4 Nearly all commands have the following common options:
8 Path to configuration file. May be overridden by @env{NNCPCFG}
9 environment variable. If file file is an encrypted @ref{EBlob,
10 eblob}, then ask for passphrase to decrypt it first.
12 Print debug messages. Normally this option should not be used.
15 Minimal required resulting packet size, in KiBs. For example if you
16 send 2 KiB file and set @option{-minsize 4}, then resulting packet
17 will be 4 KiB (containing file itself and some junk).
19 Set desired outgoing packet @ref{Niceness, niceness level}.
20 1-255 values are allowed.
22 Process only single specified node.
24 Override @ref{CfgVia, via} configuration option for destination node.
25 Specified nodes must be separated with comma: @verb{|NODE1,NODE2|}.
27 Override path to spool directory. May be specified by
28 @env{NNCPSPOOL} environment variable.
30 Override path to logfile. May be specified by @env{NNCPLOG}
33 Print only errors, omit simple informational messages. In any case
34 those messages are logged, so you can reread them using
35 @ref{nncp-log} command.
37 Print version information.
39 Print warranty information (no warranty).
46 % nncp-bundle [options] -tx [-delete] NODE [NODE ...] > ...
47 % nncp-bundle [options] -rx -delete [-dryrun] [NODE ...] < ...
48 % nncp-bundle [options] -rx [-check] [-dryrun] [NODE ...] < ...
51 With @option{-tx} option, this command creates @ref{Bundles, bundle} of
52 @ref{Encrypted, encrypted packets} from the spool directory and writes
55 With @option{-rx} option, this command takes bundle from stdin and
56 copies all found packets for our node to the spool directory. Pay
57 attention that @strong{no} integrity checking is done by default. Modern
58 tape drives could easily provide too much throughput your CPU won't be
59 able to verify on the fly. So if you won't @ref{nncp-toss, toss}
60 received packets at the place, it is advisable either to run
61 @ref{nncp-check} utility for packets integrity verification, or to use
62 @option{-check} option to enable on the fly integrity check.
64 You can specify multiple @option{NODE} arguments, telling for what nodes
65 you want to create the stream, or take it from. If no nodes are
66 specified for @option{-rx} mode, then all packets aimed at us will be
69 When packets are sent through the stream, they are still kept in the
70 spool directory, because there is no assurance that they are transferred
71 to the media (media (CD-ROM, tape drive, raw hard drive) can end). If
72 you want to forcefully delete them (after they are successfully flushed
73 to stdout) anyway, use @option{-delete} option.
75 But you can verify produced stream after, by digesting it by yourself
76 with @option{-rx} and @option{-delete} options -- in that mode, stream
77 packets integrity will be checked and they will be deleted from the
78 spool if everything is good. So it is advisable to recheck your streams:
81 % nncp-bundle -tx ALICE BOB WHATEVER | cdrecord -tao -
82 % dd if=/dev/cd0 bs=2048 | nncp-bundle -rx -delete
85 @option{-dryrun} option prevents any writing to the spool. This is
86 useful when you need to see what packets will pass by and possibly check
93 % nncp-call [options] [-onlinedeadline INT] [-maxonlinetime INT] [-rx|-tx]
94 NODE[:ADDR] [FORCEADDR]
97 Call (connect to) specified @option{NODE} and run @ref{Sync,
98 synchronization} protocol with the @ref{nncp-daemon, daemon} on the
99 remote side. Normally this command could be run any time you wish to
100 either check for incoming packets, or to send out queued ones.
101 Synchronization protocol allows resuming and bidirectional packets
104 If @option{-rx} option is specified then only inbound packets
105 transmission is performed. If @option{-tx} option is specified, then
106 only outbound transmission is performed. @option{-onlinedeadline}
107 overrides @ref{CfgOnlineDeadline, @emph{onlinedeadline}}.
108 @option{-maxonlinetime} overrides @ref{CfgMaxOnlineTime,
109 @emph{maxonlinetime}}.
115 % nncp-caller [options] [NODE ...]
118 Croned daemon that calls remote nodes from time to time, according to
119 their @ref{CfgCalls, @emph{calls}} configuration field.
121 Optional number of @option{NODE}s tells to ignore other ones.
122 Otherwise all nodes with specified @emph{calls} configuration
123 field will be called.
125 @option{-onlinedeadline} overrides @ref{CfgOnlineDeadline,
126 @emph{onlinedeadline}} configuration option.
128 Each @option{NODE} can contain several uniquely identified
129 @option{ADDR}esses in @ref{CfgAddrs, configuration} file. If you do
130 not specify the exact one, then all will be tried until the first
131 success. Optionally you can force @option{FORCEADDR} address usage,
132 instead of addresses taken from configuration file.
134 Pay attention that this command runs integrity check for each completely
135 received packet in the background. This can be time consuming.
136 Connection could be lost during that check and remote node won't be
137 notified that file is done. But after successful integrity check that
138 file is renamed from @file{.part} one and when you rerun
139 @command{nncp-call} again, remote node will receive completion
146 % nncp-cfgmin [options] [-s INT] [-t INT] [-p INT] cfg.yaml > cfg.yaml.eblob
147 % nncp-cfgmin [options] -d cfg.yaml.eblob > cfg.yaml
150 This command allows you to encrypt provided @file{cfg.yaml} file with
151 the passphrase, producing @ref{EBlob, eblob}, to safely keep your
152 configuration file with private keys. This utility was written for users
153 who do not want (or can not) to use either @url{https://gnupg.org/,
154 GnuPG} or similar tools. That @file{eblob} file can be used directly in
155 @option{-cfg} option of nearly all commands.
157 @option{-s}, @option{-t}, @option{-p} are used to tune @file{eblob}'s
158 password strengthening function. Space memory cost (@option{-s}),
159 specified in number of BLAKE2b-256 blocks (32 bytes), tells how many
160 memory must be used for hashing -- bigger values are better, but slower.
161 Time cost (@option{-t}) tells how many rounds/iterations must be
162 performed -- bigger is better, but slower. Number of parallel jobs
163 (@option{-p}) tells how many computation processes will be run: this is
164 the same as running that number of independent hashers and then joining
165 their result together.
167 When invoked for encryption, passphrase is entered manually twice. When
168 invoked for decryption (@option{-d} option), it is asked once and exits
169 if passphrase can not decrypt @file{eblob}.
171 @option{-dump} options parses @file{eblob} and prints parameters used
172 during its creation. For example:
174 % nncp-cfgenc -dump /usr/local/etc/nncp.yaml.eblob
175 Strengthening function: Balloon with BLAKE2b-256
176 Memory space cost: 1048576 bytes
178 Number of parallel jobs: 2
186 % nncp-cfgmin [options] > stripped.yaml
189 Print out stripped configuration version: only path to @ref{Spool,
190 spool}, path to log file, neighbours public keys are stayed. This is
191 useful mainly for usage with @ref{nncp-xfer} that has to know only
192 neighbours, without private keys involving.
198 % nncp-cfgnew [options] > new.yaml
201 Generate new node configuration: private keys, example configuration
202 file and print it to stdout. You must use this command when you setup
205 Pay attention that private keys generation consumes an entropy from your
212 % nncp-check [options]
215 Perform @ref{Spool, spool} directory integrity check. Read all files
216 that has Base32-encoded filenames and compare it with recalculated
217 BLAKE2b hash output of their contents. That supplementary command is
218 not used often in practice, if ever.
224 % nncp-daemon [options] [-maxconn INT] [-bind ADDR]
227 Start listening TCP daemon, wait for incoming connections and run
228 @ref{Sync, synchronization protocol} with each of them. You can run
229 @ref{nncp-toss} utility in background to process inbound packets from
232 @option{-maxconn} option specifies how many simultaneous clients daemon
233 can handle. @option{-bind} option specifies @option{addr:port} it must
240 % nncp-file [options] [-chunked INT] SRC NODE:[DST]
243 Send @file{SRC} file to remote @option{NODE}. @file{DST} specifies
244 destination file name in remote's @ref{CfgIncoming, incoming}
245 directory. If this file already exists there, then counter will be
248 This command queues file in @ref{Spool, spool} directory immediately
249 (through the temporary file of course) -- so pay attention that sending
250 2 GiB file will create 2 GiB outbound encrypted packet.
252 If @file{SRC} equals to @file{-}, then create an encrypted temporary
253 file and copy everything taken from stdin to it and use for outbound
254 packet creation. Pay attention that if you want to send 1 GiB of data
255 taken from stdin, then you have to have 2 GiB of disk space for that
256 temporary file and resulting encrypted packet. You can control where
257 temporary file will be stored using @env{TMPDIR} environment variable.
258 Encryption is performed with @url{https://cr.yp.to/chacha.html,
259 ChaCha20} algorithm. Data is splitted on 128 KiB blocks. Each block is
260 encrypted with increasing nonce counter.
262 If @option{-chunked} is specified, then source file will be split
263 @ref{Chunked, on chunks}. @option{INT} is the desired chunk size in
264 KiBs. This mode is more CPU hungry. Pay attention that chunk is saved in
265 spool directory immediately and it is not deleted if any error occurs.
266 @option{-minsize} option is applied per each chunk. Do not forget about
267 @ref{ChunkedZFS, possible} ZFS deduplication issues.
269 If @ref{CfgNotify, notification} is enabled on the remote side for
270 file transmissions, then it will sent simple letter after successful
277 % nncp-freq [options] NODE:SRC [DST]
280 Send file request to @option{NODE}, asking it to send its @file{SRC}
281 file from @ref{CfgFreq, freq} directory to our node under @file{DST}
282 filename in our @ref{CfgIncoming, incoming} one. If @file{DST} is not
283 specified, then last element of @file{SRC} will be used.
285 If @ref{CfgNotify, notification} is enabled on the remote side for
286 file request, then it will sent simple letter after successful file
296 Parse @ref{Log, log} file and print out its records in human-readable form.
302 % nncp-mail [options] NODE USER ...
305 Send mail, that is read from stdin, to @option{NODE} and specified
306 @option{USER}s. Mail message will be compressed. After receiving, remote
307 side will execute specified @ref{CfgSendmail, sendmail} command with
308 @option{USER}s appended as a command line argument and feed decompressed
309 mail body to that command's stdin.
315 % nncp-pkt [options] < pkt
316 % nncp-pkt [options] [-decompress] -dump < pkt > payload
319 Low level packet parser. Normally it should not be used, but can help in
322 By default it will print packet's type, for example:
324 Packet type: encrypted
326 Sender: 2WHBV3TPZHDOZGUJEH563ZEK7M33J4UESRFO4PDKWD5KZNPROABQ
329 If you specify @option{-dump} option and provide an @ref{Encrypted,
330 encrypted} packet, then it will verify and decrypt it to stdout.
331 Encrypted packets contain @ref{Plain, plain} ones, that also can be fed
332 to @command{nncp-pkt}:
336 Payload type: transitional
337 Path: VHMTRWDOXPLK7BR55ICZ5N32ZJUMRKZEMFNGGCEAXV66GG43PEBQ
341 Path: stargrave@stargrave.org
344 And with the @option{-dump} option it will give you the actual payload
345 (the whole file, mail message, and so on). @option{-decompress} option
346 tries to zlib-decompress the data from plain packet (useful for mail
353 % nncp-reass [options] [-dryrun] [-keep] [-dump] [-stdout] FILE.nncp.meta
354 % nncp-reass [options] [-dryrun] [-keep] {-all | -node NODE}
357 Reassemble @ref{Chunked, chunked file} after @ref{nncp-toss, tossing}.
359 When called with @option{FILE} option, this command will reassemble only
360 it. When called with @option{-node} option, this command will try to
361 reassemble all @file{.nncp.meta} files found in @option{NODE}'s
362 @ref{CfgIncoming, incoming} directory. When called with @option{-all}
363 option, then cycle through all known nodes to do the same.
365 Reassembling process does the following:
368 @item Parses @ref{Chunked, @file{.nncp.meta}} file.
369 @item Checks existence and size of every @file{.nncp.chunkXXX}.
370 @item Verifies integrity of every chunk.
371 @item Concatenates all chunks, simultaneously removing them from filesystem.
374 That process reads the whole data twice. Be sure to have free disk
375 space for at least one chunk. Decrypted chunk files as a rule are saved
376 in pseudo-random order, so removing them during reassembly process will
377 likely lead to filesystem fragmentation. Reassembly process on
378 filesystems with deduplication capability should be rather lightweight.
380 If @option{-dryrun} option is specified, then only existence and
381 integrity checking are performed.
383 If @option{-keep} option is specified, then no
384 @file{.nncp.meta}/@file{.nncp.chunkXXX} files are deleted during
387 @option{-stdout} option outputs reassembled file to stdout, instead of
388 saving to temporary file with renaming after. This could be useful for
389 reassembling on separate filesystem to lower fragmentation effect,
390 and/or separate storage device for higher performance.
392 @option{-dump} option prints meta-file contents in human-friendly form.
393 It is useful mainly for debugging purposes. For example:
395 Original filename: testfile
396 File size: 3.8 MiB (3987795 bytes)
397 Chunk size: 1.0 MiB (1048576 bytes)
400 0: eac60d819edf40b8ecdacd0b9a5a8c62de2d15eef3c8ca719eafa0be9b894017
401 1: 013a07e659f2e353d0e4339c3375c96c7fffaa2fa00875635f440bbc4631052a
402 2: f4f883975a663f2252328707a30e71b2678f933b2f3103db8475b03293e4316e
403 3: 0e9e229501bf0ca42d4aa07393d19406d40b179f3922a3986ef12b41019b45a3
406 Do not forget about @ref{ChunkedZFS, possible} ZFS deduplication issues.
412 % nncp-rm [options] -tmp
413 % nncp-rm [options] -lock
414 % nncp-rm [options] -node NODE -part
415 % nncp-rm [options] -node NODE -seen
416 % nncp-rm [options] -node NODE [-rx] [-tx]
417 % nncp-rm [options] -node NODE -pkt PKT
420 This command is aimed to delete various files from your spool directory:
423 @item If @option{-tmp} option is specified, then it will delete all
424 temporary files in @file{spool/tmp} directory. Files may stay in it when
425 commands like @ref{nncp-file} fail for some reason.
426 @item If @option{-lock} option is specified, then all @file{.lock} files
427 will be deleted in your spool directory.
428 @item If @option{-pkt} option is specified, then @file{PKT} packet (its
429 Base32 name) will be deleted. This is useful when you see some packet
430 failing to be processed.
431 @item When either @option{-rx} or @option{-tx} options are specified
432 (maybe both of them), then delete all packets from that given queues. If
433 @option{-part} is given, then delete only @file{.part}ly downloaded
434 ones. If @option{-seen} option is specified, then delete only
442 % nncp-stat [options]
445 Print current @ref{Spool, spool} statistics about unsent and unprocessed
446 packets. For each node and each niceness level there will be printed how
447 many packets (with the total size) are in inbound (Rx) and outbound (Tx)
454 % nncp-toss [options]
464 Perform "tossing" operation on all inbound packets. This is the tool
465 that decrypts all packets and processes all payload packets in them:
466 copies files, sends mails, sends out file requests and relays transition
467 packets. It should be run after each online/offline exchange.
469 @option{-dryrun} option does not perform any writing and sending, just
470 tells what it will do.
472 @option{-cycle} option tells not to quit, but to repeat tossing every
473 @option{INT} seconds in an infinite loop. That can be useful when
474 running this command as a daemon.
476 @option{-seen} option creates empty @file{XXX.seen} file after
477 successful tossing of @file{XXX} packet. @ref{nncp-xfer} and
478 @ref{nncp-bundle} commands skip inbound packets that has been already
479 seen, processed and tossed. This is helpful to defeat duplicates.
481 @option{-nofile}, @option{-nofreq}, @option{-nomail}, @option{-notrns}
482 options allow to disable any kind of packet types processing.
488 % nncp-xfer [options] [-mkdir] [-keep] [-rx|-tx] DIR
491 Search for directory in @file{DIR} containing inbound packets for us and
492 move them to local @ref{Spool, spool} directory. Also search for known
493 neighbours directories and move locally queued outbound packets to them.
494 This command is used for offline packets transmission.
496 If @option{-mkdir} option is specified, then outbound neighbour(s)
497 directories will be created. This is useful for the first time usage,
498 when storage device does not have any directories tree.
500 If @option{-keep} option is specified, then keep copied files, do not
503 @option{-rx} option tells only to move inbound packets addressed to us.
504 @option{-tx} option tells exactly the opposite: move only outbound packets.
506 @ref{nncp-cfgmin} could be useful for creating stripped minimalistic
507 configuration file version without any private keys.
509 @file{DIR} directory has the following structure:
510 @file{RECIPIENT/SENDER/PACKET}, where @file{RECIPIENT} is Base32 encoded
511 destination node, @file{SENDER} is Base32 encoded sender node.
513 Also look for @ref{nncp-bundle}, especially if you deal with CD-ROM and