[hippotat.git] / README.config

-*- Fundamental -*-

Sections

  [<servername> - <client>]
  [<client>]
  [<servername>]      often [SERVER]
  [COMMON]

Keys are looked up in that order, unless otherwise specified.
<client> is the client's virtual address.
<servername> must be a valid DNS hostname and not look like an address.


Both client and server read all files
  /etc/hippotat/main.cfg
  /etc/hippotat/config.d
  /etc/hippotat/server.d
and in each case if it's a directory, all contained files whose
names consists of only ascii alphanumerics plus '-' and '_'.
The ini file format sections from these files are all unioned.

(If main.cfg does not exist, master.cfg will be tried for backward
compatibility reasons.)


Exceptional settings:

  server
     Specifies <servername>.
     Is looked up in [SERVER] and [COMMON] only.
     If not specified there, it is SERVER.

     Used by server to select the appropriate parts of the
     rest of the configuration.  Ignored by the client.

  secret
     Looked up in the usual way, but used by client and server to
     determine which possible peerings to try to set up, and which to
     ignore.

     We define the sets of putative clients and servers, as follows:
     all those, for which there is any section (even an empty one)
     whose name is based on <client> or <servername> (as applicable).
     (LIMIT sections do not count.)

     The server queue packets for, and accept requests from, each
     putative client for which the config search yields a secret.

     Each client will create a local interface, and try to communicate
     with the server, for each possible pair (putative server,
     putative client) for which the config search yields a secret.

  ipif
     Command to run to create and communicate with local network
     interface.  Passed to sh -c.  Must speak SLIP on stdin/stdout.
     The following additional interpolations aare substituted:
                       %(local)s  %(peer)s  %(rnet)s    %(ifname)s
          on server    <vaddr>    <vrelay>  <vnetwork>  <ifname_server>
          on client    <client>   <vaddr>   <vroutes>   <ifname_client>
     ["userv root ipif %(local)s,%(peer)s,%(mtu)s,slip %(rnets)s"]

     On server: applies to all clients; not looked up in
      client-specific sections.
     On client: may be different for different servers.

Capped settings:

     Values in [<server> LIMIT] and [LIMIT] are a cap (maximum) on
     those from the other sections (including COMMON).

  max_batch_down
     Size limit for response payloads (used by server only)
     [65536 bytes; LIMIT: 262144 bytes]

  max_queue_time
     Discard packets after they have been queued this long waiting
     for http.
     On server: setting applies to downward packets, and is capped
      by LIMIT values.
     On client: setting applies to upward packets, and is
      not affected by LIMIT values.
     [10 s; LIMIT: 121 s]

  http_timeout
     On server: return with empty payload any http request oustanding
      for this long
     On client: give up on any http request outstanding for
      for this long plus http_timeout_grace
     Client's effective timeout must be at least server's (checked).
     [30 s; LIMIT: 121]

  target_requests_outstanding   
     On server: whenever number of outstanding requests for
      a client exceeds this, return oldest with empty payload
     On client: try to keep this many requests outstanding.
     Must match between client and server (checked).
     [3; LIMIT: 10]

Ordinary settings, used by both, not client-specific:

    These are not looked up in the client-specific config sections.

  addrs
     Public IP (v4 or v6) address(es) of the server;
     space-separated.
     On server: mandatory; used for bind.  No default.
     On client: used only to construct default url.

  vnetwork
     Private network range (<prefix>/<length>).  Must contain all
     <client>s.  Must contain <vaddr> and <vrelay>, and used
     to compute their defaults.  [172.24.230.192/28]

  vaddr
     Address of server's virtual interface.

  vrelay
     Virtual point-to-point address used for tunnel routing
     (does not appear in packets).
     [first host entry in <vnetwork> other than <vaddr>,
      so 172.24.230.194]

  port
     Public port number of the server.  [80]
     On server: used for bind.
     On client: used only to construct default url.

  mtu
     Must match exactly.  (UNCHECKED) [1500 bytes]

  ifname_server
     Virtual interface name on the server.  [shippo%d]
  ifname_client
     Virtual interface name on the client.  [hippo%d]
     Any %d is interpolated (by the kernel).

Ordinary settings, used by server only:

  max_clock_skew
     Permissible clock skew between client and server.
     hippotat will not work if clock skew is more than this.
     Conversely: when moving client from one public network to
     another, the first network can deny service to the client for
     this period after the client leaves the first network.
     [300s]

Ordinary settings, used by client only:

  http_timeout_grace
     See http_timeout.  [5 s]

  max_requests_outstanding
     Client will hold off sending more requests than this to
     server even if it has data to send.  [6]

  max_batch_up
     Size limit for request payloads. [4000 bytes]

  http_retry
     If a request fails, wait this long before considering it
     "finished" - to limit rate of futile requests.  [5 s]

  url
     Public url of server.
     [http://<first-entry-in-addrs>:<port>/]

  vroutes
     Virtual addresses (in CIDR syntax) to be found at the server
     end, space-separated.  Routes to those will be created on
     the client.  [""]