Merge remote-tracking branch 'purple/openssl'

Crypto.cpp

@@ -146,6 +146,10 @@ namespace crypto
 	}
 
 // DH/ElGamal	
+
+	const int ELGAMAL_SHORT_EXPONENT_NUM_BITS = 226;
+	const int ELGAMAL_FULL_EXPONENT_NUM_BITS = 2048;
+
 	#define elgp GetCryptoConstants ().elgp
 	#define elgg GetCryptoConstants ().elgg
 
@@ -169,6 +173,10 @@ namespace crypto
 	{
 		if (m_DH->priv_key)  { BN_free (m_DH->priv_key); m_DH->priv_key = NULL; };
 		if (m_DH->pub_key)  { BN_free (m_DH->pub_key); m_DH->pub_key = NULL; };
+#if !defined(__x86_64__) // use short exponent for non x64
+		m_DH->priv_key = BN_new ();
+		BN_rand (m_DH->priv_key, ELGAMAL_SHORT_EXPONENT_NUM_BITS, 0, 1);	
+#endif
 		DH_generate_key (m_DH);
 		if (priv) bn2buf (m_DH->priv_key, priv, 256);
 		if (pub) bn2buf (m_DH->pub_key, pub, 256);
@@ -200,8 +208,11 @@ namespace crypto
 		ctx = BN_CTX_new ();
 		// select random k
 		BIGNUM * k = BN_new ();
-		BN_rand_range (k, elgp);
-		if (BN_is_zero (k)) BN_one (k);
+#if defined(__x86_64__)
+		BN_rand (k, ELGAMAL_FULL_EXPONENT_NUM_BITS, -1, 1); // full exponent for x64
+#else
+		BN_rand (k, ELGAMAL_SHORT_EXPONENT_NUM_BITS, -1, 1); // short exponent of 226 bits
+#endif
 		// caulculate a
 		a = BN_new ();
 		BN_mod_exp (a, elgg, k, elgp, ctx);
@@ -279,6 +290,14 @@ namespace crypto
 	{
 #if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER)	
 		RAND_bytes (priv, 256);
+#else
+		// lower 226 bits (28 bytes and 2 bits) only. short exponent
+		auto numBytes = (ELGAMAL_SHORT_EXPONENT_NUM_BITS)/8 + 1; // 29
+		auto numZeroBytes = 256 - numBytes;
+		RAND_bytes (priv + numZeroBytes, numBytes);
+		memset (priv, 0, numZeroBytes);
+		priv[numZeroBytes] &= 0x03;
+#endif
 		BN_CTX * ctx = BN_CTX_new ();
 		BIGNUM * p = BN_new ();	
 		BN_bin2bn (priv, 256, p);
@@ -286,11 +305,6 @@ namespace crypto
 		bn2buf (p, pub, 256); 
 		BN_free (p);
 		BN_CTX_free (ctx);
-#else
-		DHKeys dh;
-		dh.GenerateKeys (priv, pub);
-		
-#endif		
 	}
 
 // HMAC

Destination.cpp

@@ -780,5 +780,19 @@ namespace client
 		}
 		LogPrint(eLogError, "Destinations: Can't save keys to ", path);
 	}
+
+	std::vector<std::shared_ptr<const i2p::stream::Stream> > ClientDestination::GetAllStreams () const
+	{
+		std::vector<std::shared_ptr<const i2p::stream::Stream> > ret;
+		if (m_StreamingDestination)
+		{
+			for (auto& it: m_StreamingDestination->GetStreams ())
+				ret.push_back (it.second);
+		}	
+		for (auto& it: m_StreamingDestinationsByPorts)
+			for (auto& it1: it.second->GetStreams ())
+				ret.push_back (it1.second);
+		return ret;
+	}	
 }
 }

Destination.h

@@ -159,6 +159,7 @@ namespace client
 			
 			// for HTTP only
 			int GetNumRemoteLeaseSets () const { return m_RemoteLeaseSets.size (); };
+			std::vector<std::shared_ptr<const i2p::stream::Stream> > GetAllStreams () const;
 	};	
 }	
 }	

HTTPServer.cpp

@@ -609,19 +609,19 @@ namespace util
 			s << "<th>Status</th>";
 			s << "</tr>";
 
-			for (auto it: dest->GetStreamingDestination ()->GetStreams ())
+			for (auto it: dest->GetAllStreams ())
 			{	
 				s << "<tr>";
-				s << "<td>" << it.first << "</td>";
-				s << "<td>" << i2p::client::context.GetAddressBook ().ToAddress(it.second->GetRemoteIdentity ()) << "</td>";
-				s << "<td>" << it.second->GetNumSentBytes () << "</td>";
-				s << "<td>" << it.second->GetNumReceivedBytes () << "</td>";
-				s << "<td>" << it.second->GetSendQueueSize () << "</td>";
-				s << "<td>" << it.second->GetReceiveQueueSize () << "</td>";
-				s << "<td>" << it.second->GetSendBufferSize () << "</td>";
-				s << "<td>" << it.second->GetRTT () << "</td>";
-				s << "<td>" << it.second->GetWindowSize () << "</td>";
-				s << "<td>" << (int)it.second->GetStatus () << "</td>";
+				s << "<td>" << it->GetSendStreamID () << "</td>";
+				s << "<td>" << i2p::client::context.GetAddressBook ().ToAddress(it->GetRemoteIdentity ()) << "</td>";
+				s << "<td>" << it->GetNumSentBytes () << "</td>";
+				s << "<td>" << it->GetNumReceivedBytes () << "</td>";
+				s << "<td>" << it->GetSendQueueSize () << "</td>";
+				s << "<td>" << it->GetReceiveQueueSize () << "</td>";
+				s << "<td>" << it->GetSendBufferSize () << "</td>";
+				s << "<td>" << it->GetRTT () << "</td>";
+				s << "<td>" << it->GetWindowSize () << "</td>";
+				s << "<td>" << (int)it->GetStatus () << "</td>";
 				s << "</tr><br>\r\n" << std::endl; 
 			}
 		}	
@@ -777,20 +777,20 @@ namespace util
 		s << "<b>Client Tunnels:</b><br>\r\n<br>\r\n";
 		for (auto& it: i2p::client::context.GetClientTunnels ())
 		{
-			s << it.second->GetName () << " ⇐ ";
 			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
 			s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION;
 			s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << ident.ToBase32 () << ">"; 
+			s << it.second->GetName () << "</a> ⇐ ";			
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
-			s << "</a><br>\r\n"<< std::endl;
+			s << "<br>\r\n"<< std::endl;
 		}	
 		s << "<br>\r\n<b>Server Tunnels:</b><br>\r\n<br>\r\n";
 		for (auto& it: i2p::client::context.GetServerTunnels ())
 		{
-			s << it.second->GetName () << " ⇒ ";
 			auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
 			s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION;
 			s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << ident.ToBase32 () << ">"; 
+			s << it.second->GetName () << "</a> ⇒ ";
 			s << i2p::client::context.GetAddressBook ().ToAddress(ident);
 			s << ":" << it.second->GetLocalPort ();
 			s << "</a><br>\r\n"<< std::endl;

I2PControl.cpp

@@ -83,6 +83,10 @@ namespace client
 		m_RouterManagerHandlers["Reseed"]           = &I2PControlService::ReseedHandler;
 		m_RouterManagerHandlers["Shutdown"]         = &I2PControlService::ShutdownHandler; 
 		m_RouterManagerHandlers["ShutdownGraceful"] = &I2PControlService::ShutdownGracefulHandler;
+
+		// NetworkSetting
+		m_NetworkSettingHandlers["i2p.router.net.bw.in"]  = &I2PControlService::InboundBandwidthLimit;
+		m_NetworkSettingHandlers["i2p.router.net.bw.out"] = &I2PControlService::OutboundBandwidthLimit;
 	}
 
 	I2PControlService::~I2PControlService ()
@@ -496,6 +500,22 @@ namespace client
 		}
 	}
 
+	void I2PControlService::InboundBandwidthLimit (const std::string& value, std::ostringstream& results)
+	{
+		if (value != "null")
+			i2p::context.SetBandwidth (std::atoi(value.c_str()));
+		int bw = i2p::context.GetBandwidthLimit();
+		InsertParam (results, "i2p.router.net.bw.in", bw);
+	}
+
+	void I2PControlService::OutboundBandwidthLimit (const std::string& value, std::ostringstream& results)
+	{
+		if (value != "null")
+			i2p::context.SetBandwidth (std::atoi(value.c_str()));
+		int bw = i2p::context.GetBandwidthLimit();
+		InsertParam (results, "i2p.router.net.bw.out", bw);
+	}
+
 	// certificate	
 	void I2PControlService::CreateCertificate (const char *crt_path, const char *key_path)
 	{

I2PControl.h

@@ -94,6 +94,8 @@ namespace client
 
 			// NetworkSetting
 			typedef void (I2PControlService::*NetworkSettingRequestHandler)(const std::string& value, std::ostringstream& results);
+			void InboundBandwidthLimit  (const std::string& value, std::ostringstream& results);
+			void OutboundBandwidthLimit (const std::string& value, std::ostringstream& results);
 
 		private:
 

Identity.cpp

@@ -311,18 +311,18 @@ namespace data
 		switch (keyType)
 		{
 			case SIGNING_KEY_TYPE_DSA_SHA1:
-				m_Verifier.reset (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
+				UpdateVerifier (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
 			break;
 			case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
 			{	
 				size_t padding =  128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
-				m_Verifier.reset (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
+				UpdateVerifier (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
 			{	
 				size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
-				m_Verifier.reset (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
+				UpdateVerifier (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
@@ -331,7 +331,7 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto::ECDSAP521Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto::ECDSAP521Verifier (signingKey));
 				break;
 			}		
 			case SIGNING_KEY_TYPE_RSA_SHA256_2048:
@@ -340,7 +340,7 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_RSA_SHA384_3072:
@@ -349,7 +349,7 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_RSA_SHA512_4096:
@@ -358,13 +358,13 @@ namespace data
 				memcpy (signingKey, m_StandardIdentity.signingKey, 128);
 				size_t excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512- 128
 				memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
-				m_Verifier.reset (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
+				UpdateVerifier (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
 				break;
 			}	
 			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
 			{
 				size_t padding =  128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
-				m_Verifier.reset (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
+				UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
 				break;
 			}	
 			default:
@@ -372,6 +372,14 @@ namespace data
 		}			
 	}	
 
+	void IdentityEx::UpdateVerifier (i2p::crypto::Verifier * verifier) const
+	{
+		if (!m_Verifier || !verifier)
+			m_Verifier.reset (verifier);
+		else
+			delete verifier;
+	}	
+		
 	void IdentityEx::DropVerifier () const
 	{
 		// TODO: potential race condition with Verify

Identity.h

@@ -95,6 +95,7 @@ namespace data
 		private:
 
 			void CreateVerifier () const;
+			void UpdateVerifier (i2p::crypto::Verifier * verifier) const;
 			
 		private:
 

RouterContext.cpp

@@ -356,8 +356,10 @@ namespace i2p
 			delete[] buf;
 		}
 
-		i2p::data::RouterInfo routerInfo(i2p::fs::DataDirPath (ROUTER_INFO)); // TODO
 		m_RouterInfo.SetRouterIdentity (GetIdentity ());
+		i2p::data::RouterInfo routerInfo(i2p::fs::DataDirPath (ROUTER_INFO)); 
+		if (!routerInfo.IsUnreachable ()) // router.info looks good
+		{
 			m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
 			m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION);
 			m_RouterInfo.SetProperty ("router.version", I2P_VERSION);
@@ -365,6 +367,12 @@ namespace i2p
 			// Migration to 0.9.24. TODO: remove later
 			m_RouterInfo.DeleteProperty ("coreVersion");
 			m_RouterInfo.DeleteProperty ("stat_uptime");
+		}
+		else
+		{
+			LogPrint (eLogError, ROUTER_INFO, " is malformed. Creating new");
+			NewRouterInfo ();
+		}			
 
 		if (IsUnreachable ())
 			SetReachable (); // we assume reachable until we discover firewall through peer tests

RouterInfo.cpp

@@ -104,6 +104,8 @@ namespace data
 	{
 		if (LoadFile ())
 			ReadFromBuffer (false); 
+		else
+			m_IsUnreachable = true;	
 	}	
 
 	void RouterInfo::ReadFromBuffer (bool verifySignature)
@@ -514,19 +516,20 @@ namespace data
 		m_BufferLen += privateKeys.GetPublic ()->GetSignatureLen ();
 	}	
 
-	void RouterInfo::SaveToFile (const std::string& fullPath)
+	bool RouterInfo::SaveToFile (const std::string& fullPath)
 	{
 		m_FullPath = fullPath;
-		if (m_Buffer)
-		{	
-			std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
-			if (f.is_open ())
-				f.write ((char *)m_Buffer, m_BufferLen);
-			else
-				LogPrint(eLogError, "RouterInfo: Can't save to ", fullPath);
-		}
-		else
+		if (!m_Buffer) {
 			LogPrint (eLogError, "RouterInfo: Can't save, m_Buffer == NULL");
+			return false;
+		}
+		std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
+		if (!f.is_open ()) {
+			LogPrint(eLogError, "RouterInfo: Can't save to ", fullPath);
+			return false;
+		}
+		f.write ((char *)m_Buffer, m_BufferLen);
+		return true;
 	}
 	
 	size_t RouterInfo::ReadString (char * str, std::istream& s)

RouterInfo.h

@@ -161,7 +161,7 @@ namespace data
 
 			bool IsUpdated () const { return m_IsUpdated; };
 			void SetUpdated (bool updated) { m_IsUpdated = updated; }; 
-			void SaveToFile (const std::string& fullPath);
+			bool SaveToFile (const std::string& fullPath);
 
 			std::shared_ptr<RouterProfile> GetProfile () const;
 			void SaveProfile () { if (m_Profile) m_Profile->Save (); };

SAM.cpp

@@ -47,7 +47,7 @@ namespace client
 			break;
 			case eSAMSocketTypeStream:
 			{
-				if (m_Session) {
+				if (m_Session) 
 					m_Session->DelSocket (shared_from_this ());
 				}
 				break;
@@ -67,6 +67,7 @@ namespace client
 		}
 		m_SocketType = eSAMSocketTypeTerminated;
 		if (m_Socket.is_open()) m_Socket.close ();
+		m_Session = nullptr;
 	}
 
 	void SAMSocket::ReceiveHandshake ()
@@ -720,7 +721,7 @@ namespace client
 		m_IsRunning = false;
 		m_Acceptor.cancel ();
 		for (auto it: m_Sessions)
-			delete it.second;
+			it.second->CloseStreams ();
 		m_Sessions.clear ();
 		m_Service.stop ();
 		if (m_Thread)
@@ -774,7 +775,7 @@ namespace client
 			Accept ();
 	}
 
-	SAMSession * SAMBridge::CreateSession (const std::string& id, const std::string& destination, 
+	std::shared_ptr<SAMSession> SAMBridge::CreateSession (const std::string& id, const std::string& destination, 
 		const std::map<std::string, std::string> * params)
 	{
 		std::shared_ptr<ClientDestination> localDestination = nullptr; 
@@ -799,8 +800,9 @@ namespace client
 		}
 		if (localDestination)
 		{
+			auto session = std::make_shared<SAMSession>(localDestination);
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
-			auto ret = m_Sessions.insert (std::pair<std::string, SAMSession *>(id, new SAMSession (localDestination)));
+			auto ret = m_Sessions.insert (std::make_pair(id, session));
 			if (!ret.second)
 				LogPrint (eLogWarning, "SAM: Session ", id, " already exists");
 			return ret.first->second;
@@ -809,20 +811,25 @@ namespace client
 	}
 
 	void SAMBridge::CloseSession (const std::string& id)
+	{
+		std::shared_ptr<SAMSession> session;
 		{
 			std::unique_lock<std::mutex> l(m_SessionsMutex);
 			auto it = m_Sessions.find (id);
 			if (it != m_Sessions.end ())
 			{	
-			auto session = it->second;
+				session = it->second;
+				m_Sessions.erase (it);
+			}	
+		}	
+		if (session)
+		{	
 			session->localDestination->StopAcceptingStreams ();
 			session->CloseStreams ();
-			m_Sessions.erase (it);
-			delete session;
 		}
 	}
 
-	SAMSession * SAMBridge::FindSession (const std::string& id) const
+	std::shared_ptr<SAMSession> SAMBridge::FindSession (const std::string& id) const
 	{
 		std::unique_lock<std::mutex> l(m_SessionsMutex);
 		auto it = m_Sessions.find (id);

SAM.h

@@ -128,7 +128,7 @@ namespace client
 			std::string m_ID; // nickname
 			bool m_IsSilent;
 			std::shared_ptr<i2p::stream::Stream> m_Stream;
-			SAMSession * m_Session;
+			std::shared_ptr<SAMSession> m_Session;
 	};	
 
 	struct SAMSession
@@ -176,10 +176,10 @@ namespace client
 			void Stop ();
 			
 			boost::asio::io_service& GetService () { return m_Service; };
-			SAMSession * CreateSession (const std::string& id, const std::string& destination, // empty string  means transient
+			std::shared_ptr<SAMSession> CreateSession (const std::string& id, const std::string& destination, // empty string  means transient
 				const std::map<std::string, std::string> * params);
 			void CloseSession (const std::string& id);
-			SAMSession * FindSession (const std::string& id) const;
+			std::shared_ptr<SAMSession> FindSession (const std::string& id) const;
 
 		private:
 
@@ -200,7 +200,7 @@ namespace client
 			boost::asio::ip::udp::endpoint m_DatagramEndpoint, m_SenderEndpoint;
 			boost::asio::ip::udp::socket m_DatagramSocket;
 			mutable std::mutex m_SessionsMutex;
-			std::map<std::string, SAMSession *> m_Sessions;
+			std::map<std::string, std::shared_ptr<SAMSession> > m_Sessions;
 			uint8_t m_DatagramReceiveBuffer[i2p::datagram::MAX_DATAGRAM_SIZE+1];
 
 		public:

debian/copyright

@@ -3,9 +3,9 @@ Upstream-Name: i2pd
 Source: https://github.com/PurpleI2P
 
 Files: *
-Copyright: 2013-2015 PurpleI2P
+Copyright: 2013-2016 PurpleI2P
 License: BSD-3-clause
- Copyright (c) 2013-2015, The PurpleI2P Project
+ Copyright (c) 2013-2016, The PurpleI2P Project
  .
  All rights reserved.
  .
@@ -34,7 +34,7 @@ License: BSD-3-clause
  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 Files: debian/*
-Copyright: 2014-2015 hagen <hagen@i2pmail.org>
+Copyright: 2014-2016 hagen <hagen@i2pmail.org>
            2013-2015 Kill Your TV <killyourtv@i2pmail.org>
 License: GPL-2.0+
  This package is free software; you can redistribute it and/or modify

debian/i2pd.1

@@ -5,7 +5,7 @@ i2pd \- Load-balanced unspoofable packet switching network
 
 .SH SYNOPSIS
 .B i2pd
-[\fIOPTION1\fR) [\fIOPTION2\fR]...
+[\fIOPTION1\fR] [\fIOPTION2\fR]...
 
 .SH DESCRIPTION
 i2pd
@@ -18,59 +18,58 @@ network is both distributed and dynamic, with no trusted parties.
 Any of the configuration options below can be used in the \fBDAEMON_ARGS\fR variable in \fI/etc/default/i2pd\fR.
 .BR
 .TP
-\fB\-\-host=\fR
-The external IP (deprecated)
-.TP
-\fB\-\-port=\fR
-The external port to listen on
-.TP
-\fB\-\-httpport=\fR
-The HTTP port to listen on
-.TP
-\fB\-\-log=\fR[\fI1\fR|\fI0\fR]
-.br
-Enable of disable logging to a file. \fI1\fR for yes, \fI0\fR for no. (default: \fI0\fR, off)
-.TP
-\fB\-\-daemon=\fR[\fI1\fR|\fI0\fR]
-Enable or disable daemon mode. Daemon mode is enabled with \fI1\fR  and disabled with \fI0\fR. (default: \fI0\fR, off)
-.TP
-\fB\-\-service=\fR[\fI1\fR|\fI0\fR]
-If enabled, system folders (\fB/var/run/i2pd.pid\fR, \fB/var/log/i2pd.log\fR, \fB/var/lib/i2pd\fR) will be used. If off, \fB$HOME/.i2pd\fR will be used instead. (default: \fI0\fR, off).
-.TP
-\fB\-\-unreachable=\fR[\fI1\fR|\fI0\fR]
-\fI1\fR if router is declared as unreachable and works through introducers. (default: \fI0\fR, off)
-.TP
-\fB\-\-v6=\fR[\fI1\fR|\fI0\fR]
-\fI1\fR if \fBi2pd\fR should communicate via IPv6. (default: \fI0\fR, off)
-.TP
-\fB\-\-floodfill=\fR[\fI1\fR|\fI0\fR]
-\fI1\fR if \fBi2pd\fR should become a floodfill. (default: \fI0\fR, off)
-.TP
-\fB\-\-bandwidth=\fR[\fI1\fR|\fI0\fR]
-\fIL\fR if \fBi2pd\fR should be limited to 32KiB/s. Enabling floodfill will automatically set this to \fI0\fR (default: \fI0\fR, no limit)
-.TP
-\fB\-\-httpproxyport=\fR
-The local port for the HTTP Proxy to listen on (default: \fI4446\fR)
-.TP
-\fB\-\-socksproxyport=\fR
-The local port for the SOCKS proxy to listen on (default: \fI4447\fR)
-.TP
-\fB\-\-proxykeys=\fR
-An optional keys file for tunnel local destination (both HTTP and SOCKS)
-.TP
-\fB\-\-samport=\fR
-Port of SAM bridge. Usually \fI7656\fR. SAM will not be enabled if this is not set. (default: unset)
-.TP
-\fB\-\-bobport=\fR
-Port of BOB command channel. Usually \fI2827\fR. BOB will not be enabled if this is not set. (default: unset)
-.TP
-\fB\-\-i2pcontrolport=\fR
-Port of I2P control service. Usually \fI7650\fR. I2PControl will not be enabled if this is not set. (default: unset)
+\fB\-\-help\fR
+Show available options.
 .TP
 \fB\-\-conf=\fR
 Config file (default: \fI~/.i2pd/i2pd.conf\fR or \fI/var/lib/i2pd/i2pd.conf\fR)
+.BR
 This parameter will be silently ignored if the specified config file does not exist.
 Options specified on the command line take precedence over those in the config file.
+.TP
+\fB\-\-tunconf=\fR
+Tunnels config file (default: \fI~/.i2pd/tunnels.conf\fR or \fI/var/lib/i2pd/tunnels.conf\fR)
+.TP
+\fB\-\-pidfile=\fR
+Where to write pidfile (don\'t write by default)
+.TP
+\fB\-\-log=\fR
+Logs destination: \fIstdout\fR, \fIfile\fR, \fIsyslog\fR (\fIstdout\fR if not set, \fIfile\fR - otherwise, for compatibility)
+.TP
+\fB\-\-loglevel=\fR
+Log messages above this level (\fIdebug\fR, \fBinfo\fR, \fIwarn\fR, \fIerror\fR)
+.TP
+\fB\-\-datadir=\fR
+Path to storage of i2pd data (RI, keys, peer profiles, ...)
+.TP
+\fB\-\-host=\fR
+The external IP address
+.TP
+\fB\-\-port=\fR
+The port to listen on for incoming connections
+.TP
+\fB\-\-daemon\fR
+Router will go to background after start
+.TP
+\fB\-\-service\fR
+Router will use system folders like \fI/var/lib/i2pd\fR
+.TP
+\fB\-\-ipv6\fR
+Enable communication through ipv6. false by default
+.TP
+\fB\-\-notransit\fR
+Router will not accept transit tunnels at startup
+.TP
+\fB\-\-floodfill\fR
+Router will be floodfill
+.TP
+\fB\-\-bandwidth=\fR
+Bandwidth limit: integer in KBps or letter aliases: \fIL (32KBps)\fR, O (256), P (2048), X (>9000)
+.TP
+\fB\-\-family=\fR
+Name of a family, router belongs to.
+.PP
+See service-specific parameters in page \fIdocs/configuration.md\fR or in example config file \fIdocs/i2pd.conf\fR
 
 .SH FILES
 .PP
@@ -82,10 +81,10 @@ i2pd configuration files (when running as a system service)
 .PP
 /var/lib/i2pd/
 .RS 4
-i2pd profile directory (when running as a system service, see \fB\-\-service=\fR above)
+i2pd profile directory (when running as a system service, see \fB\-\-service\fR above)
 .RE
 .PP
-$HOME/.i2pd
+$HOME/.i2pd/
 .RS 4
 i2pd profile directory (when running as a normal user)
 .RE
@@ -95,7 +94,9 @@ i2pd profile directory (when running as a normal user)
 default I2P hosts file
 .SH AUTHOR
 This manual page was written by kytv <killyourtv@i2pmail.org> for the Debian system (but may be used by others).
-.BR
+.PP
+Updated by hagen <hagen@i2pmail.org> in 2016.
+.PP
 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation
 .BR
-On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL
+On Debian systems, the complete text of the GNU General Public License can be found in \fI/usr/share/common-licenses/GPL\fR

debian/i2pd.conf

@@ -1,19 +0,0 @@
-ipv6
-
-[httpproxy]
-address = 127.0.0.1
-port    = 4444
-
-# other services (disabled by default)
-#
-#[sam]
-#address = 127.0.0.1
-#port    = 7656
-#
-#[bob]
-#address = 127.0.0.1
-#port    = 2827
-#
-#[i2pcontrol]
-#address = 127.0.0.1
-#port    = 7650

debian/i2pd.install

@@ -1,5 +1,5 @@
 i2pd usr/sbin/
-debian/i2pd.conf    etc/i2pd/
+docs/i2pd.conf      etc/i2pd/
 debian/tunnels.conf etc/i2pd/
 debian/subscriptions.txt etc/i2pd/
 contrib/certificates/ usr/share/i2pd/

docs/configuration.md

@@ -16,8 +16,8 @@ If you are upgrading your very old router (< 2.3.0) see also [this](config_opts_
 * --logfile=            - Path to logfile (default - autodetect)
 * --loglevel=           - Log messages above this level (debug, *info, warn, error)
 * --datadir=            - Path to storage of i2pd data (RI, keys, peer profiles, ...)
-* --host=               - The external IP
-* --port=               - The port to listen on
+* --host=               - Router external IP for incoming connections
+* --port=               - Port to listen for incoming connections (default: auto)
 * --daemon              - Router will go to background after start
 * --service             - Router will use system folders like '/var/lib/i2pd'
 * --ipv6                - Enable communication through ipv6. false by default

docs/i2pd.conf

@@ -69,8 +69,8 @@ port = 7070
 ## Uncomment and set to 'false' to disable HTTP Proxy
 # enabled = true
 ## Address and port service will listen on
-# address = 127.0.0.1
-# port = 4444
+address = 127.0.0.1
+port = 4444
 ## Optional keys file for proxy local destination
 # keys = http-proxy-keys.dat