diff -up ./contrib/doc/cjdnslog.md.man ./contrib/doc/cjdnslog.md --- ./contrib/doc/cjdnslog.md.man 2016-05-10 18:55:17.289488599 -0400 +++ ./contrib/doc/cjdnslog.md 2016-05-10 18:55:17.289488599 -0400 @@ -0,0 +1,43 @@ +cjdnslog(1) -- display cjdroute log messages +============================================= + +## SYNOPSIS + +`/usr/bin/cjdnslog` [...] + +## DESCRIPTION + +Cjdroute sends continuous log messages to the bit bucket. Cjdnslog +captures that information in real time and sends it to stdout. + +##OPTIONS + +With no options, cjdnslog logs everything. + + * `--help` + Print usage summary. + + * `-f source_file.c` + Restrict output to log messages generated in source_file.c. + + * `-v log_level` + Restrict output to messages at log_level or higher. Log levels + include DEBUG, INFO, WARN, ERROR. + + * `-l lineno` + Restrict output to message generated on source line lineno. Normally + used in conjunction with `-f`. + +##USAGE + +Running cjdnslog requires admin privilege. The cjdnsadmin lib will +try to read `/etc/cjdroute.conf` for the admin password. This will +normally succeed only for root. Otherwise, it tries `~/.cjdnsadmin` + +##FILES + +`~/.cjdnsadmin` + +## SEE ALSO + +cjdroute(1) diff -up ./contrib/doc/cjdns-online.md.man ./contrib/doc/cjdns-online.md --- ./contrib/doc/cjdns-online.md.man 2016-05-10 18:55:17.289488599 -0400 +++ ./contrib/doc/cjdns-online.md 2016-05-10 18:55:17.289488599 -0400 @@ -0,0 +1,33 @@ +cjdns-online(1) -- check whether cjdns tunnel devices are available +============================================= + +## SYNOPSIS + +`cjdns-online` [...] + +## DESCRIPTION + +Cjdns-online waits for cjdns to make its tunnel device available so +that services that listen on the cjdns IP can start. If you have +configured services to listen on the cjdns IP, then you can use: + + systemctl enable cjdns-wait-online + +to wait until this IP is available before starting network services. +This will increase your boot time somewhat, but is needed to launch +thttpd at boot, for example. + +##OPTIONS + + * `-t`, `--timeout` : + time to wait in seconds, default 30 + + * `-x`, `--exit`: + Exit immediately if cjdns is not online + + * `-q`, `--quiet`: + Don't print anything + + * `-s`, `--wait-for-startup`: + Wait for full startup instead of just tun dev. This is not implemented. + diff -up ./contrib/doc/cjdroute.md.man ./contrib/doc/cjdroute.md --- ./contrib/doc/cjdroute.md.man 2016-05-10 18:55:17.289488599 -0400 +++ ./contrib/doc/cjdroute.md 2016-05-10 18:55:17.289488599 -0400 @@ -0,0 +1,76 @@ +cjdroute(1) -- Cjdns packet switch +============================================= + +## SYNOPSIS + +`/usr/sbin/cjdroute` [...] + +## DESCRIPTION + +Cjdns implements an encrypted IPv6 network using public-key cryptography for +address allocation and a distributed hash table for routing. This provides +near-zero-configuration networking, and prevents many of the security and +scalability issues that plague existing networks. + +cjdroute runs in the background and either decrypts packets addressed to +this node, or sends them on to the next node in the route. + +##OPTIONS + + * `--help`: + Print usage summary. + + * `--genconf` [--no-eth]: + Generate a configuration file, write it to stdout. + If --no-eth is specified then ethernet beaconing will be disabled. + + * `--bench`: + Run some cryptography performance benchmarks. + + * `--version`: + Print cjdroute version and the protocol version which this node speaks. + + * `--cleanconf` < conf: + Print a clean (valid json) version of the config. + + * `--nobg` + Never fork to the background no matter the config. + +##USAGE + +To get the router up and running: + + * Step 1: + Generate a new configuration file if one doesn't already exist. + + cjdroute --genconf > /etc/cjdroute.conf + + You can also simply: + + systemctl start cjdns + + which will tell cjdroute to generate a new config if needed. + + * Step 2: + Find somebody to connect to. + Check out the IRC channel or http://hyperboria.net/ + for information about how to meet new people and make connect to them. + Read more here: https://github.com/cjdelisle/cjdns/#2-find-a-friend + + By default, cjdroute will find any cjdns nodes on your local LAN + without any configuration. + + * Step 3: + Add that somebody's node to your cjdroute.conf file. + https://github.com/cjdelisle/cjdns/#3-connect-your-node-to-your-friends-node + + * Step 4: + Fire it up! + + systemctl start cjdns + + Or if you had already started cjdns: + + systemctl restart cjdns + +For more information about other functions and non-standard setups, see README.md diff -up ./contrib/doc/makekeys.md.man ./contrib/doc/makekeys.md --- ./contrib/doc/makekeys.md.man 2016-05-10 18:55:17.289488599 -0400 +++ ./contrib/doc/makekeys.md 2016-05-10 18:58:51.521907178 -0400 @@ -0,0 +1,24 @@ +makekeys(1) -- write cjdns keys generated via libnacl to stdout +============================================= + +## SYNOPSIS + +`makekeys` + +## DESCRIPTION + +Generates cjdns private keys and writes them to stdout forever with +corresponding IP6 address and public key. Sample: + + 9b5520e11b4e1aac4e54cf8382ca219b6942f75519dbe7cc71fc6c4bb636a2db fca1:43dc:9e20:68dc:df3f:6bf1:fbf9:37ab x70u0x6sfh0yuushlq7wvcdxj8rgb8lvss9t6f42zp60ftq71cm0.k + 579db68cfdeaeda1ff7f365c73e620bedb0f68cb443a0cd7ef6bae16d0e1e12e fc68:b272:3aa3:cb4a:a686:dab0:7df5:2fb5 fmurp2qrb0yqmcjmbjtuhuxuf6v3rgmdn9hgsfh47k20h68y2lz0.k + +##USAGE + +Example use: + + makekeys | head -20 >keys.txt + +## SEE ALSO + +publictoip6(1) diff -up ./contrib/doc/peerStats.md.man ./contrib/doc/peerStats.md --- ./contrib/doc/peerStats.md.man 2016-05-10 18:55:17.289488599 -0400 +++ ./contrib/doc/peerStats.md 2016-05-10 18:55:17.289488599 -0400 @@ -0,0 +1,25 @@ +peerStats(1) -- show cjdns peers +============================================= + +## SYNOPSIS + +`peerStats` + +## DESCRIPTION + +Cjdroute talks to a number of immediate peers configured in +`/etc/cjdroute.conf`. These can be discovered dynamically on local +networks if "beacon" is enabled. Peers are enabled to connect +to cjdroute by adding a login in "authorizedPasswords". Connecting +out to peers is configured in "connectTo" in either the IPv4 or IPv6 section. + +No admin privilege is needed to run peerStats, but it looks in `~/.cjdnsadmin` +for the IP and admin port of cjdroute. + +##FILES + +`~/.cjdnsadmin` + +## SEE ALSO + +cjdroute(1), sessionStats(1) diff -up ./contrib/doc/privatetopublic.md.man ./contrib/doc/privatetopublic.md --- ./contrib/doc/privatetopublic.md.man 2016-05-10 18:55:17.290488610 -0400 +++ ./contrib/doc/privatetopublic.md 2016-05-10 18:55:17.290488610 -0400 @@ -0,0 +1,25 @@ +privatetopublic(8) -- convert cjdns private keys to public keys and IP6 +============================================= + +## SYNOPSIS + +`/usr/libexec/cjdns/privatetopublic` + +## DESCRIPTION + +As private keys are very sensitive, /usr/libexec/cjdns/privatetopublic reads +them from stdin. If your shell, terminal, or other program keeps history, +please avoid `echo 'key' | /usr/libexec/cjdns/privatetopublic`, or similar +constructs. A heredoc is suitable for use in scripts, and will avoid +unwanted revealing of the key in process lists, like so: + + /usr/libexec/cjdns/privatetopublic < + +## DESCRIPTION +Get a cjdns IPv6 address from a public key and write to stdout. +The key should be in Base32 and end in '.k'. + +## SEE ALSO + +randombytes(1) diff -up ./contrib/doc/randombytes.md.man ./contrib/doc/randombytes.md --- ./contrib/doc/randombytes.md.man 2016-05-10 18:55:17.290488610 -0400 +++ ./contrib/doc/randombytes.md 2016-05-10 18:55:17.290488610 -0400 @@ -0,0 +1,16 @@ +randombytes(1) -- write random bytes generated via libnacl to stdout +============================================= + +## SYNOPSIS + +`randombytes` + +## DESCRIPTION + +Writes random bytes to stdout forever using the cryptographically secure +random generator in libnacl. In practice, the output is piped +to a program like dd(1) or base64(1). + +## SEE ALSO + +makekeys(1) diff -up ./contrib/doc/sessionStats.md.man ./contrib/doc/sessionStats.md --- ./contrib/doc/sessionStats.md.man 2016-05-10 18:55:17.290488610 -0400 +++ ./contrib/doc/sessionStats.md 2016-05-10 18:55:17.290488610 -0400 @@ -0,0 +1,39 @@ +sessionStats(1) -- show cjdns crypto sessions +============================================= + +## SYNOPSIS + +`sessionStats` + +## DESCRIPTION + +Cjdroute always talks to other nodes over a "session" similar to +a TLS session. A session is required not only to talk to each peer, +but also when talking to intermediate nodes to ask them about their peers +when planning a route. + +The cjdns protocol offers Perfect Forward Secrecy. Each session has a random +symmetric key that encrypts that session. If a node is compromised, +the attacker can get the session keys and read current and future sessions. +However, the session keys are securely erased when a session is destroyed, +so that past sessions (before the compromise) cannot be read. The lifetime +of a session is somewhat random. Cjdroute caches recently active sessions, +and destroys sessions that have not been used for a while. + +##USAGE + +Running sessionStats requires admin privilege. The cjdnsadmin lib will +try to read `/etc/cjdroute.conf` for the admin password. This will +normally succeed only for root. Otherwise, it tries `~/.cjdnsadmin` + +##FILES + +`~/.cjdnsadmin` +`/etc/cjdroute.conf` + +##BUGS +If you get a TypeError, you probably have the wrong admin password. + +## SEE ALSO + +cjdroute(1), peerStats(1) diff -up ./contrib/doc/sybilsim.md.man ./contrib/doc/sybilsim.md --- ./contrib/doc/sybilsim.md.man 2016-05-10 18:55:17.290488610 -0400 +++ ./contrib/doc/sybilsim.md 2016-05-10 18:55:17.290488610 -0400 @@ -0,0 +1,43 @@ +sybilsim(8) -- Cjdns packet switch +============================================= + +## SYNOPSIS + +`/usr/libexec/cjdns/sybilsim < config.json` + +## DESCRIPTION + +Sybilsim reads a list of nodes and peers from stdin and simulates the +corresponding mesh without any actual networking using the same code +as cjdroute. This is useful for testing and optimizing cjdroute. +Every node must have a valid cjdns private key. The makekeys(1) utility can be +useful for scripts that generate the config. + +##USAGE + +Example config: + + { + "nodes": { + "alice": { + "privateKey": + "5e2295679394e5e1db67c238abbc10292ad9b127904394c52cc5fff39383e920", + "peers": [] + }, + "bob": { + "privateKey": + "6569bf3f0d168faa6dfb2912f8ee5ee9b938319e97618fdf06caed73b1aad1cc", + "peers": [ "alice" ] + } + } + } + +Example use: + + makekeys | head -20 >keys.txt + node /usr/libexec/cjdns/tools/lib/makesim.js keys.txt | + /usr/libexec/cjdns/sybilsim + +## SEE ALSO + +makekeys(1), cjdroute(1) diff -up ./contrib/doc/traceroute.md.man ./contrib/doc/traceroute.md --- ./contrib/doc/traceroute.md.man 2016-05-10 18:55:17.290488610 -0400 +++ ./contrib/doc/traceroute.md 2016-05-10 18:55:17.290488610 -0400 @@ -0,0 +1,33 @@ +cjdns-traceroute(1) -- trace cjdns packet routing +============================================= + +## SYNOPSIS + +`cjdns-traceroute` + +## DESCRIPTION + +Because cjdns is end to end encrypted, the standard traceroute always +shows a direct connection. Cjdns-traceroute queries cjdroute to discover +what route would be used to send a packet to the destination IP. +Note that just as with the standard traceroute, there is no guarantee +that that precise route will actually be used with the next packet. + +Cjdns-traceroute requires admin privilege. The cjdnsadmin lib will +try to read `/etc/cjdroute.conf` for the admin password. This will +normally succeed only for root. Otherwise, it tries `~/.cjdnsadmin` + +##USAGE + +##FILES + +`~/.cjdnsadmin` +`/etc/cjdroute.conf` + +##BUGS +Cjdns-traceroute throws an ugly exception if you forget +to pass an IP or have the wrong admin password. + +## SEE ALSO + +cjdroute(1)