[tripe] / peerdb / peers.in.5.in

.\" -*-nroff-*-
.\".
.\" Manual for the peer configuration file
.\"
.\" (c) 2008 Straylight/Edgeware
.\"
.
.\"----- Licensing notice ---------------------------------------------------
.\"
.\" This file is part of Trivial IP Encryption (TrIPE).
.\"
.\" TrIPE is free software: you can redistribute it and/or modify it under
.\" the terms of the GNU General Public License as published by the Free
.\" Software Foundation; either version 3 of the License, or (at your
.\" option) any later version.
.\"
.\" TrIPE is distributed in the hope that it will be useful, but WITHOUT
.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
.\" FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
.\" for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.
.
.\"--------------------------------------------------------------------------
.so ../common/defs.man \"@@@PRE@@@
.
.\"--------------------------------------------------------------------------
.TH peers.in 5tripe "27 March 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
.
peers.in \- source form for TrIPE peer database
.
.\"--------------------------------------------------------------------------
.SH "DESCRIPTION"
.
The
.B peers.in
file is a plain text configuration file.  It is read by
.BR tripe-newpeers (8)
in order to produce the
.BR tripe.cdb (8)
database used by services and other tools.
.
.SS "General structure"
The configuration file is line-oriented.  Blank lines are ignored; lines
beginning with a hash
.RB ` # '
or semicolon
.RB ` ; '
are ignored.  The file is divided into sections by section headers,
which are lines of the form
.IP
.BI [ name ]
.PP
Within each section are a number of assignments, of the form
.IP
.IB key " = " value
.PP
or (entirely equivalent)
.IP
.IB key ": " value
.PP
The
.I key
must start in the left hand column.  The
.I value
may span multiple lines if subsequent lines begin with whitespace, in
the manner of RFC822 headers.
.PP
There is a special case to be aware of: if a section doesn't specify a
value for the key
.B name
then the section's own name is used as a default.
.PP
The following substitutions are made in the body of a value.
.hP \*o
An occurrence of
.BI $( key )
is replaced by the value assigned to the given
.IR key .
.hP \*o
An occurrence of
.BI $[ host ]
is replaced by the IP address of the named
.IR host .
Note that
.I host
may itself contain
.BI $( key )
substitutions.
.PP
There is a simple concept of
.I inheritance
for sections.  If a section contains an assignment
.IP
.BI "@inherit = " parent
.RB [[,]
.I parent
\&...]
.PP
then any lookups which can't be satisfied in that section will be
satisfied instead from its
.I parent
sections (and, if necessary, their parents in turn, and so on).
.PP
.hP \*o
If a value can be found for a key via multiple parents then all of them
must report the
.I same
value.  This restriction may be relaxed somewhat, if it turns out that a
more flexible notion of multiple inheritance is useful.
.hP \*o
It's not allowed for a section to inherit, possibly indirectly, from
itself.  Currently errors of this kind are only diagnosed when a cycle
is encountered while looking up a key and none of the sections on the
path from the original section up to and round the cycle define a value
for it.  Future versions of this program might be more picky.
.PP
Note that
.BI $( key )
substitutions in the resulting value will be satisfied from the original
section (though falling back to scanning parent sections).  For
example, given the sections
.VS
[parent]
detail = in $(name)
blurb = expand $(detail)

[child]
@inherit = parent
.VE
the key
.B blurb
takes the value
.RB ` "expand in parent" '
in section
.BR parent ,
and
.RB ` "expand in child" '
in section
.BR child .
.PP
Apart from its effect on lookups, as just described, the
.B @inherit
key is entirely ignored.  In particular, it is never written to the
database.
.
.SS "Standard keys and their meanings"
The following keys have meanings to programs in the TrIPE suite.  Other
keys may be used by separately distributed extensions or for local use.
The descriptions given are summaries only; see the references for
details.
.TP
.B auto
If true, include the peer in the
.B %AUTO
record.  Used by
.BR connect (8)
and
.BR tripe-newpeers (8);
described below.
.TP
.B connect
Shell command for initiating connection to this peer.  Used by
.BR connect (8).
.TP
.B cork
Don't initiate immediate key exchange.  Used by
.BR connect (8).
.TP
.B disconnect
Shell command for closing down connection to this peer.  Used by
.BR connect (8).
.TP
.B ephemeral
Mark the peer as ephemeral: see
.BR tripe-admin (5)
for what this means.  Used by
.BR connect (8).
.TP
.B every
Interval for checking that the peer is still alive and well.  Used by
.BR connect (8).
.TP
.B ifdown
Script to bring down tunnel interface connected to the peer.  Used by
.BR connect (8).
.TP
.B ifname
Interface name to set for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B ifup
Script to bring up tunnel interface connected to the peer.  Used by
.BR connect (8).
.TP
.B ifupextra
Script containing additional interface setup.  Used by
.BR tripe-ifup (8).
.TP
.B laddr
Local address for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B keepalive
Interval for sending keepalive pings.  Used by
.BR connect (8).
.TP
.B key
Key tag to use to authenticate the peer.  Used by
.BR connect (8).
.TP
.B knock
Knock string to send when establishing a dynamic connection.  Used by
.BR connect (8).
.TP
.B mobile
Peer's IP address is highly volatile.  Used by
.BR connect (8).
.TP
.B mtu
Maximum transmission unit for the tunnel interface.  Used by
.BR tripe-ifup (8).
.TP
.B nets
Networks to be routed over the tunnel interface.  Used by
.BR tripe-ifup (8).
.TP
.B peer
Network address for this peer, or
.BR PASSIVE .
Used by
.BR connect (8).
.TP
.B priv
Tag of the private key to use when communicating with the peer.
Used by
.BR connect (8).
.TP
.B raddr
Remote address for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B retries
Number of failed ping attempts before attempting reconnection.  Used by
.BR connect (8).
.TP
.B timeout
Timeout for ping probes.  Used by
.BR connect (8).
.TP
.B tunnel
Tunnel driver to use when adding the peer.  Used by
.BR connect (8)).
.TP
.B user
Peer will make active connection as
.IR user .
Used by
.BR connect (8)
and
.BR tripe-newpeers (8);
described below.
.
.SS "Conversion"
This section describes how the textual
.B peers.in
file is converted into the
.BR peers.cdb (5)
database.
.PP
The handling of each section depends on its name.
.hP \*o
Sections whose names have the form
.BI @ whatever
are ignored (though their contents may be relevant if the section is
named in another section's
.B @inherit
key).
.hP \*o
Sections whose names have the form
.BI $ whatever
are written to local-type database records with the same name.  The keys
and values defined in the section (and its parent section, if it
contains an
.B @inherit
key) are stored in the record using
.B form-urlencoding
as defined in RFC1822, except that the key-value pairs are separated by
semicolons
.RB ` ; '
rather than ampersands
.RB ` & '.
Keys whose names begin with
.RB ` @ '
are not written to the database.
.hP \*o
Other sections are written to peer-type database records, named
.BI P name \fR,
in exactly the same way as for local-type records.  However, two special
actions are also taken.
.IP
Firstly, if there is a key
.B auto
in the section (or in its parent, etc.), and the value is
.BR y ,
.BR yes .
.BR t ,
.BR true ,
.BR 1 ,
or
.BR on ,
then the section's name is added in the special
.B %AUTO
record.
.IP
Secondly, if there is a key
.B user
in the section (or in its parent, etc.), then a user record
.BI U user
is created whose contents is the section name.
.
.\"--------------------------------------------------------------------------
.SH "SEE ALSO"
.
.BR cdb (5),
.BR tripe (8).
.PP
.BR tripe-newpeers (8),
.BR peers.cdb (5),
.BR connect (8),
.BR tripe-ifup (8).
.
.\"--------------------------------------------------------------------------
.SH "AUTHOR"
.
Mark Wooding, <mdw@distorted.org.uk>
.
.\"----- That's all, folks --------------------------------------------------
Commit	Line	Data
6005ef9b MW	1	.\" --nroff--
	2	.\".
	3	.\" Manual for the peer configuration file
	4	.\"
	5	.\" (c) 2008 Straylight/Edgeware
	6	.\"
	7	.
	8	.\"----- Licensing notice ---------------------------------------------------
	9	.\"
	10	.\" This file is part of Trivial IP Encryption (TrIPE).
	11	.\"
11ad66c2 MW	12	.\" TrIPE is free software: you can redistribute it and/or modify it under
	13	.\" the terms of the GNU General Public License as published by the Free
	14	.\" Software Foundation; either version 3 of the License, or (at your
	15	.\" option) any later version.
6005ef9b	16	.\"
11ad66c2 MW	17	.\" TrIPE is distributed in the hope that it will be useful, but WITHOUT
	18	.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	19	.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	20	.\" for more details.
6005ef9b MW	21	.\"
6005ef9b MW	22	.\" You should have received a copy of the GNU General Public License
11ad66c2	23	.\" along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
6005ef9b MW	24	.
6005ef9b MW	25	.\"--------------------------------------------------------------------------
cd450424	26	.so ../common/defs.man \"@@@PRE@@@
6005ef9b MW	27	.
6005ef9b MW	28	.\"--------------------------------------------------------------------------
0647ba7c	29	.TH peers.in 5tripe "27 March 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
6005ef9b MW	30	.
	31	.\"--------------------------------------------------------------------------
	32	.SH "NAME"
	33	.
	34	peers.in \- source form for TrIPE peer database
	35	.
	36	.\"--------------------------------------------------------------------------
	37	.SH "DESCRIPTION"
	38	.
	39	The
	40	.B peers.in
	41	file is a plain text configuration file. It is read by
	42	.BR tripe-newpeers (8)
	43	in order to produce the
	44	.BR tripe.cdb (8)
	45	database used by services and other tools.
d64ce4ae	46	.
6005ef9b MW	47	.SS "General structure"
	48	The configuration file is line-oriented. Blank lines are ignored; lines
	49	beginning with a hash
	50	.RB ` # '
	51	or semicolon
	52	.RB ` ; '
	53	are ignored. The file is divided into sections by section headers,
	54	which are lines of the form
	55	.IP
	56	.BI [ name ]
	57	.PP
	58	Within each section are a number of assignments, of the form
	59	.IP
	60	.IB key " = " value
	61	.PP
	62	or (entirely equivalent)
	63	.IP
	64	.IB key ": " value
	65	.PP
	66	The
	67	.I key
	68	must start in the left hand column. The
	69	.I value
	70	may span multiple lines if subsequent lines begin with whitespace, in
	71	the manner of RFC822 headers.
	72	.PP
	73	There is a special case to be aware of: if a section doesn't specify a
	74	value for the key
	75	.B name
	76	then the section's own name is used as a default.
	77	.PP
	78	The following substitutions are made in the body of a value.
	79	.hP \*o
	80	An occurrence of
	81	.BI $( key )
	82	is replaced by the value assigned to the given
	83	.IR key .
	84	.hP \*o
	85	An occurrence of
	86	.BI $[ host ]
	87	is replaced by the IP address of the named
	88	.IR host .
	89	Note that
	90	.I host
	91	may itself contain
	92	.BI $( key )
	93	substitutions.
	94	.PP
	95	There is a simple concept of
	96	.I inheritance
	97	for sections. If a section contains an assignment
	98	.IP
833bdc38	99	.BI "@inherit = " parent
bd3db76c MW	100	.RB [[,]
	101	.I parent
	102	\&...]
6005ef9b MW	103	.PP
6005ef9b MW	104	then any lookups which can't be satisfied in that section will be
bd3db76c	105	satisfied instead from its
6005ef9b	106	.I parent
bd3db76c MW	107	sections (and, if necessary, their parents in turn, and so on).
	108	.PP
	109	.hP \*o
	110	If a value can be found for a key via multiple parents then all of them
	111	must report the
	112	.I same
	113	value. This restriction may be relaxed somewhat, if it turns out that a
	114	more flexible notion of multiple inheritance is useful.
	115	.hP \*o
	116	It's not allowed for a section to inherit, possibly indirectly, from
	117	itself. Currently errors of this kind are only diagnosed when a cycle
	118	is encountered while looking up a key and none of the sections on the
	119	path from the original section up to and round the cycle define a value
	120	for it. Future versions of this program might be more picky.
	121	.PP
	122	Note that
6005ef9b MW	123	.BI $( key )
6005ef9b MW	124	substitutions in the resulting value will be satisfied from the original
bd3db76c	125	section (though falling back to scanning parent sections). For
6005ef9b MW	126	example, given the sections
	127	.VS
	128	[parent]
f08fe72e	129	detail = in $(name)
6005ef9b	130	blurb = expand $(detail)
f08fe72e MW	131
	132	[child]
	133	@inherit = parent
2273401c	134	.VE
f08fe72e MW	135	the key
	136	.B blurb
	137	takes the value
	138	.RB ` "expand in parent" '
	139	in section
	140	.BR parent ,
	141	and
	142	.RB ` "expand in child" '
	143	in section
	144	.BR child .
	145	.PP
6005ef9b	146	Apart from its effect on lookups, as just described, the
833bdc38	147	.B @inherit
6005ef9b MW	148	key is entirely ignored. In particular, it is never written to the
6005ef9b MW	149	database.
d64ce4ae	150	.
6005ef9b MW	151	.SS "Standard keys and their meanings"
	152	The following keys have meanings to programs in the TrIPE suite. Other
	153	keys may be used by separately distributed extensions or for local use.
	154	The descriptions given are summaries only; see the references for
	155	details.
	156	.TP
	157	.B auto
	158	If true, include the peer in the
	159	.B %AUTO
	160	record. Used by
a62f8e8a MW	161	.BR connect (8)
a62f8e8a MW	162	and
6005ef9b MW	163	.BR tripe-newpeers (8);
	164	described below.
	165	.TP
a62f8e8a MW	166	.B connect
a62f8e8a MW	167	Shell command for initiating connection to this peer. Used by
d64ce4ae	168	.BR connect (8).
a62f8e8a MW	169	.TP
a62f8e8a MW	170	.B cork
6411163d	171	Don't initiate immediate key exchange. Used by
a62f8e8a MW	172	.BR connect (8).
a62f8e8a MW	173	.TP
d3731285 MW	174	.B disconnect
d3731285 MW	175	Shell command for closing down connection to this peer. Used by
d64ce4ae	176	.BR connect (8).
d3731285	177	.TP
067aa5f0 MW	178	.B ephemeral
	179	Mark the peer as ephemeral: see
	180	.BR tripe-admin (5)
	181	for what this means. Used by
	182	.BR connect (8).
	183	.TP
a62f8e8a MW	184	.B every
a62f8e8a MW	185	Interval for checking that the peer is still alive and well. Used by
d64ce4ae	186	.BR connect (8).
a62f8e8a MW	187	.TP
	188	.B ifdown
	189	Script to bring down tunnel interface connected to the peer. Used by
d64ce4ae	190	.BR connect (8).
a62f8e8a MW	191	.TP
	192	.B ifname
	193	Interface name to set for the tunnel interface to the peer. Used by
	194	.BR tripe-ifup (8).
	195	.TP
	196	.B ifup
	197	Script to bring up tunnel interface connected to the peer. Used by
d64ce4ae	198	.BR connect (8).
a62f8e8a MW	199	.TP
	200	.B ifupextra
	201	Script containing additional interface setup. Used by
	202	.BR tripe-ifup (8).
	203	.TP
	204	.B laddr
	205	Local address for the tunnel interface to the peer. Used by
	206	.BR tripe-ifup (8).
	207	.TP
	208	.B keepalive
	209	Interval for sending keepalive pings. Used by
	210	.BR connect (8).
	211	.TP
48b84569 MW	212	.B key
	213	Key tag to use to authenticate the peer. Used by
	214	.BR connect (8).
	215	.TP
8362ac1c MW	216	.B knock
	217	Knock string to send when establishing a dynamic connection. Used by
	218	.BR connect (8).
	219	.TP
6411163d MW	220	.B mobile
	221	Peer's IP address is highly volatile. Used by
	222	.BR connect (8).
	223	.TP
a62f8e8a MW	224	.B mtu
	225	Maximum transmission unit for the tunnel interface. Used by
	226	.BR tripe-ifup (8).
	227	.TP
	228	.B nets
	229	Networks to be routed over the tunnel interface. Used by
	230	.BR tripe-ifup (8).
	231	.TP
	232	.B peer
	233	Network address for this peer, or
	234	.BR PASSIVE .
	235	Used by
	236	.BR connect (8).
	237	.TP
fe2a5dcf MW	238	.B priv
fe2a5dcf MW	239	Tag of the private key to use when communicating with the peer.
d64ce4ae MW	240	Used by
d64ce4ae MW	241	.BR connect (8).
fe2a5dcf	242	.TP
a62f8e8a MW	243	.B raddr
	244	Remote address for the tunnel interface to the peer. Used by
	245	.BR tripe-ifup (8).
	246	.TP
	247	.B retries
	248	Number of failed ping attempts before attempting reconnection. Used by
d64ce4ae	249	.BR connect (8).
a62f8e8a MW	250	.TP
	251	.B timeout
	252	Timeout for ping probes. Used by
d64ce4ae	253	.BR connect (8).
a62f8e8a MW	254	.TP
	255	.B tunnel
	256	Tunnel driver to use when adding the peer. Used by
	257	.BR connect (8)).
	258	.TP
6005ef9b MW	259	.B user
	260	Peer will make active connection as
	261	.IR user .
	262	Used by
a62f8e8a MW	263	.BR connect (8)
a62f8e8a MW	264	and
6005ef9b MW	265	.BR tripe-newpeers (8);
6005ef9b MW	266	described below.
d64ce4ae	267	.
6005ef9b MW	268	.SS "Conversion"
	269	This section describes how the textual
	270	.B peers.in
	271	file is converted into the
	272	.BR peers.cdb (5)
	273	database.
	274	.PP
	275	The handling of each section depends on its name.
	276	.hP \*o
	277	Sections whose names have the form
	278	.BI @ whatever
	279	are ignored (though their contents may be relevant if the section is
	280	named in another section's
833bdc38	281	.B @inherit
6005ef9b MW	282	key).
	283	.hP \*o
	284	Sections whose names have the form
	285	.BI $ whatever
	286	are written to local-type database records with the same name. The keys
	287	and values defined in the section (and its parent section, if it
	288	contains an
833bdc38	289	.B @inherit
6005ef9b MW	290	key) are stored in the record using
	291	.B form-urlencoding
	292	as defined in RFC1822, except that the key-value pairs are separated by
	293	semicolons
	294	.RB ` ; '
	295	rather than ampersands
	296	.RB ` & '.
6c2ee518 MW	297	Keys whose names begin with
	298	.RB ` @ '
	299	are not written to the database.
6005ef9b MW	300	.hP \*o
	301	Other sections are written to peer-type database records, named
	302	.BI P name \fR,
	303	in exactly the same way as for local-type records. However, two special
	304	actions are also taken.
	305	.IP
	306	Firstly, if there is a key
	307	.B auto
	308	in the section (or in its parent, etc.), and the value is
	309	.BR y ,
	310	.BR yes .
	311	.BR t ,
	312	.BR true ,
	313	.BR 1 ,
	314	or
	315	.BR on ,
	316	then the section's name is added in the special
	317	.B %AUTO
	318	record.
	319	.IP
	320	Secondly, if there is a key
	321	.B user
	322	in the section (or in its parent, etc.), then a user record
	323	.BI U user
	324	is created whose contents is the section name.
	325	.
	326	.\"--------------------------------------------------------------------------
	327	.SH "SEE ALSO"
	328	.
	329	.BR cdb (5),
	330	.BR tripe (8).
	331	.PP
	332	.BR tripe-newpeers (8),
	333	.BR peers.cdb (5),
a62f8e8a	334	.BR connect (8),
6005ef9b MW	335	.BR tripe-ifup (8).
	336	.
	337	.\"--------------------------------------------------------------------------
	338	.SH "AUTHOR"
	339	.
	340	Mark Wooding, <mdw@distorted.org.uk>
	341	.
	342	.\"----- That's all, folks --------------------------------------------------