Sections
- [<servername> - <client>]
+ [<servername> <client>]
[<client>]
[<servername>] often [SERVER]
[COMMON]
Keys are looked up in that order, unless otherwise specified.
<client> is the client's virtual address.
-<servername> must be a valid DNS hostname and not look like an address.
+<servername> must be a valid lowercase DNS hostname and not look like
+an address, or be COMMON or SERVER.
+
+There are also:
+
+ [<servername> LIMIT]
+ [LIMIT]
+
+Things not in a section are an error.
+
+
+Both client and server read the files
+ /etc/hippotat/main.cfg
+ /etc/hippotat/config.d/*
+ /etc/hippotat/secrets.d/*
+and in each case if it's a directory, all contained files whose
+names consists of only ascii alphanumerics plus '-' and '_'.
+
+The ini file format sections from these files are all unioned.
+Later files (in the list above, or alphabetically later) can
+override settings from earlier ones.
+
+Note that although it is conventional for information for a particular
+server or client to be in a file named after that endpoint, there is
+no semantic link: all the files are always read and the appropriate
+section from each is applied to every endpoint.
+
+(If main.cfg does not exist, master.cfg will be tried for backward
+compatibility reasons.)
+
Exceptional settings:
ipif
Command to run to create and communicate with local network
interface. Passed to sh -c. Must speak SLIP on stdin/stdout.
- The following additional interpolations aare substituted:
- %(local)s %(peer)s %(rnet)s %(ifname)s
+ The following interpolations aare substituted:
+ %{local} %{peer} %{rnets} %{ifname}
on server <vaddr> <vrelay> <vnetwork> <ifname_server>
on client <client> <vaddr> <vroutes> <ifname_client>
- ["userv root ipif %(local)s,%(peer)s,%(mtu)s,slip %(rnets)s"]
+ Plus %{mtu} and %% to indicate a literal %.
+ (For compatibility with older hippotat, %(var)s is supported too
+ but this is deprecated since the extra `s` is confusing.)
+ ["userv root ipif %{local},%{peer},%{mtu},slip '%{rnets}'"]
On server: applies to all clients; not looked up in
client-specific sections.
those from the other sections (including COMMON).
max_batch_down
- Size limit for response payloads (used by server only)
+ Size limit for response payloads.
+ On client, incoming response bodies are limited to this plus
+ a fixed constant metadata overhead of 10000 bytes.
+ Server uses minim of client and server value (old servers
+ just uses server's value).
[65536 bytes; LIMIT: 262144 bytes]
max_queue_time
Discard packets after they have been queued this long waiting
for http.
- On server: setting applies to downward packets, and is capped
- by LIMIT values.
- On client: setting applies to upward packets, and is
- not affected by LIMIT values.
+ On server: setting applies to downward packets.
+ On client: setting applies to upward packets.
[10 s; LIMIT: 121 s]
http_timeout
for this long
On client: give up on any http request outstanding for
for this long plus http_timeout_grace
+ Warning messages about link problems, printed by the client,
+ are rate limited to no more than one per effective timeout.
Client's effective timeout must be at least server's (checked).
- [30 s; LIMIT: 121]
+ [30 s; LIMIT: 121s]
target_requests_outstanding
On server: whenever number of outstanding requests for
vaddr
Address of server's virtual interface.
+ [first host entry in <vnetwork>, so 172.24.230.193]
vrelay
Virtual point-to-point address used for tunnel routing
On client: used only to construct default url.
mtu
- Must match exactly. (UNCHECKED) [1500 bytes]
+ Of virtual interface. Must match exactly at each end.
+ (UNCHECKED) [1500 bytes]
ifname_server
Virtual interface name on the server. [shippo%d]
max_batch_up
Size limit for request payloads. [4000 bytes]
+ success_report_interval
+ If nonzero, report success periodically. Otherwise just
+ report it when we first have success. [3600 s]
+
http_retry
If a request fails, wait this long before considering it
"finished" - to limit rate of futile requests. [5 s]