Browse Source

Merge remote-tracking branch 'purple/openssl'

pull/509/head
Jeff Becker 9 years ago
parent
commit
05f7578928
No known key found for this signature in database
GPG Key ID: AB950234D6EA286B
  1. 28
      Crypto.cpp
  2. 14
      Destination.cpp
  3. 1
      Destination.h
  4. 28
      HTTPServer.cpp
  5. 20
      I2PControl.cpp
  6. 2
      I2PControl.h
  7. 24
      Identity.cpp
  8. 1
      Identity.h
  9. 10
      RouterContext.cpp
  10. 19
      RouterInfo.cpp
  11. 2
      RouterInfo.h
  12. 23
      SAM.cpp
  13. 8
      SAM.h
  14. 6
      debian/copyright
  15. 87
      debian/i2pd.1
  16. 19
      debian/i2pd.conf
  17. 2
      debian/i2pd.install
  18. 4
      docs/configuration.md
  19. 4
      docs/i2pd.conf

28
Crypto.cpp

@ -146,6 +146,10 @@ namespace crypto @@ -146,6 +146,10 @@ namespace crypto
}
// DH/ElGamal
const int ELGAMAL_SHORT_EXPONENT_NUM_BITS = 226;
const int ELGAMAL_FULL_EXPONENT_NUM_BITS = 2048;
#define elgp GetCryptoConstants ().elgp
#define elgg GetCryptoConstants ().elgg
@ -169,6 +173,10 @@ namespace crypto @@ -169,6 +173,10 @@ namespace crypto
{
if (m_DH->priv_key) { BN_free (m_DH->priv_key); m_DH->priv_key = NULL; };
if (m_DH->pub_key) { BN_free (m_DH->pub_key); m_DH->pub_key = NULL; };
#if !defined(__x86_64__) // use short exponent for non x64
m_DH->priv_key = BN_new ();
BN_rand (m_DH->priv_key, ELGAMAL_SHORT_EXPONENT_NUM_BITS, 0, 1);
#endif
DH_generate_key (m_DH);
if (priv) bn2buf (m_DH->priv_key, priv, 256);
if (pub) bn2buf (m_DH->pub_key, pub, 256);
@ -200,8 +208,11 @@ namespace crypto @@ -200,8 +208,11 @@ namespace crypto
ctx = BN_CTX_new ();
// select random k
BIGNUM * k = BN_new ();
BN_rand_range (k, elgp);
if (BN_is_zero (k)) BN_one (k);
#if defined(__x86_64__)
BN_rand (k, ELGAMAL_FULL_EXPONENT_NUM_BITS, -1, 1); // full exponent for x64
#else
BN_rand (k, ELGAMAL_SHORT_EXPONENT_NUM_BITS, -1, 1); // short exponent of 226 bits
#endif
// caulculate a
a = BN_new ();
BN_mod_exp (a, elgg, k, elgp, ctx);
@ -279,6 +290,14 @@ namespace crypto @@ -279,6 +290,14 @@ namespace crypto
{
#if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER)
RAND_bytes (priv, 256);
#else
// lower 226 bits (28 bytes and 2 bits) only. short exponent
auto numBytes = (ELGAMAL_SHORT_EXPONENT_NUM_BITS)/8 + 1; // 29
auto numZeroBytes = 256 - numBytes;
RAND_bytes (priv + numZeroBytes, numBytes);
memset (priv, 0, numZeroBytes);
priv[numZeroBytes] &= 0x03;
#endif
BN_CTX * ctx = BN_CTX_new ();
BIGNUM * p = BN_new ();
BN_bin2bn (priv, 256, p);
@ -286,11 +305,6 @@ namespace crypto @@ -286,11 +305,6 @@ namespace crypto
bn2buf (p, pub, 256);
BN_free (p);
BN_CTX_free (ctx);
#else
DHKeys dh;
dh.GenerateKeys (priv, pub);
#endif
}
// HMAC

14
Destination.cpp

@ -780,5 +780,19 @@ namespace client @@ -780,5 +780,19 @@ namespace client
}
LogPrint(eLogError, "Destinations: Can't save keys to ", path);
}
std::vector<std::shared_ptr<const i2p::stream::Stream> > ClientDestination::GetAllStreams () const
{
std::vector<std::shared_ptr<const i2p::stream::Stream> > ret;
if (m_StreamingDestination)
{
for (auto& it: m_StreamingDestination->GetStreams ())
ret.push_back (it.second);
}
for (auto& it: m_StreamingDestinationsByPorts)
for (auto& it1: it.second->GetStreams ())
ret.push_back (it1.second);
return ret;
}
}
}

1
Destination.h

@ -159,6 +159,7 @@ namespace client @@ -159,6 +159,7 @@ namespace client
// for HTTP only
int GetNumRemoteLeaseSets () const { return m_RemoteLeaseSets.size (); };
std::vector<std::shared_ptr<const i2p::stream::Stream> > GetAllStreams () const;
};
}
}

28
HTTPServer.cpp

@ -609,19 +609,19 @@ namespace util @@ -609,19 +609,19 @@ namespace util
s << "<th>Status</th>";
s << "</tr>";
for (auto it: dest->GetStreamingDestination ()->GetStreams ())
for (auto it: dest->GetAllStreams ())
{
s << "<tr>";
s << "<td>" << it.first << "</td>";
s << "<td>" << i2p::client::context.GetAddressBook ().ToAddress(it.second->GetRemoteIdentity ()) << "</td>";
s << "<td>" << it.second->GetNumSentBytes () << "</td>";
s << "<td>" << it.second->GetNumReceivedBytes () << "</td>";
s << "<td>" << it.second->GetSendQueueSize () << "</td>";
s << "<td>" << it.second->GetReceiveQueueSize () << "</td>";
s << "<td>" << it.second->GetSendBufferSize () << "</td>";
s << "<td>" << it.second->GetRTT () << "</td>";
s << "<td>" << it.second->GetWindowSize () << "</td>";
s << "<td>" << (int)it.second->GetStatus () << "</td>";
s << "<td>" << it->GetSendStreamID () << "</td>";
s << "<td>" << i2p::client::context.GetAddressBook ().ToAddress(it->GetRemoteIdentity ()) << "</td>";
s << "<td>" << it->GetNumSentBytes () << "</td>";
s << "<td>" << it->GetNumReceivedBytes () << "</td>";
s << "<td>" << it->GetSendQueueSize () << "</td>";
s << "<td>" << it->GetReceiveQueueSize () << "</td>";
s << "<td>" << it->GetSendBufferSize () << "</td>";
s << "<td>" << it->GetRTT () << "</td>";
s << "<td>" << it->GetWindowSize () << "</td>";
s << "<td>" << (int)it->GetStatus () << "</td>";
s << "</tr><br>\r\n" << std::endl;
}
}
@ -777,20 +777,20 @@ namespace util @@ -777,20 +777,20 @@ namespace util
s << "<b>Client Tunnels:</b><br>\r\n<br>\r\n";
for (auto& it: i2p::client::context.GetClientTunnels ())
{
s << it.second->GetName () << "";
auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION;
s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << ident.ToBase32 () << ">";
s << it.second->GetName () << "</a> ⇐ ";
s << i2p::client::context.GetAddressBook ().ToAddress(ident);
s << "</a><br>\r\n"<< std::endl;
s << "<br>\r\n"<< std::endl;
}
s << "<br>\r\n<b>Server Tunnels:</b><br>\r\n<br>\r\n";
for (auto& it: i2p::client::context.GetServerTunnels ())
{
s << it.second->GetName () << "";
auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION;
s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << ident.ToBase32 () << ">";
s << it.second->GetName () << "</a> ⇒ ";
s << i2p::client::context.GetAddressBook ().ToAddress(ident);
s << ":" << it.second->GetLocalPort ();
s << "</a><br>\r\n"<< std::endl;

20
I2PControl.cpp

@ -83,6 +83,10 @@ namespace client @@ -83,6 +83,10 @@ namespace client
m_RouterManagerHandlers["Reseed"] = &I2PControlService::ReseedHandler;
m_RouterManagerHandlers["Shutdown"] = &I2PControlService::ShutdownHandler;
m_RouterManagerHandlers["ShutdownGraceful"] = &I2PControlService::ShutdownGracefulHandler;
// NetworkSetting
m_NetworkSettingHandlers["i2p.router.net.bw.in"] = &I2PControlService::InboundBandwidthLimit;
m_NetworkSettingHandlers["i2p.router.net.bw.out"] = &I2PControlService::OutboundBandwidthLimit;
}
I2PControlService::~I2PControlService ()
@ -496,6 +500,22 @@ namespace client @@ -496,6 +500,22 @@ namespace client
}
}
void I2PControlService::InboundBandwidthLimit (const std::string& value, std::ostringstream& results)
{
if (value != "null")
i2p::context.SetBandwidth (std::atoi(value.c_str()));
int bw = i2p::context.GetBandwidthLimit();
InsertParam (results, "i2p.router.net.bw.in", bw);
}
void I2PControlService::OutboundBandwidthLimit (const std::string& value, std::ostringstream& results)
{
if (value != "null")
i2p::context.SetBandwidth (std::atoi(value.c_str()));
int bw = i2p::context.GetBandwidthLimit();
InsertParam (results, "i2p.router.net.bw.out", bw);
}
// certificate
void I2PControlService::CreateCertificate (const char *crt_path, const char *key_path)
{

2
I2PControl.h

@ -94,6 +94,8 @@ namespace client @@ -94,6 +94,8 @@ namespace client
// NetworkSetting
typedef void (I2PControlService::*NetworkSettingRequestHandler)(const std::string& value, std::ostringstream& results);
void InboundBandwidthLimit (const std::string& value, std::ostringstream& results);
void OutboundBandwidthLimit (const std::string& value, std::ostringstream& results);
private:

24
Identity.cpp

@ -311,18 +311,18 @@ namespace data @@ -311,18 +311,18 @@ namespace data
switch (keyType)
{
case SIGNING_KEY_TYPE_DSA_SHA1:
m_Verifier.reset (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
UpdateVerifier (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
break;
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
{
size_t padding = 128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
m_Verifier.reset (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
UpdateVerifier (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
break;
}
case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
{
size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
m_Verifier.reset (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
UpdateVerifier (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
break;
}
case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
@ -331,7 +331,7 @@ namespace data @@ -331,7 +331,7 @@ namespace data
memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
m_Verifier.reset (new i2p::crypto::ECDSAP521Verifier (signingKey));
UpdateVerifier (new i2p::crypto::ECDSAP521Verifier (signingKey));
break;
}
case SIGNING_KEY_TYPE_RSA_SHA256_2048:
@ -340,7 +340,7 @@ namespace data @@ -340,7 +340,7 @@ namespace data
memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
m_Verifier.reset (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
UpdateVerifier (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
break;
}
case SIGNING_KEY_TYPE_RSA_SHA384_3072:
@ -349,7 +349,7 @@ namespace data @@ -349,7 +349,7 @@ namespace data
memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
m_Verifier.reset (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
UpdateVerifier (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
break;
}
case SIGNING_KEY_TYPE_RSA_SHA512_4096:
@ -358,13 +358,13 @@ namespace data @@ -358,13 +358,13 @@ namespace data
memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
m_Verifier.reset (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
UpdateVerifier (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
break;
}
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
{
size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
m_Verifier.reset (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
break;
}
default:
@ -372,6 +372,14 @@ namespace data @@ -372,6 +372,14 @@ namespace data
}
}
void IdentityEx::UpdateVerifier (i2p::crypto::Verifier * verifier) const
{
if (!m_Verifier || !verifier)
m_Verifier.reset (verifier);
else
delete verifier;
}
void IdentityEx::DropVerifier () const
{
// TODO: potential race condition with Verify

1
Identity.h

@ -95,6 +95,7 @@ namespace data @@ -95,6 +95,7 @@ namespace data
private:
void CreateVerifier () const;
void UpdateVerifier (i2p::crypto::Verifier * verifier) const;
private:

10
RouterContext.cpp

@ -356,8 +356,10 @@ namespace i2p @@ -356,8 +356,10 @@ namespace i2p
delete[] buf;
}
i2p::data::RouterInfo routerInfo(i2p::fs::DataDirPath (ROUTER_INFO)); // TODO
m_RouterInfo.SetRouterIdentity (GetIdentity ());
i2p::data::RouterInfo routerInfo(i2p::fs::DataDirPath (ROUTER_INFO));
if (!routerInfo.IsUnreachable ()) // router.info looks good
{
m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION);
m_RouterInfo.SetProperty ("router.version", I2P_VERSION);
@ -365,6 +367,12 @@ namespace i2p @@ -365,6 +367,12 @@ namespace i2p
// Migration to 0.9.24. TODO: remove later
m_RouterInfo.DeleteProperty ("coreVersion");
m_RouterInfo.DeleteProperty ("stat_uptime");
}
else
{
LogPrint (eLogError, ROUTER_INFO, " is malformed. Creating new");
NewRouterInfo ();
}
if (IsUnreachable ())
SetReachable (); // we assume reachable until we discover firewall through peer tests

19
RouterInfo.cpp

@ -104,6 +104,8 @@ namespace data @@ -104,6 +104,8 @@ namespace data
{
if (LoadFile ())
ReadFromBuffer (false);
else
m_IsUnreachable = true;
}
void RouterInfo::ReadFromBuffer (bool verifySignature)
@ -514,19 +516,20 @@ namespace data @@ -514,19 +516,20 @@ namespace data
m_BufferLen += privateKeys.GetPublic ()->GetSignatureLen ();
}
void RouterInfo::SaveToFile (const std::string& fullPath)
bool RouterInfo::SaveToFile (const std::string& fullPath)
{
m_FullPath = fullPath;
if (m_Buffer)
{
if (!m_Buffer) {
LogPrint (eLogError, "RouterInfo: Can't save, m_Buffer == NULL");
return false;
}
std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
if (f.is_open ())
f.write ((char *)m_Buffer, m_BufferLen);
else
if (!f.is_open ()) {
LogPrint(eLogError, "RouterInfo: Can't save to ", fullPath);
return false;
}
else
LogPrint (eLogError, "RouterInfo: Can't save, m_Buffer == NULL");
f.write ((char *)m_Buffer, m_BufferLen);
return true;
}
size_t RouterInfo::ReadString (char * str, std::istream& s)

2
RouterInfo.h

@ -161,7 +161,7 @@ namespace data @@ -161,7 +161,7 @@ namespace data
bool IsUpdated () const { return m_IsUpdated; };
void SetUpdated (bool updated) { m_IsUpdated = updated; };
void SaveToFile (const std::string& fullPath);
bool SaveToFile (const std::string& fullPath);
std::shared_ptr<RouterProfile> GetProfile () const;
void SaveProfile () { if (m_Profile) m_Profile->Save (); };

23
SAM.cpp

@ -47,7 +47,7 @@ namespace client @@ -47,7 +47,7 @@ namespace client
break;
case eSAMSocketTypeStream:
{
if (m_Session) {
if (m_Session)
m_Session->DelSocket (shared_from_this ());
}
break;
@ -67,6 +67,7 @@ namespace client @@ -67,6 +67,7 @@ namespace client
}
m_SocketType = eSAMSocketTypeTerminated;
if (m_Socket.is_open()) m_Socket.close ();
m_Session = nullptr;
}
void SAMSocket::ReceiveHandshake ()
@ -720,7 +721,7 @@ namespace client @@ -720,7 +721,7 @@ namespace client
m_IsRunning = false;
m_Acceptor.cancel ();
for (auto it: m_Sessions)
delete it.second;
it.second->CloseStreams ();
m_Sessions.clear ();
m_Service.stop ();
if (m_Thread)
@ -774,7 +775,7 @@ namespace client @@ -774,7 +775,7 @@ namespace client
Accept ();
}
SAMSession * SAMBridge::CreateSession (const std::string& id, const std::string& destination,
std::shared_ptr<SAMSession> SAMBridge::CreateSession (const std::string& id, const std::string& destination,
const std::map<std::string, std::string> * params)
{
std::shared_ptr<ClientDestination> localDestination = nullptr;
@ -799,8 +800,9 @@ namespace client @@ -799,8 +800,9 @@ namespace client
}
if (localDestination)
{
auto session = std::make_shared<SAMSession>(localDestination);
std::unique_lock<std::mutex> l(m_SessionsMutex);
auto ret = m_Sessions.insert (std::pair<std::string, SAMSession *>(id, new SAMSession (localDestination)));
auto ret = m_Sessions.insert (std::make_pair(id, session));
if (!ret.second)
LogPrint (eLogWarning, "SAM: Session ", id, " already exists");
return ret.first->second;
@ -809,20 +811,25 @@ namespace client @@ -809,20 +811,25 @@ namespace client
}
void SAMBridge::CloseSession (const std::string& id)
{
std::shared_ptr<SAMSession> session;
{
std::unique_lock<std::mutex> l(m_SessionsMutex);
auto it = m_Sessions.find (id);
if (it != m_Sessions.end ())
{
auto session = it->second;
session = it->second;
m_Sessions.erase (it);
}
}
if (session)
{
session->localDestination->StopAcceptingStreams ();
session->CloseStreams ();
m_Sessions.erase (it);
delete session;
}
}
SAMSession * SAMBridge::FindSession (const std::string& id) const
std::shared_ptr<SAMSession> SAMBridge::FindSession (const std::string& id) const
{
std::unique_lock<std::mutex> l(m_SessionsMutex);
auto it = m_Sessions.find (id);

8
SAM.h

@ -128,7 +128,7 @@ namespace client @@ -128,7 +128,7 @@ namespace client
std::string m_ID; // nickname
bool m_IsSilent;
std::shared_ptr<i2p::stream::Stream> m_Stream;
SAMSession * m_Session;
std::shared_ptr<SAMSession> m_Session;
};
struct SAMSession
@ -176,10 +176,10 @@ namespace client @@ -176,10 +176,10 @@ namespace client
void Stop ();
boost::asio::io_service& GetService () { return m_Service; };
SAMSession * CreateSession (const std::string& id, const std::string& destination, // empty string means transient
std::shared_ptr<SAMSession> CreateSession (const std::string& id, const std::string& destination, // empty string means transient
const std::map<std::string, std::string> * params);
void CloseSession (const std::string& id);
SAMSession * FindSession (const std::string& id) const;
std::shared_ptr<SAMSession> FindSession (const std::string& id) const;
private:
@ -200,7 +200,7 @@ namespace client @@ -200,7 +200,7 @@ namespace client
boost::asio::ip::udp::endpoint m_DatagramEndpoint, m_SenderEndpoint;
boost::asio::ip::udp::socket m_DatagramSocket;
mutable std::mutex m_SessionsMutex;
std::map<std::string, SAMSession *> m_Sessions;
std::map<std::string, std::shared_ptr<SAMSession> > m_Sessions;
uint8_t m_DatagramReceiveBuffer[i2p::datagram::MAX_DATAGRAM_SIZE+1];
public:

6
debian/copyright vendored

@ -3,9 +3,9 @@ Upstream-Name: i2pd @@ -3,9 +3,9 @@ Upstream-Name: i2pd
Source: https://github.com/PurpleI2P
Files: *
Copyright: 2013-2015 PurpleI2P
Copyright: 2013-2016 PurpleI2P
License: BSD-3-clause
Copyright (c) 2013-2015, The PurpleI2P Project
Copyright (c) 2013-2016, The PurpleI2P Project
.
All rights reserved.
.
@ -34,7 +34,7 @@ License: BSD-3-clause @@ -34,7 +34,7 @@ License: BSD-3-clause
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Files: debian/*
Copyright: 2014-2015 hagen <hagen@i2pmail.org>
Copyright: 2014-2016 hagen <hagen@i2pmail.org>
2013-2015 Kill Your TV <killyourtv@i2pmail.org>
License: GPL-2.0+
This package is free software; you can redistribute it and/or modify

87
debian/i2pd.1 vendored

@ -5,7 +5,7 @@ i2pd \- Load-balanced unspoofable packet switching network @@ -5,7 +5,7 @@ i2pd \- Load-balanced unspoofable packet switching network
.SH SYNOPSIS
.B i2pd
[\fIOPTION1\fR) [\fIOPTION2\fR]...
[\fIOPTION1\fR] [\fIOPTION2\fR]...
.SH DESCRIPTION
i2pd
@ -18,59 +18,58 @@ network is both distributed and dynamic, with no trusted parties. @@ -18,59 +18,58 @@ network is both distributed and dynamic, with no trusted parties.
Any of the configuration options below can be used in the \fBDAEMON_ARGS\fR variable in \fI/etc/default/i2pd\fR.
.BR
.TP
\fB\-\-host=\fR
The external IP (deprecated)
.TP
\fB\-\-port=\fR
The external port to listen on
\fB\-\-help\fR
Show available options.
.TP
\fB\-\-httpport=\fR
The HTTP port to listen on
\fB\-\-conf=\fR
Config file (default: \fI~/.i2pd/i2pd.conf\fR or \fI/var/lib/i2pd/i2pd.conf\fR)
.BR
This parameter will be silently ignored if the specified config file does not exist.
Options specified on the command line take precedence over those in the config file.
.TP
\fB\-\-log=\fR[\fI1\fR|\fI0\fR]
.br
Enable of disable logging to a file. \fI1\fR for yes, \fI0\fR for no. (default: \fI0\fR, off)
\fB\-\-tunconf=\fR
Tunnels config file (default: \fI~/.i2pd/tunnels.conf\fR or \fI/var/lib/i2pd/tunnels.conf\fR)
.TP
\fB\-\-daemon=\fR[\fI1\fR|\fI0\fR]
Enable or disable daemon mode. Daemon mode is enabled with \fI1\fR and disabled with \fI0\fR. (default: \fI0\fR, off)
\fB\-\-pidfile=\fR
Where to write pidfile (don\'t write by default)
.TP
\fB\-\-service=\fR[\fI1\fR|\fI0\fR]
If enabled, system folders (\fB/var/run/i2pd.pid\fR, \fB/var/log/i2pd.log\fR, \fB/var/lib/i2pd\fR) will be used. If off, \fB$HOME/.i2pd\fR will be used instead. (default: \fI0\fR, off).
\fB\-\-log=\fR
Logs destination: \fIstdout\fR, \fIfile\fR, \fIsyslog\fR (\fIstdout\fR if not set, \fIfile\fR - otherwise, for compatibility)
.TP
\fB\-\-unreachable=\fR[\fI1\fR|\fI0\fR]
\fI1\fR if router is declared as unreachable and works through introducers. (default: \fI0\fR, off)
\fB\-\-loglevel=\fR
Log messages above this level (\fIdebug\fR, \fBinfo\fR, \fIwarn\fR, \fIerror\fR)
.TP
\fB\-\-v6=\fR[\fI1\fR|\fI0\fR]
\fI1\fR if \fBi2pd\fR should communicate via IPv6. (default: \fI0\fR, off)
\fB\-\-datadir=\fR
Path to storage of i2pd data (RI, keys, peer profiles, ...)
.TP
\fB\-\-floodfill=\fR[\fI1\fR|\fI0\fR]
\fI1\fR if \fBi2pd\fR should become a floodfill. (default: \fI0\fR, off)
\fB\-\-host=\fR
The external IP address
.TP
\fB\-\-bandwidth=\fR[\fI1\fR|\fI0\fR]
\fIL\fR if \fBi2pd\fR should be limited to 32KiB/s. Enabling floodfill will automatically set this to \fI0\fR (default: \fI0\fR, no limit)
\fB\-\-port=\fR
The port to listen on for incoming connections
.TP
\fB\-\-httpproxyport=\fR
The local port for the HTTP Proxy to listen on (default: \fI4446\fR)
\fB\-\-daemon\fR
Router will go to background after start
.TP
\fB\-\-socksproxyport=\fR
The local port for the SOCKS proxy to listen on (default: \fI4447\fR)
\fB\-\-service\fR
Router will use system folders like \fI/var/lib/i2pd\fR
.TP
\fB\-\-proxykeys=\fR
An optional keys file for tunnel local destination (both HTTP and SOCKS)
\fB\-\-ipv6\fR
Enable communication through ipv6. false by default
.TP
\fB\-\-samport=\fR
Port of SAM bridge. Usually \fI7656\fR. SAM will not be enabled if this is not set. (default: unset)
\fB\-\-notransit\fR
Router will not accept transit tunnels at startup
.TP
\fB\-\-bobport=\fR
Port of BOB command channel. Usually \fI2827\fR. BOB will not be enabled if this is not set. (default: unset)
\fB\-\-floodfill\fR
Router will be floodfill
.TP
\fB\-\-i2pcontrolport=\fR
Port of I2P control service. Usually \fI7650\fR. I2PControl will not be enabled if this is not set. (default: unset)
\fB\-\-bandwidth=\fR
Bandwidth limit: integer in KBps or letter aliases: \fIL (32KBps)\fR, O (256), P (2048), X (>9000)
.TP
\fB\-\-conf=\fR
Config file (default: \fI~/.i2pd/i2pd.conf\fR or \fI/var/lib/i2pd/i2pd.conf\fR)
This parameter will be silently ignored if the specified config file does not exist.
Options specified on the command line take precedence over those in the config file.
\fB\-\-family=\fR
Name of a family, router belongs to.
.PP
See service-specific parameters in page \fIdocs/configuration.md\fR or in example config file \fIdocs/i2pd.conf\fR
.SH FILES
.PP
@ -82,10 +81,10 @@ i2pd configuration files (when running as a system service) @@ -82,10 +81,10 @@ i2pd configuration files (when running as a system service)
.PP
/var/lib/i2pd/
.RS 4
i2pd profile directory (when running as a system service, see \fB\-\-service=\fR above)
i2pd profile directory (when running as a system service, see \fB\-\-service\fR above)
.RE
.PP
$HOME/.i2pd
$HOME/.i2pd/
.RS 4
i2pd profile directory (when running as a normal user)
.RE
@ -95,7 +94,9 @@ i2pd profile directory (when running as a normal user) @@ -95,7 +94,9 @@ i2pd profile directory (when running as a normal user)
default I2P hosts file
.SH AUTHOR
This manual page was written by kytv <killyourtv@i2pmail.org> for the Debian system (but may be used by others).
.BR
.PP
Updated by hagen <hagen@i2pmail.org> in 2016.
.PP
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation
.BR
On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL
On Debian systems, the complete text of the GNU General Public License can be found in \fI/usr/share/common-licenses/GPL\fR

19
debian/i2pd.conf vendored

@ -1,19 +0,0 @@ @@ -1,19 +0,0 @@
ipv6
[httpproxy]
address = 127.0.0.1
port = 4444
# other services (disabled by default)
#
#[sam]
#address = 127.0.0.1
#port = 7656
#
#[bob]
#address = 127.0.0.1
#port = 2827
#
#[i2pcontrol]
#address = 127.0.0.1
#port = 7650

2
debian/i2pd.install vendored

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
i2pd usr/sbin/
debian/i2pd.conf etc/i2pd/
docs/i2pd.conf etc/i2pd/
debian/tunnels.conf etc/i2pd/
debian/subscriptions.txt etc/i2pd/
contrib/certificates/ usr/share/i2pd/

4
docs/configuration.md

@ -16,8 +16,8 @@ If you are upgrading your very old router (< 2.3.0) see also [this](config_opts_ @@ -16,8 +16,8 @@ If you are upgrading your very old router (< 2.3.0) see also [this](config_opts_
* --logfile= - Path to logfile (default - autodetect)
* --loglevel= - Log messages above this level (debug, *info, warn, error)
* --datadir= - Path to storage of i2pd data (RI, keys, peer profiles, ...)
* --host= - The external IP
* --port= - The port to listen on
* --host= - Router external IP for incoming connections
* --port= - Port to listen for incoming connections (default: auto)
* --daemon - Router will go to background after start
* --service - Router will use system folders like '/var/lib/i2pd'
* --ipv6 - Enable communication through ipv6. false by default

4
docs/i2pd.conf

@ -69,8 +69,8 @@ port = 7070 @@ -69,8 +69,8 @@ port = 7070
## Uncomment and set to 'false' to disable HTTP Proxy
# enabled = true
## Address and port service will listen on
# address = 127.0.0.1
# port = 4444
address = 127.0.0.1
port = 4444
## Optional keys file for proxy local destination
# keys = http-proxy-keys.dat

Loading…
Cancel
Save