@table @option
@item -cfg
- Path to configuration file. May be overrided by @env{NNCPCFG}
- environment variable.
+ Path to configuration file. May be overridden by @env{NNCPCFG}
+ environment variable. If file file is an encrypted @ref{EBlob,
+ eblob}, then ask for passphrase to decrypt it first.
@item -debug
Print debug messages. Normally this option should not be used.
@item -minsize
@item -nice
Set desired outgoing packet @ref{Niceness, niceness level}.
1-255 values are allowed.
+@item -replynice
+ Set desired reply packet @ref{Niceness, niceness level}. Only freq
+ and exec packets look at that niceness level. 1-255 values are
+ allowed.
@item -node
Process only single specified node.
+@item -via
+ Override @ref{CfgVia, via} configuration option for destination node.
+ Specified nodes must be separated with comma: @verb{|NODE1,NODE2|}.
+ With @verb{|-via -|} you can disable relaying at all.
+@item -spool
+ Override path to spool directory. May be specified by
+ @env{NNCPSPOOL} environment variable.
+@item -log
+ Override path to logfile. May be specified by @env{NNCPLOG}
+ environment variable.
@item -quiet
Print only errors, omit simple informational messages. In any case
those messages are logged, so you can reread them using
Print warranty information (no warranty).
@end table
+@node nncp-bundle
+@section nncp-bundle
+
+@verbatim
+% nncp-bundle [options] -tx [-delete] NODE [NODE ...] > ...
+% nncp-bundle [options] -rx -delete [-dryrun] [NODE ...] < ...
+% nncp-bundle [options] -rx [-check] [-dryrun] [NODE ...] < ...
+@end verbatim
+
+With @option{-tx} option, this command creates @ref{Bundles, bundle} of
+@ref{Encrypted, encrypted packets} from the spool directory and writes
+it to stdout.
+
+With @option{-rx} option, this command takes bundle from stdin and
+copies all found packets for our node to the spool directory. Pay
+attention that @strong{no} integrity checking is done by default. Modern
+tape drives could easily provide too much throughput your CPU won't be
+able to verify on the fly. So if you won't @ref{nncp-toss, toss}
+received packets at the place, it is advisable either to run
+@ref{nncp-check} utility for packets integrity verification, or to use
+@option{-check} option to enable on the fly integrity check.
+
+You can specify multiple @option{NODE} arguments, telling for what nodes
+you want to create the stream, or take it from. If no nodes are
+specified for @option{-rx} mode, then all packets aimed at us will be
+processed.
+
+When packets are sent through the stream, they are still kept in the
+spool directory, because there is no assurance that they are transferred
+to the media (media (CD-ROM, tape drive, raw hard drive) can end). If
+you want to forcefully delete them (after they are successfully flushed
+to stdout) anyway, use @option{-delete} option.
+
+But you can verify produced stream after, by digesting it by yourself
+with @option{-rx} and @option{-delete} options -- in that mode, stream
+packets integrity will be checked and they will be deleted from the
+spool if everything is good. So it is advisable to recheck your streams:
+
+@verbatim
+% nncp-bundle -tx ALICE BOB WHATEVER | cdrecord -tao -
+% dd if=/dev/cd0 bs=2048 | nncp-bundle -rx -delete
+@end verbatim
+
+@option{-dryrun} option prevents any writing to the spool. This is
+useful when you need to see what packets will pass by and possibly check
+their integrity.
+
@node nncp-call
@section nncp-call
@command{nncp-call} again, remote node will receive completion
notification.
+@node nncp-cfgenc
+@section nncp-cfgenc
+
+@verbatim
+% nncp-cfgmin [options] [-s INT] [-t INT] [-p INT] cfg.yaml > cfg.yaml.eblob
+% nncp-cfgmin [options] -d cfg.yaml.eblob > cfg.yaml
+@end verbatim
+
+This command allows you to encrypt provided @file{cfg.yaml} file with
+the passphrase, producing @ref{EBlob, eblob}, to safely keep your
+configuration file with private keys. This utility was written for users
+who do not want (or can not) to use either @url{https://gnupg.org/,
+GnuPG} or similar tools. That @file{eblob} file can be used directly in
+@option{-cfg} option of nearly all commands.
+
+@option{-s}, @option{-t}, @option{-p} are used to tune @file{eblob}'s
+password strengthening function. Space memory cost (@option{-s}),
+specified in number of BLAKE2b-256 blocks (32 bytes), tells how many
+memory must be used for hashing -- bigger values are better, but slower.
+Time cost (@option{-t}) tells how many rounds/iterations must be
+performed -- bigger is better, but slower. Number of parallel jobs
+(@option{-p}) tells how many computation processes will be run: this is
+the same as running that number of independent hashers and then joining
+their result together.
+
+When invoked for encryption, passphrase is entered manually twice. When
+invoked for decryption (@option{-d} option), it is asked once and exits
+if passphrase can not decrypt @file{eblob}.
+
+@option{-dump} options parses @file{eblob} and prints parameters used
+during its creation. For example:
+@verbatim
+% nncp-cfgenc -dump /usr/local/etc/nncp.yaml.eblob
+Strengthening function: Balloon with BLAKE2b-256
+Memory space cost: 1048576 bytes
+Number of rounds: 16
+Number of parallel jobs: 2
+Blob size: 2494
+@end verbatim
+
@node nncp-cfgmin
@section nncp-cfgmin
can handle. @option{-bind} option specifies @option{addr:port} it must
bind to and listen.
+@node nncp-exec
+@section nncp-exec
+
+@verbatim
+% nncp-exec [options] NODE HANDLE [ARG0 ARG1 ...]
+@end verbatim
+
+Send execution command to @option{NODE} for specified @option{HANDLE}.
+Body is read from stdin and compressed. After receiving, remote side
+will execute specified @ref{CfgExec, handle} command with @option{ARG*}
+appended and decompressed body fed to command's stdin.
+
+For example, if remote side has following configuration file for your
+node:
+
+@verbatim
+exec:
+ sendmail: [/usr/sbin/sendmail, "-t"]
+ appender: ["/bin/sh", "-c", "cat >> /append"]
+@end verbatim
+
+then executing @verb{|echo My message | nncp-exec -replynice 123 REMOTE
+sendmail root@localhost|} will lead to executing of:
+
+@verbatim
+echo My message |
+ NNCP_SELF=REMOTE \
+ NNCP_SENDER=OurNodeId \
+ NNCP_NICE=123 \
+ /usr/sbin/sendmail -t root@localhost
+@end verbatim
+
+
@node nncp-file
@section nncp-file
taken from stdin, then you have to have 2 GiB of disk space for that
temporary file and resulting encrypted packet. You can control where
temporary file will be stored using @env{TMPDIR} environment variable.
-Encryption is performed with
-@url{https://www.schneier.com/academic/twofish/, Twofish} algorithm, 256
-bit random key, zero IV, in
-@url{https://en.wikipedia.org/wiki/Counter_mode#Counter_.28CTR.29, CTR}
-mode.
+Encryption is performed with @url{https://cr.yp.to/chacha.html,
+ChaCha20} algorithm. Data is splitted on 128 KiB blocks. Each block is
+encrypted with increasing nonce counter.
If @option{-chunked} is specified, then source file will be split
@ref{Chunked, on chunks}. @option{INT} is the desired chunk size in
KiBs. This mode is more CPU hungry. Pay attention that chunk is saved in
spool directory immediately and it is not deleted if any error occurs.
-@option{-minsize} option is applied per each chunk.
+@option{-minsize} option is applied per each chunk. Do not forget about
+@ref{ChunkedZFS, possible} ZFS deduplication issues.
If @ref{CfgNotify, notification} is enabled on the remote side for
file transmissions, then it will sent simple letter after successful
@section nncp-freq
@verbatim
-% nncp-freq [options] NODE:SRC DST
+% nncp-freq [options] NODE:SRC [DST]
@end verbatim
Send file request to @option{NODE}, asking it to send its @file{SRC}
file from @ref{CfgFreq, freq} directory to our node under @file{DST}
-filename in our @ref{CfgIncoming, incoming} one.
+filename in our @ref{CfgIncoming, incoming} one. If @file{DST} is not
+specified, then last element of @file{SRC} will be used.
If @ref{CfgNotify, notification} is enabled on the remote side for
file request, then it will sent simple letter after successful file
Parse @ref{Log, log} file and print out its records in human-readable form.
-@node nncp-mail
-@section nncp-mail
-
-@verbatim
-% nncp-mail [options] NODE USER ...
-@end verbatim
-
-Send mail, that is read from stdin, to @option{NODE} and specified
-@option{USER}s. Mail message will be compressed. After receiving, remote
-side will execute specified @ref{CfgSendmail, sendmail} command with
-@option{USER}s appended as a command line argument and feed decompressed
-mail body to that command's stdin.
-
@node nncp-pkt
@section nncp-pkt
3: 0e9e229501bf0ca42d4aa07393d19406d40b179f3922a3986ef12b41019b45a3
@end verbatim
+ Do not forget about @ref{ChunkedZFS, possible} ZFS deduplication issues.
+
@node nncp-rm
@section nncp-rm
@verbatim
-% nncp-rm [options] NODE PKT
+% nncp-rm [options] -tmp
+% nncp-rm [options] -lock
+% nncp-rm [options] -node NODE -part
+% nncp-rm [options] -node NODE -seen
+% nncp-rm [options] -node NODE [-rx] [-tx]
+% nncp-rm [options] -node NODE -pkt PKT
@end verbatim
-Remove specified packet (Base32 name) in @option{NODE}'s queues. This
-command is useful when you want to remove the packet that is failing to
-be processed.
+This command is aimed to delete various files from your spool directory:
+
+@itemize
+@item If @option{-tmp} option is specified, then it will delete all
+temporary files in @file{spool/tmp} directory. Files may stay in it when
+commands like @ref{nncp-file} fail for some reason.
+@item If @option{-lock} option is specified, then all @file{.lock} files
+will be deleted in your spool directory.
+@item If @option{-pkt} option is specified, then @file{PKT} packet (its
+Base32 name) will be deleted. This is useful when you see some packet
+failing to be processed.
+@item When either @option{-rx} or @option{-tx} options are specified
+(maybe both of them), then delete all packets from that given queues. If
+@option{-part} is given, then delete only @file{.part}ly downloaded
+ones. If @option{-seen} option is specified, then delete only
+@file{.seen} files.
+@end itemize
@node nncp-stat
@section nncp-stat
@section nncp-toss
@verbatim
-% nncp-toss [options] [-dryrun] [-cycle INT]
+% nncp-toss [options]
+ [-dryrun]
+ [-cycle INT]
+ [-seen]
+ [-nofile]
+ [-nofreq]
+ [-nomail]
+ [-notrns]
@end verbatim
Perform "tossing" operation on all inbound packets. This is the tool
@option{INT} seconds in an infinite loop. That can be useful when
running this command as a daemon.
+@option{-seen} option creates empty @file{XXX.seen} file after
+successful tossing of @file{XXX} packet. @ref{nncp-xfer} and
+@ref{nncp-bundle} commands skip inbound packets that has been already
+seen, processed and tossed. This is helpful to defeat duplicates.
+
+@option{-nofile}, @option{-nofreq}, @option{-nomail}, @option{-notrns}
+options allow to disable any kind of packet types processing.
+
@node nncp-xfer
@section nncp-xfer
@file{DIR} directory has the following structure:
@file{RECIPIENT/SENDER/PACKET}, where @file{RECIPIENT} is Base32 encoded
destination node, @file{SENDER} is Base32 encoded sender node.
+
+Also look for @ref{nncp-bundle}, especially if you deal with CD-ROM and
+tape drives.