* Copying
-secnet is Copyright (C) 1995--2001 Stephen Early <steve@greenend.org.uk>
+secnet is Copyright (C) 1995--2003 Stephen Early <steve@greenend.org.uk>
It is distributed under the terms of the GNU General Public License,
version 2 or later. See the file COPYING for more information.
makelist: turns a dictionary (arg1) into a list of definitions
(ignoring the keys)
readfile: reads a file (arg1) and returns it as a string
+ map: applies the closure specified as arg1 to each of the
+ remaining elements in the list in turn. Returns a list
+ made up of the outputs of the closure.
Keys defined by modules are described below, in the module
documentation.
udp (closure => comm closure)
udp: dict argument
+ address (string): IP address to listen and send on
port (integer): UDP port to listen and send on
buffer (buffer closure): buffer for incoming packets
authbind (string): optional, path to authbind-helper program
setup-retries (integer): max number of times to transmit a key negotiation
packet [5]
setup-timeout (integer): time between retransmissions of key negotiation
- packets, in ms [1000]
+ packets, in ms [2000]
wait-time (integer): after failed key setup, wait this long (in ms) before
allowing another attempt [20000]
renegotiate-time (integer): if we see traffic on the link after this time
- then renegotiate another session key immediately [depends on key-lifetime]
- keepalive (bool): if True then attempt always to keep a valid session key
+ then renegotiate another session key immediately (in ms)
+ [half key-lifetime, or key-lifetime minus 5 mins, whichever is longer].
+ keepalive (bool): if True then attempt always to keep a valid session key.
+ Not actually currently implemented. [false]
log-events (string list): types of events to log for this site
unexpected: unexpected key setup packets (may be late retransmissions)
setup-init: start of attempt to setup a session key
null-netlink: dict argument
name (string): name for netlink device, used in log messages
networks (string list): networks on the host side of the netlink device
- exclude-remote-networks (string list): networks that may never be claimed
- by any remote site using this netlink device
+ remote-networks (string list): networks that may be claimed
+ by the remote site using this netlink device
local-address (string): IP address of host's tunnel interface
secnet-address (string): IP address of this netlink device
ptp-address (string): IP address of the other end of a point-to-point link
options (string list):
allow-route: allow packets coming from this tunnel to be routed to
other tunnels as well as the host (used for mobile devices like laptops)
- soft-route: remove these routes from the host's routing table when
+ soft: remove these routes from the host's routing table when
the tunnel link quality is zero
mtu (integer): default MTU over this link; may be updated by tunnel code