Merge remote-tracking branch 'purple/openssl'

2024-09-20 18:20:25 +03:00 · 2016-04-08 09:39:09 -04:00 · 2016-04-08 09:39:09 -04:00 · 05f7578928
commit 05f7578928
parent 9ae9ea18e1 2ebb2d8f0e
19 changed files with 205 additions and 145 deletions
--- a/Crypto.cpp
+++ b/Crypto.cpp
@ -146,6 +146,10 @@ namespace crypto
 	}
 // DH/ElGamal	
 	const int ELGAMAL_SHORT_EXPONENT_NUM_BITS = 226;
 	const int ELGAMAL_FULL_EXPONENT_NUM_BITS = 2048;
 	#define elgp GetCryptoConstants ().elgp
 	#define elgg GetCryptoConstants ().elgg
@ -169,6 +173,10 @@ namespace crypto
 	{
 		if (m_DH->priv_key)  { BN_free (m_DH->priv_key); m_DH->priv_key = NULL; };
 		if (m_DH->pub_key)  { BN_free (m_DH->pub_key); m_DH->pub_key = NULL; };
 #if !defined(__x86_64__) // use short exponent for non x64
 		m_DH->priv_key = BN_new ();
 		BN_rand (m_DH->priv_key, ELGAMAL_SHORT_EXPONENT_NUM_BITS, 0, 1);	
 #endif
 		DH_generate_key (m_DH);
 		if (priv) bn2buf (m_DH->priv_key, priv, 256);
 		if (pub) bn2buf (m_DH->pub_key, pub, 256);
@ -200,8 +208,11 @@ namespace crypto
 		ctx = BN_CTX_new ();
 		// select random k
 		BIGNUM * k = BN_new ();
-		BN_rand_range (k, elgp);
+#if defined(__x86_64__)
-		if (BN_is_zero (k)) BN_one (k);
+		BN_rand (k, ELGAMAL_FULL_EXPONENT_NUM_BITS, -1, 1); // full exponent for x64
 #else
 		BN_rand (k, ELGAMAL_SHORT_EXPONENT_NUM_BITS, -1, 1); // short exponent of 226 bits
 #endif
 		// caulculate a
 		a = BN_new ();
 		BN_mod_exp (a, elgg, k, elgp, ctx);
@ -279,6 +290,14 @@ namespace crypto
 	{
 #if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER)	
 		RAND_bytes (priv, 256);
 #else
 		// lower 226 bits (28 bytes and 2 bits) only. short exponent
 		auto numBytes = (ELGAMAL_SHORT_EXPONENT_NUM_BITS)/8 + 1; // 29
 		auto numZeroBytes = 256 - numBytes;
 		RAND_bytes (priv + numZeroBytes, numBytes);
 		memset (priv, 0, numZeroBytes);
 		priv[numZeroBytes] &= 0x03;
 #endif
 		BN_CTX * ctx = BN_CTX_new ();
 		BIGNUM * p = BN_new ();	
 		BN_bin2bn (priv, 256, p);
@ -286,11 +305,6 @@ namespace crypto
 		bn2buf (p, pub, 256); 
 		BN_free (p);
 		BN_CTX_free (ctx);
 #else
 		DHKeys dh;
 		dh.GenerateKeys (priv, pub);
 #endif		
 	}
 // HMAC
--- a/Destination.cpp
+++ b/Destination.cpp
@ -780,5 +780,19 @@ namespace client
 		}
 		LogPrint(eLogError, "Destinations: Can't save keys to ", path);
 	}
 	std::vector<std::shared_ptr<const i2p::stream::Stream> > ClientDestination::GetAllStreams () const
 	{
 		std::vector<std::shared_ptr<const i2p::stream::Stream> > ret;
 		if (m_StreamingDestination)
 		{
 			for (auto& it: m_StreamingDestination->GetStreams ())
 				ret.push_back (it.second);
 		}	
 		for (auto& it: m_StreamingDestinationsByPorts)
 			for (auto& it1: it.second->GetStreams ())
 				ret.push_back (it1.second);
 		return ret;
 	}	
 }
 }
--- a/Destination.h
+++ b/Destination.h
@ -159,6 +159,7 @@ namespace client
 			// for HTTP only
 			int GetNumRemoteLeaseSets () const { return m_RemoteLeaseSets.size (); };
 			std::vector<std::shared_ptr<const i2p::stream::Stream> > GetAllStreams () const;
 	};	
 }	
 }	
--- a/HTTPServer.cpp
+++ b/HTTPServer.cpp
@ -609,19 +609,19 @@ namespace util
 			s << "<th>Status</th>";
 			s << "</tr>";
-			for (auto it: dest->GetStreamingDestination ()->GetStreams ())
+			for (auto it: dest->GetAllStreams ())
 			{	
 				s << "<tr>";
-				s << "<td>" << it.first << "</td>";
+				s << "<td>" << it->GetSendStreamID () << "</td>";
-				s << "<td>" << i2p::client::context.GetAddressBook ().ToAddress(it.second->GetRemoteIdentity ()) << "</td>";
+				s << "<td>" << i2p::client::context.GetAddressBook ().ToAddress(it->GetRemoteIdentity ()) << "</td>";
-				s << "<td>" << it.second->GetNumSentBytes () << "</td>";
+				s << "<td>" << it->GetNumSentBytes () << "</td>";
-				s << "<td>" << it.second->GetNumReceivedBytes () << "</td>";
+				s << "<td>" << it->GetNumReceivedBytes () << "</td>";
-				s << "<td>" << it.second->GetSendQueueSize () << "</td>";
+				s << "<td>" << it->GetSendQueueSize () << "</td>";
-				s << "<td>" << it.second->GetReceiveQueueSize () << "</td>";
+				s << "<td>" << it->GetReceiveQueueSize () << "</td>";
-				s << "<td>" << it.second->GetSendBufferSize () << "</td>";
+				s << "<td>" << it->GetSendBufferSize () << "</td>";
-				s << "<td>" << it.second->GetRTT () << "</td>";
+				s << "<td>" << it->GetRTT () << "</td>";
-				s << "<td>" << it.second->GetWindowSize () << "</td>";
+				s << "<td>" << it->GetWindowSize () << "</td>";
-				s << "<td>" << (int)it.second->GetStatus () << "</td>";
+				s << "<td>" << (int)it->GetStatus () << "</td>";
 				s << "</tr><br>\r\n" << std::endl; 
 			}
 		}	
@ -777,20 +777,20 @@ namespace util
 		s << "<b>Client Tunnels:</b><br>\r\n<br>\r\n";
 		for (auto& it: i2p::client::context.GetClientTunnels ())
 		{
 			s << it.second->GetName () << " ⇐ ";
 			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
 			s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION;
 			s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << ident.ToBase32 () << ">"; 
 			s << it.second->GetName () << "</a> ⇐ ";			
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
-			s << "</a><br>\r\n"<< std::endl;
+			s << "<br>\r\n"<< std::endl;
 		}	
 		s << "<br>\r\n<b>Server Tunnels:</b><br>\r\n<br>\r\n";
 		for (auto& it: i2p::client::context.GetServerTunnels ())
 		{
 			s << it.second->GetName () << " ⇒ ";
 			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
 			s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION;
 			s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << ident.ToBase32 () << ">"; 
 			s << it.second->GetName () << "</a> ⇒ ";
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 			s << ":" << it.second->GetLocalPort ();
 			s << "</a><br>\r\n"<< std::endl;
--- a/I2PControl.cpp
+++ b/I2PControl.cpp
@ -83,6 +83,10 @@ namespace client
 		m_RouterManagerHandlers["Reseed"]           = &I2PControlService::ReseedHandler;
 		m_RouterManagerHandlers["Shutdown"]         = &I2PControlService::ShutdownHandler; 
 		m_RouterManagerHandlers["ShutdownGraceful"] = &I2PControlService::ShutdownGracefulHandler;
 		// NetworkSetting
 		m_NetworkSettingHandlers["i2p.router.net.bw.in"]  = &I2PControlService::InboundBandwidthLimit;
 		m_NetworkSettingHandlers["i2p.router.net.bw.out"] = &I2PControlService::OutboundBandwidthLimit;
 	}
 	I2PControlService::~I2PControlService ()
@ -496,6 +500,22 @@ namespace client
 		}
 	}
 	void I2PControlService::InboundBandwidthLimit (const std::string& value, std::ostringstream& results)
 	{
 		if (value != "null")
 			i2p::context.SetBandwidth (std::atoi(value.c_str()));
 		int bw = i2p::context.GetBandwidthLimit();
 		InsertParam (results, "i2p.router.net.bw.in", bw);
 	}
 	void I2PControlService::OutboundBandwidthLimit (const std::string& value, std::ostringstream& results)
 	{
 		if (value != "null")
 			i2p::context.SetBandwidth (std::atoi(value.c_str()));
 		int bw = i2p::context.GetBandwidthLimit();
 		InsertParam (results, "i2p.router.net.bw.out", bw);
 	}
 	// certificate	
 	void I2PControlService::CreateCertificate (const char *crt_path, const char *key_path)
 	{
--- a/I2PControl.h
+++ b/I2PControl.h
@ -94,6 +94,8 @@ namespace client
 			// NetworkSetting
 			typedef void (I2PControlService::*NetworkSettingRequestHandler)(const std::string& value, std::ostringstream& results);
 			void InboundBandwidthLimit  (const std::string& value, std::ostringstream& results);
 			void OutboundBandwidthLimit (const std::string& value, std::ostringstream& results);
 		private:
--- a/Identity.cpp
+++ b/Identity.cpp
@ -311,18 +311,18 @@ namespace data
 		switch (keyType)
 		{
 			case SIGNING_KEY_TYPE_DSA_SHA1:
-				m_Verifier.reset (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
+				UpdateVerifier (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
 			break;
 			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
 			{	
 				size_t padding =  128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
-				m_Verifier.reset (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
+				UpdateVerifier (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
 			{	
 				size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
-				m_Verifier.reset (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
+				UpdateVerifier (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
@ -331,7 +331,7 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto::ECDSAP521Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto::ECDSAP521Verifier (signingKey));
 				break;
 			}		
 			case SIGNING_KEY_TYPE_RSA_SHA256_2048:
@ -340,7 +340,7 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
@ -349,7 +349,7 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
@ -358,13 +358,13 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
 			{
 				size_t padding =  128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
-				m_Verifier.reset (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
+				UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
 				break;
 			}	
 			default:
@ -372,6 +372,14 @@ namespace data
 		}			
 	}	
 	void IdentityEx::UpdateVerifier (i2p::crypto::Verifier * verifier) const
 	{
 		if (!m_Verifier || !verifier)
 			m_Verifier.reset (verifier);
 		else
 			delete verifier;
 	}	
 	void IdentityEx::DropVerifier () const
 	{
 		// TODO: potential race condition with Verify
--- a/Identity.h
+++ b/Identity.h
@ -95,6 +95,7 @@ namespace data
 		private:
 			void CreateVerifier () const;
 			void UpdateVerifier (i2p::crypto::Verifier * verifier) const;
 		private:
--- a/RouterContext.cpp
+++ b/RouterContext.cpp
@ -356,8 +356,10 @@ namespace i2p
 			delete[] buf;
 		}
 		i2p::data::RouterInfo routerInfo(i2p::fs::DataDirPath (ROUTER_INFO)); // TODO
 		m_RouterInfo.SetRouterIdentity (GetIdentity ());
 		i2p::data::RouterInfo routerInfo(i2p::fs::DataDirPath (ROUTER_INFO)); 
 		if (!routerInfo.IsUnreachable ()) // router.info looks good
 		{
 			m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
 			m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION);
 			m_RouterInfo.SetProperty ("router.version", I2P_VERSION);
@ -365,6 +367,12 @@ namespace i2p
 			// Migration to 0.9.24. TODO: remove later
 			m_RouterInfo.DeleteProperty ("coreVersion");
 			m_RouterInfo.DeleteProperty ("stat_uptime");
 		}
 		else
 		{
 			LogPrint (eLogError, ROUTER_INFO, " is malformed. Creating new");
 			NewRouterInfo ();
 		}			
 		if (IsUnreachable ())
 			SetReachable (); // we assume reachable until we discover firewall through peer tests
--- a/RouterInfo.cpp
+++ b/RouterInfo.cpp
@ -104,6 +104,8 @@ namespace data
 	{
 		if (LoadFile ())
 			ReadFromBuffer (false); 
 		else
 			m_IsUnreachable = true;	
 	}	
 	void RouterInfo::ReadFromBuffer (bool verifySignature)
@ -514,19 +516,20 @@ namespace data
 		m_BufferLen += privateKeys.GetPublic ()->GetSignatureLen ();
 	}	
-	void RouterInfo::SaveToFile (const std::string& fullPath)
+	bool RouterInfo::SaveToFile (const std::string& fullPath)
 	{
 		m_FullPath = fullPath;
-		if (m_Buffer)
+		if (!m_Buffer) {
 		{	
 			std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
 			if (f.is_open ())
 				f.write ((char *)m_Buffer, m_BufferLen);
 			else
 				LogPrint(eLogError, "RouterInfo: Can't save to ", fullPath);
 		}
 		else
 			LogPrint (eLogError, "RouterInfo: Can't save, m_Buffer == NULL");
 			return false;
 		}
 		std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
 		if (!f.is_open ()) {
 			LogPrint(eLogError, "RouterInfo: Can't save to ", fullPath);
 			return false;
 		}
 		f.write ((char *)m_Buffer, m_BufferLen);
 		return true;
 	}
 	size_t RouterInfo::ReadString (char * str, std::istream& s)
--- a/RouterInfo.h
+++ b/RouterInfo.h
@ -161,7 +161,7 @@ namespace data
 			bool IsUpdated () const { return m_IsUpdated; };
 			void SetUpdated (bool updated) { m_IsUpdated = updated; }; 
-			void SaveToFile (const std::string& fullPath);
+			bool SaveToFile (const std::string& fullPath);
 			std::shared_ptr<RouterProfile> GetProfile () const;
 			void SaveProfile () { if (m_Profile) m_Profile->Save (); };
--- a/SAM.cpp
+++ b/SAM.cpp
@ -47,7 +47,7 @@ namespace client
 			break;
 			case eSAMSocketTypeStream:
 			{
-				if (m_Session) {
+				if (m_Session) 
 					m_Session->DelSocket (shared_from_this ());
 				}
 				break;
@ -67,6 +67,7 @@ namespace client
 		}
 		m_SocketType = eSAMSocketTypeTerminated;
 		if (m_Socket.is_open()) m_Socket.close ();
 		m_Session = nullptr;
 	}
 	void SAMSocket::ReceiveHandshake ()
@ -720,7 +721,7 @@ namespace client
 		m_IsRunning = false;
 		m_Acceptor.cancel ();
 		for (auto it: m_Sessions)
-			delete it.second;
+			it.second->CloseStreams ();
 		m_Sessions.clear ();
 		m_Service.stop ();
 		if (m_Thread)
@ -774,7 +775,7 @@ namespace client
 			Accept ();
 	}
-	SAMSession * SAMBridge::CreateSession (const std::string& id, const std::string& destination, 
+	std::shared_ptr<SAMSession> SAMBridge::CreateSession (const std::string& id, const std::string& destination, 
 		const std::map<std::string, std::string> * params)
 	{
 		std::shared_ptr<ClientDestination> localDestination = nullptr; 
@ -799,8 +800,9 @@ namespace client
 		}
 		if (localDestination)
 		{
 			auto session = std::make_shared<SAMSession>(localDestination);
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
-			auto ret = m_Sessions.insert (std::pair<std::string, SAMSession *>(id, new SAMSession (localDestination)));
+			auto ret = m_Sessions.insert (std::make_pair(id, session));
 			if (!ret.second)
 				LogPrint (eLogWarning, "SAM: Session ", id, " already exists");
 			return ret.first->second;
@ -809,20 +811,25 @@ namespace client
 	}
 	void SAMBridge::CloseSession (const std::string& id)
 	{
 		std::shared_ptr<SAMSession> session;
 		{
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
 			auto it = m_Sessions.find (id);
 			if (it != m_Sessions.end ())
 			{	
-			auto session = it->second;
+				session = it->second;
 				m_Sessions.erase (it);
 			}	
 		}	
 		if (session)
 		{	
 			session->localDestination->StopAcceptingStreams ();
 			session->CloseStreams ();
 			m_Sessions.erase (it);
 			delete session;
 		}
 	}
-	SAMSession * SAMBridge::FindSession (const std::string& id) const
+	std::shared_ptr<SAMSession> SAMBridge::FindSession (const std::string& id) const
 	{
 		std::unique_lock<std::mutex> l(m_SessionsMutex);
 		auto it = m_Sessions.find (id);
--- a/SAM.h
+++ b/SAM.h
@ -128,7 +128,7 @@ namespace client
 			std::string m_ID; // nickname
 			bool m_IsSilent;
 			std::shared_ptr<i2p::stream::Stream> m_Stream;
-			SAMSession * m_Session;
+			std::shared_ptr<SAMSession> m_Session;
 	};	
 	struct SAMSession
@ -176,10 +176,10 @@ namespace client
 			void Stop ();
 			boost::asio::io_service& GetService () { return m_Service; };
-			SAMSession * CreateSession (const std::string& id, const std::string& destination, // empty string  means transient
+			std::shared_ptr<SAMSession> CreateSession (const std::string& id, const std::string& destination, // empty string  means transient
 				const std::map<std::string, std::string> * params);
 			void CloseSession (const std::string& id);
-			SAMSession * FindSession (const std::string& id) const;
+			std::shared_ptr<SAMSession> FindSession (const std::string& id) const;
 		private:
@ -200,7 +200,7 @@ namespace client
 			boost::asio::ip::udp::endpoint m_DatagramEndpoint, m_SenderEndpoint;
 			boost::asio::ip::udp::socket m_DatagramSocket;
 			mutable std::mutex m_SessionsMutex;
-			std::map<std::string, SAMSession *> m_Sessions;
+			std::map<std::string, std::shared_ptr<SAMSession> > m_Sessions;
 			uint8_t m_DatagramReceiveBuffer[i2p::datagram::MAX_DATAGRAM_SIZE+1];
 		public:
--- a/debian/copyright
+++ b/debian/copyright
@ -3,9 +3,9 @@ Upstream-Name: i2pd
 Source: https://github.com/PurpleI2P
 Files: *
-Copyright: 2013-2015 PurpleI2P
+Copyright: 2013-2016 PurpleI2P
 License: BSD-3-clause
- Copyright (c) 2013-2015, The PurpleI2P Project
+ Copyright (c) 2013-2016, The PurpleI2P Project
 .
 All rights reserved.
 .
@ -34,7 +34,7 @@ License: BSD-3-clause
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 Files: debian/*
-Copyright: 2014-2015 hagen <hagen@i2pmail.org>
+Copyright: 2014-2016 hagen <hagen@i2pmail.org>
           2013-2015 Kill Your TV <killyourtv@i2pmail.org>
 License: GPL-2.0+
 This package is free software; you can redistribute it and/or modify
--- a/debian/i2pd.1
+++ b/debian/i2pd.1
@ -5,7 +5,7 @@ i2pd \- Load-balanced unspoofable packet switching network
 .SH SYNOPSIS
 .B i2pd
-[\fIOPTION1\fR) [\fIOPTION2\fR]...
+[\fIOPTION1\fR] [\fIOPTION2\fR]...
 .SH DESCRIPTION
 i2pd
@ -18,59 +18,58 @@ network is both distributed and dynamic, with no trusted parties.
 Any of the configuration options below can be used in the \fBDAEMON_ARGS\fR variable in \fI/etc/default/i2pd\fR.
 .BR
 .TP
-\fB\-\-host=\fR
+\fB\-\-help\fR
-The external IP (deprecated)
+Show available options.
 .TP
 \fB\-\-port=\fR
 The external port to listen on
 .TP
 \fB\-\-httpport=\fR
 The HTTP port to listen on
 .TP
 \fB\-\-log=\fR[\fI1\fR|\fI0\fR]
 .br
 Enable of disable logging to a file. \fI1\fR for yes, \fI0\fR for no. (default: \fI0\fR, off)
 .TP
 \fB\-\-daemon=\fR[\fI1\fR|\fI0\fR]
 Enable or disable daemon mode. Daemon mode is enabled with \fI1\fR  and disabled with \fI0\fR. (default: \fI0\fR, off)
 .TP
 \fB\-\-service=\fR[\fI1\fR|\fI0\fR]
 If enabled, system folders (\fB/var/run/i2pd.pid\fR, \fB/var/log/i2pd.log\fR, \fB/var/lib/i2pd\fR) will be used. If off, \fB$HOME/.i2pd\fR will be used instead. (default: \fI0\fR, off).
 .TP
 \fB\-\-unreachable=\fR[\fI1\fR|\fI0\fR]
 \fI1\fR if router is declared as unreachable and works through introducers. (default: \fI0\fR, off)
 .TP
 \fB\-\-v6=\fR[\fI1\fR|\fI0\fR]
 \fI1\fR if \fBi2pd\fR should communicate via IPv6. (default: \fI0\fR, off)
 .TP
 \fB\-\-floodfill=\fR[\fI1\fR|\fI0\fR]
 \fI1\fR if \fBi2pd\fR should become a floodfill. (default: \fI0\fR, off)
 .TP
 \fB\-\-bandwidth=\fR[\fI1\fR|\fI0\fR]
 \fIL\fR if \fBi2pd\fR should be limited to 32KiB/s. Enabling floodfill will automatically set this to \fI0\fR (default: \fI0\fR, no limit)
 .TP
 \fB\-\-httpproxyport=\fR
 The local port for the HTTP Proxy to listen on (default: \fI4446\fR)
 .TP
 \fB\-\-socksproxyport=\fR
 The local port for the SOCKS proxy to listen on (default: \fI4447\fR)
 .TP
 \fB\-\-proxykeys=\fR
 An optional keys file for tunnel local destination (both HTTP and SOCKS)
 .TP
 \fB\-\-samport=\fR
 Port of SAM bridge. Usually \fI7656\fR. SAM will not be enabled if this is not set. (default: unset)
 .TP
 \fB\-\-bobport=\fR
 Port of BOB command channel. Usually \fI2827\fR. BOB will not be enabled if this is not set. (default: unset)
 .TP
 \fB\-\-i2pcontrolport=\fR
 Port of I2P control service. Usually \fI7650\fR. I2PControl will not be enabled if this is not set. (default: unset)
 .TP
 \fB\-\-conf=\fR
 Config file (default: \fI~/.i2pd/i2pd.conf\fR or \fI/var/lib/i2pd/i2pd.conf\fR)
 .BR
 This parameter will be silently ignored if the specified config file does not exist.
 Options specified on the command line take precedence over those in the config file.
 .TP
 \fB\-\-tunconf=\fR
 Tunnels config file (default: \fI~/.i2pd/tunnels.conf\fR or \fI/var/lib/i2pd/tunnels.conf\fR)
 .TP
 \fB\-\-pidfile=\fR
 Where to write pidfile (don\'t write by default)
 .TP
 \fB\-\-log=\fR
 Logs destination: \fIstdout\fR, \fIfile\fR, \fIsyslog\fR (\fIstdout\fR if not set, \fIfile\fR - otherwise, for compatibility)
 .TP
 \fB\-\-loglevel=\fR
 Log messages above this level (\fIdebug\fR, \fBinfo\fR, \fIwarn\fR, \fIerror\fR)
 .TP
 \fB\-\-datadir=\fR
 Path to storage of i2pd data (RI, keys, peer profiles, ...)
 .TP
 \fB\-\-host=\fR
 The external IP address
 .TP
 \fB\-\-port=\fR
 The port to listen on for incoming connections
 .TP
 \fB\-\-daemon\fR
 Router will go to background after start
 .TP
 \fB\-\-service\fR
 Router will use system folders like \fI/var/lib/i2pd\fR
 .TP
 \fB\-\-ipv6\fR
 Enable communication through ipv6. false by default
 .TP
 \fB\-\-notransit\fR
 Router will not accept transit tunnels at startup
 .TP
 \fB\-\-floodfill\fR
 Router will be floodfill
 .TP
 \fB\-\-bandwidth=\fR
 Bandwidth limit: integer in KBps or letter aliases: \fIL (32KBps)\fR, O (256), P (2048), X (>9000)
 .TP
 \fB\-\-family=\fR
 Name of a family, router belongs to.
 .PP
 See service-specific parameters in page \fIdocs/configuration.md\fR or in example config file \fIdocs/i2pd.conf\fR
 .SH FILES
 .PP
@ -82,10 +81,10 @@ i2pd configuration files (when running as a system service)
 .PP
 /var/lib/i2pd/
 .RS 4
-i2pd profile directory (when running as a system service, see \fB\-\-service=\fR above)
+i2pd profile directory (when running as a system service, see \fB\-\-service\fR above)
 .RE
 .PP
-$HOME/.i2pd
+$HOME/.i2pd/
 .RS 4
 i2pd profile directory (when running as a normal user)
 .RE
@ -95,7 +94,9 @@ i2pd profile directory (when running as a normal user)
 default I2P hosts file
 .SH AUTHOR
 This manual page was written by kytv <killyourtv@i2pmail.org> for the Debian system (but may be used by others).
-.BR
+.PP
 Updated by hagen <hagen@i2pmail.org> in 2016.
 .PP
 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation
 .BR
-On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL
+On Debian systems, the complete text of the GNU General Public License can be found in \fI/usr/share/common-licenses/GPL\fR
--- a/debian/i2pd.conf
+++ b/debian/i2pd.conf
@ -1,19 +0,0 @@
 ipv6
 [httpproxy]
 address = 127.0.0.1
 port    = 4444
 # other services (disabled by default)
 #
 #[sam]
 #address = 127.0.0.1
 #port    = 7656
 #
 #[bob]
 #address = 127.0.0.1
 #port    = 2827
 #
 #[i2pcontrol]
 #address = 127.0.0.1
 #port    = 7650
--- a/debian/i2pd.install
+++ b/debian/i2pd.install
@ -1,5 +1,5 @@
 i2pd usr/sbin/
-debian/i2pd.conf    etc/i2pd/
+docs/i2pd.conf      etc/i2pd/
 debian/tunnels.conf etc/i2pd/
 debian/subscriptions.txt etc/i2pd/
 contrib/certificates/ usr/share/i2pd/
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -16,8 +16,8 @@ If you are upgrading your very old router (< 2.3.0) see also [this](config_opts_
 * --logfile=            - Path to logfile (default - autodetect)
 * --loglevel=           - Log messages above this level (debug, *info, warn, error)
 * --datadir=            - Path to storage of i2pd data (RI, keys, peer profiles, ...)
-* --host=               - The external IP
+* --host=               - Router external IP for incoming connections
-* --port=               - The port to listen on
+* --port=               - Port to listen for incoming connections (default: auto)
 * --daemon              - Router will go to background after start
 * --service             - Router will use system folders like '/var/lib/i2pd'
 * --ipv6                - Enable communication through ipv6. false by default
--- a/docs/i2pd.conf
+++ b/docs/i2pd.conf
@ -69,8 +69,8 @@ port = 7070
 ## Uncomment and set to 'false' to disable HTTP Proxy
 # enabled = true
 ## Address and port service will listen on
-# address = 127.0.0.1
+address = 127.0.0.1
-# port = 4444
+port = 4444
 ## Optional keys file for proxy local destination
 # keys = http-proxy-keys.dat