4 Nearly all commands have the following common options:
8 Path to configuration file. May be overridden by @env{NNCPCFG}
9 environment variable. If file file is an encrypted @ref{EBlob,
10 eblob}, then ask for passphrase to decrypt it first.
12 Print debug messages. Normally this option should not be used.
15 Minimal required resulting packet size, in KiBs. For example if you
16 send 2 KiB file and set @option{-minsize 4}, then resulting packet
17 will be 4 KiB (containing file itself and some junk).
19 Set desired outgoing packet @ref{Niceness, niceness level}.
21 Set desired reply packet @ref{Niceness, niceness level}. Only freq
22 and exec packets look at that niceness level.
24 Override @ref{CfgVia, via} configuration option for destination node.
25 Specified nodes must be separated with comma: @verb{|NODE1,NODE2|}.
26 With @verb{|-via -|} you can disable relaying at all.
28 Override path to spool directory. May be specified by
29 @env{NNCPSPOOL} environment variable.
31 Override path to logfile. May be specified by @env{NNCPLOG}
34 Print only errors, omit simple informational messages. In any case
35 those messages are logged, so you can reread them using
36 @ref{nncp-log} command.
38 Print version information.
40 Print warranty information (no warranty).
47 $ nncp-bundle [options] -tx [-delete] NODE [NODE ...] > ...
48 $ nncp-bundle [options] -rx -delete [-dryrun] [NODE ...] < ...
49 $ nncp-bundle [options] -rx [-check] [-dryrun] [NODE ...] < ...
52 With @option{-tx} option, this command creates @ref{Bundles, bundle} of
53 @ref{Encrypted, encrypted packets} from the spool directory and writes
56 With @option{-rx} option, this command takes bundle from stdin and
57 copies all found packets for our node to the spool directory. Pay
58 attention that @strong{no} integrity checking is done by default. Modern
59 tape drives could easily provide too much throughput your CPU won't be
60 able to verify on the fly. So if you won't @ref{nncp-toss, toss}
61 received packets at the place, it is advisable either to run
62 @ref{nncp-check} utility for packets integrity verification, or to use
63 @option{-check} option to enable on the fly integrity check.
65 You can specify multiple @option{NODE} arguments, telling for what nodes
66 you want to create the stream, or take it from. If no nodes are
67 specified for @option{-rx} mode, then all packets aimed at us will be
70 When packets are sent through the stream, they are still kept in the
71 spool directory, because there is no assurance that they are transferred
72 to the media (media (CD-ROM, tape drive, raw hard drive) can end). If
73 you want to forcefully delete them (after they are successfully flushed
74 to stdout) anyway, use @option{-delete} option.
76 But you can verify produced stream after, by digesting it by yourself
77 with @option{-rx} and @option{-delete} options -- in that mode, stream
78 packets integrity will be checked and they will be deleted from the
79 spool if everything is good. So it is advisable to recheck your streams:
82 $ nncp-bundle -tx ALICE BOB WHATEVER | cdrecord -tao -
83 $ dd if=/dev/cd0 bs=2048 | nncp-bundle -rx -delete
86 @option{-dryrun} option prevents any writes to the spool. This is
87 useful when you need to see what packets will pass by and possibly check
102 NODE[:ADDR] [FORCEADDR]
105 Call (connect to) specified @option{NODE} and run @ref{Sync,
106 synchronization} protocol with the @ref{nncp-daemon, daemon} on the
107 remote side. Normally this command could be run any time you wish to
108 either check for incoming packets, or to send out queued ones.
109 Synchronization protocol allows resuming and bidirectional packets
112 If @option{-rx} option is specified then only inbound packets
113 transmission is performed. If @option{-tx} option is specified, then
114 only outbound transmission is performed. @option{-onlinedeadline}
115 overrides @ref{CfgOnlineDeadline, @emph{onlinedeadline}}.
116 @option{-maxonlinetime} overrides @ref{CfgMaxOnlineTime,
117 @emph{maxonlinetime}}. @option{-rxrate}/@option{-txrate} override
118 @ref{CfgXxRate, rxrate/txrate}. @option{-list} option allows you to list
119 packets of remote node, without any transmission.
121 You can specify what packets your want to download, by specifying
122 @option{-pkts} option with comma-separated list of packets identifiers.
128 $ nncp-caller [options] [NODE ...]
131 Croned daemon that calls remote nodes from time to time, according to
132 their @ref{CfgCalls, @emph{calls}} configuration field.
134 Optional number of @option{NODE}s tells to ignore other ones.
135 Otherwise all nodes with specified @emph{calls} configuration
136 field will be called.
138 @option{-onlinedeadline} overrides @ref{CfgOnlineDeadline,
139 @emph{onlinedeadline}} configuration option.
141 Each @option{NODE} can contain several uniquely identified
142 @option{ADDR}esses in @ref{CfgAddrs, configuration} file. If you do
143 not specify the exact one, then all will be tried until the first
144 success. Optionally you can force @option{FORCEADDR} address usage,
145 instead of addresses taken from configuration file.
147 Pay attention that this command runs integrity check for each completely
148 received packet in the background. This can be time consuming.
149 Connection could be lost during that check and remote node won't be
150 notified that file is done. But after successful integrity check that
151 file is renamed from @file{.part} one and when you rerun
152 @command{nncp-call} again, remote node will receive completion
159 $ nncp-cfgmin [options] [-s INT] [-t INT] [-p INT] cfg.hjson > cfg.hjson.eblob
160 $ nncp-cfgmin [options] -d cfg.hjson.eblob > cfg.hjson
163 This command allows you to encrypt provided @file{cfg.hjson} file with
164 the passphrase, producing @ref{EBlob, eblob}, to safely keep your
165 configuration file with private keys. This utility was written for users
166 who do not want (or can not) to use either @url{https://gnupg.org/,
167 GnuPG} or similar tools. That @file{eblob} file can be used directly in
168 @option{-cfg} option of nearly all commands.
170 @option{-s}, @option{-t}, @option{-p} are used to tune @file{eblob}'s
171 password strengthening function. Space memory cost (@option{-s}),
172 specified in number of BLAKE2b-256 blocks (32 bytes), tells how many
173 memory must be used for hashing -- bigger values are better, but slower.
174 Time cost (@option{-t}) tells how many rounds/iterations must be
175 performed -- bigger is better, but slower. Number of parallel jobs
176 (@option{-p}) tells how many computation processes will be run: this is
177 the same as running that number of independent hashers and then joining
178 their result together.
180 When invoked for encryption, passphrase is entered manually twice. When
181 invoked for decryption (@option{-d} option), it is asked once and exits
182 if passphrase can not decrypt @file{eblob}.
184 @option{-dump} options parses @file{eblob} and prints parameters used
185 during its creation. For example:
187 $ nncp-cfgenc -dump /usr/local/etc/nncp.hjson.eblob
188 Strengthening function: Balloon with BLAKE2b-256
189 Memory space cost: 1048576 bytes
191 Number of parallel jobs: 2
199 $ nncp-cfgmin [options] > stripped.hjson
202 Print out stripped configuration version: only path to @ref{Spool,
203 spool}, path to log file, neighbours public keys are stayed. This is
204 useful mainly for usage with @ref{nncp-xfer} that has to know only
205 neighbours, without private keys involving.
211 $ nncp-cfgnew [options] [-nocomments] > new.hjson
214 Generate new node configuration: private keys, example configuration
215 file and print it to stdout. You must use this command when you setup
216 the new node. @option{-nocomments} will create configuration file
217 without descriptive huge comments -- useful for advanced users.
219 Pay attention that private keys generation consumes an entropy from your
226 $ nncp-check [options]
229 Perform @ref{Spool, spool} directory integrity check. Read all files
230 that has Base32-encoded filenames and compare it with recalculated
231 BLAKE2b hash output of their contents. That supplementary command is
232 not used often in practice, if ever.
238 $ nncp-daemon [options] [-maxconn INT] [-bind ADDR] [-inetd]
241 Start listening TCP daemon, wait for incoming connections and run
242 @ref{Sync, synchronization protocol} with each of them. You can run
243 @ref{nncp-toss} utility in background to process inbound packets from
246 @option{-maxconn} option specifies how many simultaneous clients daemon
247 can handle. @option{-bind} option specifies @option{addr:port} it must
250 It could be run as @command{inetd} service, by specifying
251 @option{-inetd} option. Example inetd-entry:
254 uucp stream tcp6 nowait nncpuser /usr/local/bin/nncp-daemon nncp-daemon -inetd
261 $ nncp-exec [options] NODE HANDLE [ARG0 ARG1 ...]
264 Send execution command to @option{NODE} for specified @option{HANDLE}.
265 Body is read from stdin and compressed. After receiving, remote side
266 will execute specified @ref{CfgExec, handle} command with @option{ARG*}
267 appended and decompressed body fed to command's stdin.
269 For example, if remote side has following configuration file for your
274 sendmail: [/usr/sbin/sendmail, "-t"]
275 appender: ["/bin/sh", "-c", "cat >> /append"]
279 then executing @verb{|echo My message | nncp-exec -replynice 123 REMOTE
280 sendmail root@localhost|} will lead to execution of:
285 NNCP_SENDER=OurNodeId \
287 /usr/sbin/sendmail -t root@localhost
295 $ nncp-file [options] [-chunked INT] SRC NODE:[DST]
298 Send @file{SRC} file to remote @option{NODE}. @file{DST} specifies
299 destination file name in remote's @ref{CfgIncoming, incoming}
300 directory. If this file already exists there, then counter will be
303 This command queues file in @ref{Spool, spool} directory immediately
304 (through the temporary file of course) -- so pay attention that sending
305 2 GiB file will create 2 GiB outbound encrypted packet.
307 If @file{SRC} equals to @file{-}, then create an encrypted temporary
308 file and copy everything taken from stdin to it and use for outbound
309 packet creation. Pay attention that if you want to send 1 GiB of data
310 taken from stdin, then you have to have more than 2 GiB of disk space
311 for that temporary file and resulting encrypted packet. You can control
312 where temporary file will be stored using @env{TMPDIR} environment
313 variable. Encryption is performed in AEAD mode with
314 @url{https://cr.yp.to/chacha.html, ChaCha20}-@url{https://en.wikipedia.org/wiki/Poly1305, Poly1305}
315 algorithms. Data is splitted on 128 KiB blocks. Each block is encrypted
316 with increasing nonce counter.
318 If @option{-chunked} is specified, then source file will be split
319 @ref{Chunked, on chunks}. @option{INT} is the desired chunk size in
320 KiBs. This mode is more CPU hungry. Pay attention that chunk is saved in
321 spool directory immediately and it is not deleted if any error occurs.
322 @option{-minsize} option is applied per each chunk. Do not forget about
323 @ref{ChunkedZFS, possible} ZFS deduplication issues.
325 If @ref{CfgNotify, notification} is enabled on the remote side for
326 file transmissions, then it will sent simple letter after successful
333 $ nncp-freq [options] NODE:SRC [DST]
336 Send file request to @option{NODE}, asking it to send its @file{SRC}
337 file from @ref{CfgFreq, freq} directory to our node under @file{DST}
338 filename in our @ref{CfgIncoming, incoming} one. If @file{DST} is not
339 specified, then last element of @file{SRC} will be used.
341 If @ref{CfgNotify, notification} is enabled on the remote side for
342 file request, then it will sent simple letter after successful file
352 Parse @ref{Log, log} file and print out its records in human-readable form.
358 $ nncp-pkt [options] < pkt
359 $ nncp-pkt [options] [-decompress] -dump < pkt > payload
360 $ nncp-pkt -overheads
363 Low level packet parser. Normally it should not be used, but can help in
366 By default it will print packet's type, for example:
368 Packet type: encrypted
370 Sender: 2WHBV3TPZHDOZGUJEH563ZEK7M33J4UESRFO4PDKWD5KZNPROABQ
373 If you specify @option{-dump} option and provide an @ref{Encrypted,
374 encrypted} packet, then it will verify and decrypt it to stdout.
375 Encrypted packets contain @ref{Plain, plain} ones, that also can be fed
376 to @command{nncp-pkt}:
380 Payload type: transitional
381 Path: VHMTRWDOXPLK7BR55ICZ5N32ZJUMRKZEMFNGGCEAXV66GG43PEBQ
385 Path: stargrave@stargrave.org
388 And with the @option{-dump} option it will give you the actual payload
389 (the whole file, mail message, and so on). @option{-decompress} option
390 tries to zlib-decompress the data from plain packet (useful for mail
393 @option{-overheads} options print encrypted, plain and size header overheads.
399 $ nncp-reass [options] [-dryrun] [-keep] [-dump] [-stdout] FILE.nncp.meta
400 $ nncp-reass [options] [-dryrun] [-keep] {-all | -node NODE}
403 Reassemble @ref{Chunked, chunked file} after @ref{nncp-toss, tossing}.
405 When called with @option{FILE} option, this command will reassemble only
406 it. When called with @option{-node} option, this command will try to
407 reassemble all @file{.nncp.meta} files found in @option{NODE}'s
408 @ref{CfgIncoming, incoming} directory. When called with @option{-all}
409 option, then cycle through all known nodes to do the same.
411 Reassembling process does the following:
414 @item Parses @ref{Chunked, @file{.nncp.meta}} file.
415 @item Checks existence and size of every @file{.nncp.chunkXXX}.
416 @item Verifies integrity of every chunk.
417 @item Concatenates all chunks, simultaneously removing them from filesystem.
420 That process reads the whole data twice. Be sure to have free disk
421 space for at least one chunk. Decrypted chunk files as a rule are saved
422 in pseudo-random order, so removing them during reassembly process will
423 likely lead to filesystem fragmentation. Reassembly process on
424 filesystems with deduplication capability should be rather lightweight.
426 If @option{-dryrun} option is specified, then only existence and
427 integrity checking are performed.
429 If @option{-keep} option is specified, then no
430 @file{.nncp.meta}/@file{.nncp.chunkXXX} files are deleted during
433 @option{-stdout} option outputs reassembled file to stdout, instead of
434 saving to temporary file with renaming after. This could be useful for
435 reassembling on separate filesystem to lower fragmentation effect,
436 and/or separate storage device for higher performance.
438 @option{-dump} option prints meta-file contents in human-friendly form.
439 It is useful mainly for debugging purposes. For example:
441 Original filename: testfile
442 File size: 3.8 MiB (3987795 bytes)
443 Chunk size: 1.0 MiB (1048576 bytes)
446 0: eac60d819edf40b8ecdacd0b9a5a8c62de2d15eef3c8ca719eafa0be9b894017
447 1: 013a07e659f2e353d0e4339c3375c96c7fffaa2fa00875635f440bbc4631052a
448 2: f4f883975a663f2252328707a30e71b2678f933b2f3103db8475b03293e4316e
449 3: 0e9e229501bf0ca42d4aa07393d19406d40b179f3922a3986ef12b41019b45a3
452 Do not forget about @ref{ChunkedZFS, possible} ZFS deduplication issues.
458 $ nncp-rm [options] -tmp
459 $ nncp-rm [options] -lock
460 $ nncp-rm [options] -node NODE -part
461 $ nncp-rm [options] -node NODE -seen
462 $ nncp-rm [options] -node NODE [-rx] [-tx]
463 $ nncp-rm [options] -node NODE -pkt PKT
466 This command is aimed to delete various files from your spool directory:
469 @item If @option{-tmp} option is specified, then it will delete all
470 temporary files in @file{spool/tmp} directory. Files may stay in it when
471 commands like @ref{nncp-file} fail for some reason.
472 @item If @option{-lock} option is specified, then all @file{.lock} files
473 will be deleted in your spool directory.
474 @item If @option{-pkt} option is specified, then @file{PKT} packet (its
475 Base32 name) will be deleted. This is useful when you see some packet
476 failing to be processed.
477 @item When either @option{-rx} or @option{-tx} options are specified
478 (maybe both of them), then delete all packets from that given queues. If
479 @option{-part} is given, then delete only @file{.part}ly downloaded
480 ones. If @option{-seen} option is specified, then delete only
488 $ nncp-stat [options] [-node NODE]
491 Print current @ref{Spool, spool} statistics about unsent and unprocessed
492 packets. For each node (unless @option{-node} specified) and each
493 niceness level there will be printed how many packets (with the total
494 size) are in inbound (Rx) and outbound (Tx) queues.
500 $ nncp-toss [options]
511 Perform "tossing" operation on all inbound packets. This is the tool
512 that decrypts all packets and processes all payload packets in them:
513 copies files, sends mails, sends out file requests and relays transition
514 packets. It should be run after each online/offline exchange.
516 @option{-dryrun} option does not perform any writing and sending, just
517 tells what it will do.
519 @option{-cycle} option tells not to quit, but to repeat tossing every
520 @option{INT} seconds in an infinite loop. That can be useful when
521 running this command as a daemon.
523 @option{-seen} option creates empty @file{XXX.seen} file after
524 successful tossing of @file{XXX} packet. @ref{nncp-xfer},
525 @ref{nncp-bundle}, @ref{nncp-daemon} and @ref{nncp-call} commands skip
526 inbound packets that has been already seen, processed and tossed. This
527 is helpful to prevent duplicates.
529 @option{-nofile}, @option{-nofreq}, @option{-noexec}, @option{-notrns}
530 options allow to disable any kind of packet types processing.
536 $ nncp-xfer [options] [-node NODE] [-mkdir] [-keep] [-rx|-tx] DIR
539 Search for directory in @file{DIR} containing inbound packets for us and
540 move them to local @ref{Spool, spool} directory. Also search for known
541 neighbours directories and move locally queued outbound packets to them.
542 This command is used for offline packets transmission.
544 If @option{-mkdir} option is specified, then outbound neighbour(s)
545 directories will be created. This is useful for the first time usage,
546 when storage device does not have any directories tree.
548 If @option{-keep} option is specified, then keep copied files, do not
551 @option{-rx} option tells only to move inbound packets addressed to us.
552 @option{-tx} option tells exactly the opposite: move only outbound packets.
554 @ref{nncp-cfgmin} could be useful for creating stripped minimalistic
555 configuration file version without any private keys.
557 @file{DIR} directory has the following structure:
558 @file{RECIPIENT/SENDER/PACKET}, where @file{RECIPIENT} is Base32 encoded
559 destination node, @file{SENDER} is Base32 encoded sender node.
561 Also look for @ref{nncp-bundle}, especially if you deal with CD-ROM and