, \fB\-\-verbose\fR
++use verbose logging
++.TP
++\fB\-u \fR<\fIUID\fR>
++numeric user ID to use when privileges are dropped
++.TP
++\fB\-g \fR<\fIGID\fR>
++numeric group ID to use when privileges are dropped
++.TP
++\fB-h\fR
++shows a quick reference including all available options
++.TP
++\fB\-\-help\fR
++shows detailed parameter description
++
++.SH ALLOWED COMMUNITIES FILE
++This file is a plain text file.
++Comments are introduced with a hash at the beginning of the line.
++A line that begins with an asterisk is a user authentication definition and adds an allowed user to the most recently defined community.
++Allowed communities can be specified with a regular expression.
++.PP
++Example community file:
++.PP
++.nf
++.RS
++# List of allowed communities
++mynetwork
++netleo
++* logan nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG
++* sister HwHpPrdMft+38tFDDiunUds6927t0+zhCMMkQdJafcC
++.RE
++.fi
++.PP
++More details on creating the allowed communities file are found in the Communities.md and Authentication.md documentation included with this package.
++.SH ENVIRONMENT
++.TP
++.B N2N_FEDERATION
++set the federation name so it is not visible at the command line
++.SH EXAMPLES
++.TP
++.B supernode -p 7654 -v
++Start supernode listening on UDP port 7654 with verbose output.
++.TP
++.B echo | nc -w1 -u 127.0.0.1 5645
++Shows the management status of a running supernode.
++.PP
++.SH RESTART
++When supernode restarts it loses all registration information from associated
++edge nodes. It can take up to five minutes for the edge nodes to re-register and
++normal traffic flow to resume.
++.SH EXIT STATUS
++supernode is a daemon and any exit is an error
++.SH AUTHOR
++Luca Deri ( deri (at) ntop.org ), Richard Andrews ( andrews (at) ntop.org ), Don Bindner
++.SH SEE ALSO
++ifconfig(8) edge(8)
++.br
++the documentation contained in the source code
++.br
++the extensive documentation found in n2n's \fBdoc/\fR folder
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -73,8 +73,6 @@
+ endif
+ 
+ MANDIR?=$(PREFIX)/share/man
+-MAN1DIR=$(MANDIR)/man1
+-MAN7DIR=$(MANDIR)/man7
+ MAN8DIR=$(MANDIR)/man8
+ 
+ N2N_LIB=libn2n.a
+@@ -140,7 +138,7 @@
+ APPS+=example_edge_embed
+ APPS+=example_sn_embed
+ 
+-DOCS=edge.8.gz supernode.1.gz n2n.7.gz
++DOCS=edge.8.gz supernode.8.gz n2n.8.gz
+ 
+ # This is the superset of all packages that might be needed during the build.
+ # Mostly of use in automated build systems.
+@@ -265,21 +263,21 @@
+ 	rm -f tests/*.out src/*.gcno src/*.gcda src/*.indent src/*.unc-backup*
+ 	rm -rf autom4te.cache/
+ 	rm -f config.log config.status configure Makefile tools/Makefile include/config.h include/config.h.in
+-	rm -f doc/edge.8.gz doc/n2n.7.gz doc/supernode.1.gz
++	rm -f doc/edge.8.gz doc/n2n.8.gz doc/supernode.8.gz
+ 	rm -f packages/debian/config.log packages/debian/config.status
+ 	rm -rf packages/debian/autom4te.cache/
+ 	rm -f packages/rpm/config.log packages/rpm/config.status
+ 	rm -f $(addprefix src/,$(APPS))
+ 
+ .PHONY: install
+-install: edge supernode edge.8.gz supernode.1.gz n2n.7.gz
++install: edge supernode edge.8.gz supernode.8.gz n2n.8.gz
+ 	echo "MANDIR=$(MANDIR)"
+-	$(MKDIR) $(SBINDIR) $(MAN1DIR) $(MAN7DIR) $(MAN8DIR)
++	$(MKDIR) $(SBINDIR) $(MAN8DIR)
+ 	$(INSTALL_PROG) supernode $(SBINDIR)/
+ 	$(INSTALL_PROG) edge $(SBINDIR)/
+ 	$(INSTALL_DOC) edge.8.gz $(MAN8DIR)/
+-	$(INSTALL_DOC) supernode.1.gz $(MAN1DIR)/
+-	$(INSTALL_DOC) n2n.7.gz $(MAN7DIR)/
++	$(INSTALL_DOC) supernode.8.gz $(MAN8DIR)/
++	$(INSTALL_DOC) n2n.8.gz $(MAN8DIR)/
+ 	$(MAKE) -C tools install SBINDIR=$(abspath $(SBINDIR))
+ 
+ # Docker builder section

debian/patches/series

@@ -0,0 +1,2 @@
+0001-fix-version.patch
+move-man-pages.patch

debian/rules

@@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+# You must remove unused comment lines for the released package.
+#export DH_VERBOSE = 1
+#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+#export DEB_CFLAGS_MAINT_APPEND  = -Wall -pedantic
+#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+%:
+	dh $@ --buildsystem=autoconf
+
+#override_dh_auto_configure:
+#	dh_auto_configure -- \
+#	      -DCMAKE_LIBRARY_ARCHITECTURE="$(DEB_TARGET_MULTIARCH)"

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/watch

@@ -0,0 +1,2 @@
+# You must remove unused comment lines for the released package.
+version=3