Blob Blame Raw
diff -up ./contrib/doc/cjdnslog.md.man ./contrib/doc/cjdnslog.md
--- ./contrib/doc/cjdnslog.md.man	2016-05-10 18:55:17.289488599 -0400
+++ ./contrib/doc/cjdnslog.md	2016-05-10 18:55:17.289488599 -0400
@@ -0,0 +1,43 @@
+cjdnslog(1) -- display cjdroute log messages
+=============================================
+
+## SYNOPSIS
+
+`/usr/bin/cjdnslog` [<options>...]
+
+## DESCRIPTION
+
+Cjdroute sends continuous log messages to the bit bucket.  Cjdnslog
+captures that information in real time and sends it to stdout.
+
+##OPTIONS
+
+With no options, cjdnslog logs everything.
+
+  * `--help`
+    Print usage summary.
+
+  * `-f source_file.c`
+    Restrict output to log messages generated in source_file.c.
+
+  * `-v log_level`
+    Restrict output to messages at log_level or higher.  Log levels 
+    include DEBUG, INFO, WARN, ERROR.
+
+  * `-l lineno`
+    Restrict output to message generated on source line lineno.  Normally
+    used in conjunction with `-f`.
+
+##USAGE
+
+Running cjdnslog requires admin privilege.  The cjdnsadmin lib will 
+try to read `/etc/cjdroute.conf` for the admin password.  This will 
+normally succeed only for root.  Otherwise, it tries `~/.cjdnsadmin`
+
+##FILES
+
+`~/.cjdnsadmin`
+
+## SEE ALSO
+
+cjdroute(1)
diff -up ./contrib/doc/cjdns-online.md.man ./contrib/doc/cjdns-online.md
--- ./contrib/doc/cjdns-online.md.man	2016-05-10 18:55:17.289488599 -0400
+++ ./contrib/doc/cjdns-online.md	2016-05-10 18:55:17.289488599 -0400
@@ -0,0 +1,33 @@
+cjdns-online(1) -- check whether cjdns tunnel devices are available
+=============================================
+
+## SYNOPSIS
+
+`cjdns-online` [<options>...]
+
+## DESCRIPTION
+
+Cjdns-online waits for cjdns to make its tunnel device available so 
+that services that listen on the cjdns IP can start.  If you have
+configured services to listen on the cjdns IP, then you can use:
+
+    systemctl enable cjdns-wait-online
+
+to wait until this IP is available before starting network services.
+This will increase your boot time somewhat, but is needed to launch
+thttpd at boot, for example.
+
+##OPTIONS
+
+  * `-t`, `--timeout` <timeout_value>:	
+    time to wait in seconds, default 30
+
+  * `-x`, `--exit`:		
+    Exit immediately if cjdns is not online
+
+  * `-q`, `--quiet`:
+    Don't print anything
+
+  * `-s`, `--wait-for-startup`:
+    Wait for full startup instead of just tun dev.  This is not implemented.
+
diff -up ./contrib/doc/cjdroute.md.man ./contrib/doc/cjdroute.md
--- ./contrib/doc/cjdroute.md.man	2016-05-10 18:55:17.289488599 -0400
+++ ./contrib/doc/cjdroute.md	2016-05-10 18:55:17.289488599 -0400
@@ -0,0 +1,76 @@
+cjdroute(1) -- Cjdns packet switch
+=============================================
+
+## SYNOPSIS
+
+`/usr/sbin/cjdroute` [<options>...]
+
+## DESCRIPTION
+
+Cjdns implements an encrypted IPv6 network using public-key cryptography for
+address allocation and a distributed hash table for routing. This provides
+near-zero-configuration networking, and prevents many of the security and
+scalability issues that plague existing networks.
+
+cjdroute runs in the background and either decrypts packets addressed to
+this node, or sends them on to the next node in the route.
+
+##OPTIONS
+
+  * `--help`:
+    Print usage summary.
+
+  * `--genconf` [--no-eth]:
+    Generate a configuration file, write it to stdout.
+    If --no-eth is specified then ethernet beaconing will be disabled.
+
+  * `--bench`:
+    Run some cryptography performance benchmarks.
+
+  * `--version`:             
+    Print cjdroute version and the protocol version which this node speaks.
+
+  * `--cleanconf` < conf:
+    Print a clean (valid json) version of the config.
+
+  * `--nobg`                
+    Never fork to the background no matter the config.
+
+##USAGE
+
+To get the router up and running:
+
+  * Step 1:
+    Generate a new configuration file if one doesn't already exist.
+
+      cjdroute --genconf > /etc/cjdroute.conf
+
+    You can also simply:
+
+      systemctl start cjdns
+
+    which will tell cjdroute to generate a new config if needed.
+
+  * Step 2:
+    Find somebody to connect to.
+    Check out the IRC channel or http://hyperboria.net/
+    for information about how to meet new people and make connect to them.
+    Read more here: https://github.com/cjdelisle/cjdns/#2-find-a-friend
+
+    By default, cjdroute will find any cjdns nodes on your local LAN
+    without any configuration.
+
+  * Step 3:
+    Add that somebody's node to your cjdroute.conf file.
+    https://github.com/cjdelisle/cjdns/#3-connect-your-node-to-your-friends-node
+
+  * Step 4:
+    Fire it up!
+
+      systemctl start cjdns
+
+    Or if you had already started cjdns:
+
+      systemctl restart cjdns
+
+For more information about other functions and non-standard setups, see README.md
diff -up ./contrib/doc/makekeys.md.man ./contrib/doc/makekeys.md
--- ./contrib/doc/makekeys.md.man	2016-05-10 18:55:17.289488599 -0400
+++ ./contrib/doc/makekeys.md	2016-05-10 18:58:51.521907178 -0400
@@ -0,0 +1,24 @@
+makekeys(1) -- write cjdns keys generated via libnacl to stdout
+=============================================
+
+## SYNOPSIS
+
+`makekeys`
+
+## DESCRIPTION
+
+Generates cjdns private keys and writes them to stdout forever with
+corresponding IP6 address and public key.  Sample:
+
+    9b5520e11b4e1aac4e54cf8382ca219b6942f75519dbe7cc71fc6c4bb636a2db fca1:43dc:9e20:68dc:df3f:6bf1:fbf9:37ab x70u0x6sfh0yuushlq7wvcdxj8rgb8lvss9t6f42zp60ftq71cm0.k
+    579db68cfdeaeda1ff7f365c73e620bedb0f68cb443a0cd7ef6bae16d0e1e12e fc68:b272:3aa3:cb4a:a686:dab0:7df5:2fb5 fmurp2qrb0yqmcjmbjtuhuxuf6v3rgmdn9hgsfh47k20h68y2lz0.k
+
+##USAGE
+
+Example use:
+
+    makekeys | head -20 >keys.txt
+
+## SEE ALSO
+
+publictoip6(1)
diff -up ./contrib/doc/peerStats.md.man ./contrib/doc/peerStats.md
--- ./contrib/doc/peerStats.md.man	2016-05-10 18:55:17.289488599 -0400
+++ ./contrib/doc/peerStats.md	2016-05-10 18:55:17.289488599 -0400
@@ -0,0 +1,25 @@
+peerStats(1) -- show cjdns peers
+=============================================
+
+## SYNOPSIS
+
+`peerStats`
+
+## DESCRIPTION
+
+Cjdroute talks to a number of immediate peers configured in
+`/etc/cjdroute.conf`.  These can be discovered dynamically on local
+networks if "beacon" is enabled.  Peers are enabled to connect
+to cjdroute by adding a login in "authorizedPasswords".  Connecting
+out to peers is configured in "connectTo" in either the IPv4 or IPv6 section.
+
+No admin privilege is needed to run peerStats, but it looks in `~/.cjdnsadmin`
+for the IP and admin port of cjdroute.
+
+##FILES
+
+`~/.cjdnsadmin`
+
+## SEE ALSO
+
+cjdroute(1), sessionStats(1)
diff -up ./contrib/doc/privatetopublic.md.man ./contrib/doc/privatetopublic.md
--- ./contrib/doc/privatetopublic.md.man	2016-05-10 18:55:17.290488610 -0400
+++ ./contrib/doc/privatetopublic.md	2016-05-10 18:55:17.290488610 -0400
@@ -0,0 +1,25 @@
+privatetopublic(8) -- convert cjdns private keys to public keys and IP6
+=============================================
+
+## SYNOPSIS
+
+`/usr/libexec/cjdns/privatetopublic`
+
+## DESCRIPTION
+
+As private keys are very sensitive, /usr/libexec/cjdns/privatetopublic reads
+them from stdin.  If your shell, terminal, or other program keeps history,
+please avoid `echo 'key' | /usr/libexec/cjdns/privatetopublic`, or similar
+constructs.  A heredoc is suitable for use in scripts, and will avoid
+unwanted revealing of the key in process lists, like so:
+
+    /usr/libexec/cjdns/privatetopublic <<EOF
+    key
+    EOF
+
+Key should be in hex form, maximum 64 characters.  Extra characters will be
+silently ignored.
+
+## SEE ALSO
+
+publictoip6(1)
diff -up ./contrib/doc/publictoip6.md.man ./contrib/doc/publictoip6.md
--- ./contrib/doc/publictoip6.md.man	2016-05-10 18:55:17.290488610 -0400
+++ ./contrib/doc/publictoip6.md	2016-05-10 18:59:01.906033221 -0400
@@ -0,0 +1,14 @@
+publictoip6(1) -- Derive cjdns IP6 address from a public key
+=============================================
+
+## SYNOPSIS
+
+`publictoip6` <public key>
+
+## DESCRIPTION
+Get a cjdns IPv6 address from a public key and write to stdout.
+The key should be in Base32 and end in '.k'.
+
+## SEE ALSO
+
+randombytes(1)
diff -up ./contrib/doc/randombytes.md.man ./contrib/doc/randombytes.md
--- ./contrib/doc/randombytes.md.man	2016-05-10 18:55:17.290488610 -0400
+++ ./contrib/doc/randombytes.md	2016-05-10 18:55:17.290488610 -0400
@@ -0,0 +1,16 @@
+randombytes(1) -- write random bytes generated via libnacl to stdout
+=============================================
+
+## SYNOPSIS
+
+`randombytes`
+
+## DESCRIPTION
+
+Writes random bytes to stdout forever using the cryptographically secure
+random generator in libnacl.  In practice, the output is piped
+to a program like dd(1) or base64(1).
+
+## SEE ALSO
+
+makekeys(1)
diff -up ./contrib/doc/sessionStats.md.man ./contrib/doc/sessionStats.md
--- ./contrib/doc/sessionStats.md.man	2016-05-10 18:55:17.290488610 -0400
+++ ./contrib/doc/sessionStats.md	2016-05-10 18:55:17.290488610 -0400
@@ -0,0 +1,39 @@
+sessionStats(1) -- show cjdns crypto sessions
+=============================================
+
+## SYNOPSIS
+
+`sessionStats`
+
+## DESCRIPTION
+
+Cjdroute always talks to other nodes over a "session" similar to
+a TLS session.  A session is required not only to talk to each peer,
+but also when talking to intermediate nodes to ask them about their peers
+when planning a route.  
+
+The cjdns protocol offers Perfect Forward Secrecy.  Each session has a random
+symmetric key that encrypts that session.  If a node is compromised, 
+the attacker can get the session keys and read current and future sessions.
+However, the session keys are securely erased when a session is destroyed,
+so that past sessions (before the compromise) cannot be read.  The lifetime
+of a session is somewhat random.  Cjdroute caches recently active sessions,
+and destroys sessions that have not been used for a while.
+
+##USAGE
+
+Running sessionStats requires admin privilege.  The cjdnsadmin lib will 
+try to read `/etc/cjdroute.conf` for the admin password.  This will 
+normally succeed only for root.  Otherwise, it tries `~/.cjdnsadmin`
+
+##FILES
+
+`~/.cjdnsadmin`
+`/etc/cjdroute.conf`
+
+##BUGS
+If you get a TypeError, you probably have the wrong admin password.
+
+## SEE ALSO
+
+cjdroute(1), peerStats(1)
diff -up ./contrib/doc/sybilsim.md.man ./contrib/doc/sybilsim.md
--- ./contrib/doc/sybilsim.md.man	2016-05-10 18:55:17.290488610 -0400
+++ ./contrib/doc/sybilsim.md	2016-05-10 18:55:17.290488610 -0400
@@ -0,0 +1,43 @@
+sybilsim(8) -- Cjdns packet switch
+=============================================
+
+## SYNOPSIS
+
+`/usr/libexec/cjdns/sybilsim < config.json`
+
+## DESCRIPTION
+
+Sybilsim reads a list of nodes and peers from stdin and simulates the
+corresponding mesh without any actual networking using the same code
+as cjdroute.  This is useful for testing and optimizing cjdroute.
+Every node must have a valid cjdns private key. The makekeys(1) utility can be
+useful for scripts that generate the config.  
+
+##USAGE
+
+Example config:
+
+    {
+      "nodes": {
+	"alice": {
+	  "privateKey":
+	    "5e2295679394e5e1db67c238abbc10292ad9b127904394c52cc5fff39383e920",
+	  "peers": []
+	},
+	"bob": {
+	  "privateKey":
+	    "6569bf3f0d168faa6dfb2912f8ee5ee9b938319e97618fdf06caed73b1aad1cc",
+	  "peers": [ "alice" ]
+	}
+      }
+    }
+
+Example use:
+
+    makekeys | head -20 >keys.txt
+    node /usr/libexec/cjdns/tools/lib/makesim.js keys.txt |
+    /usr/libexec/cjdns/sybilsim
+
+## SEE ALSO
+
+makekeys(1), cjdroute(1)
diff -up ./contrib/doc/traceroute.md.man ./contrib/doc/traceroute.md
--- ./contrib/doc/traceroute.md.man	2016-05-10 18:55:17.290488610 -0400
+++ ./contrib/doc/traceroute.md	2016-05-10 18:55:17.290488610 -0400
@@ -0,0 +1,33 @@
+cjdns-traceroute(1) -- trace cjdns packet routing
+=============================================
+
+## SYNOPSIS
+
+`cjdns-traceroute` <host_or_ip>
+
+## DESCRIPTION
+
+Because cjdns is end to end encrypted, the standard traceroute always
+shows a direct connection.  Cjdns-traceroute queries cjdroute to discover
+what route would be used to send a packet to the destination IP.
+Note that just as with the standard traceroute, there is no guarantee
+that that precise route will actually be used with the next packet.
+
+Cjdns-traceroute requires admin privilege.  The cjdnsadmin lib will 
+try to read `/etc/cjdroute.conf` for the admin password.  This will 
+normally succeed only for root.  Otherwise, it tries `~/.cjdnsadmin`
+
+##USAGE
+
+##FILES
+
+`~/.cjdnsadmin`
+`/etc/cjdroute.conf`
+
+##BUGS
+Cjdns-traceroute throws an ugly exception if you forget
+to pass an IP or have the wrong admin password.
+
+## SEE ALSO
+
+cjdroute(1)