[tripe] / peerdb / peers.in.5.in

.\" -*-nroff-*-
.\".
.\" Manual for the peer configuration file
.\"
.\" (c) 2008 Straylight/Edgeware
.\"
.
.\"----- Licensing notice ---------------------------------------------------
.\"
.\" This file is part of Trivial IP Encryption (TrIPE).
.\"
.\" TrIPE is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation; either version 2 of the License, or
.\" (at your option) any later version.
.\"
.\" TrIPE is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with TrIPE; if not, write to the Free Software Foundation,
.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
.
.\"--------------------------------------------------------------------------
.so ../defs.man.in \"@@@PRE@@@
.
.\"--------------------------------------------------------------------------
.TH peers.in 5 "27 March 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
.
peers.in \- source form for TrIPE peer database
.
.\"--------------------------------------------------------------------------
.SH "DESCRIPTION"
.
The
.B peers.in
file is a plain text configuration file.  It is read by
.BR tripe-newpeers (8)
in order to produce the
.BR tripe.cdb (8)
database used by services and other tools.
.SS "General structure"
The configuration file is line-oriented.  Blank lines are ignored; lines
beginning with a hash
.RB ` # '
or semicolon
.RB ` ; '
are ignored.  The file is divided into sections by section headers,
which are lines of the form
.IP
.BI [ name ]
.PP
Within each section are a number of assignments, of the form
.IP
.IB key " = " value
.PP
or (entirely equivalent)
.IP
.IB key ": " value
.PP
The
.I key
must start in the left hand column.  The
.I value
may span multiple lines if subsequent lines begin with whitespace, in
the manner of RFC822 headers.
.PP
There is a special case to be aware of: if a section doesn't specify a
value for the key
.B name
then the section's own name is used as a default.
.PP
The following substitutions are made in the body of a value.
.hP \*o
An occurrence of
.BI $( key )
is replaced by the value assigned to the given
.IR key .
.hP \*o
An occurrence of
.BI $[ host ]
is replaced by the IP address of the named
.IR host .
Note that
.I host
may itself contain
.BI $( key )
substitutions.
.PP
There is a simple concept of
.I inheritance
for sections.  If a section contains an assignment
.IP
.BI "@inherits = " parent
.PP
then any lookups which can't be satisfied in that section will be
satisfied instead from the
.I parent
section (and, if necessary, its parent in turn, and so on).  Note that
.BI $( key )
substitutions in the resulting value will be satisfied from the original
section (though falling back to scanning the parent section).  For
example, given the sections
.VS
[parent]
detail = in parent
blurb = expand $(detail)
.VE
Apart from its effect on lookups, as just described, the
.B @inherits
key is entirely ignored.  In particular, it is never written to the
database.
.SS "Standard keys and their meanings"
The following keys have meanings to programs in the TrIPE suite.  Other
keys may be used by separately distributed extensions or for local use.
The descriptions given are summaries only; see the references for
details.
.TP
.B auto
If true, include the peer in the
.B %AUTO
record.  Used by
.BR connect (8)
and
.BR tripe-newpeers (8);
described below.
.TP
.B connect
Shell command for initiating connection to this peer.  Used by
.BR watch (8).
.TP
.B cork
Don't initiate immediate key exchange.  Used by
.BR connect (8).
.TP
.B disconnect
Shell command for closing down connection to this peer.  Used by
.BR watch (8).
.TP
.B every
Interval for checking that the peer is still alive and well.  Used by
.BR watch (8).
.TP
.B ifdown
Script to bring down tunnel interface connected to the peer.  Used by
.BR watch (8).
.TP
.B ifname
Interface name to set for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B ifup
Script to bring up tunnel interface connected to the peer.  Used by
.BR watch (8).
.TP
.B ifupextra
Script containing additional interface setup.  Used by
.BR tripe-ifup (8).
.TP
.B laddr
Local address for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B keepalive
Interval for sending keepalive pings.  Used by
.BR connect (8).
.TP
.B key
Key tag to use to authenticate the peer.  Used by
.BR connect (8).
.TP
.B mobile
Peer's IP address is highly volatile.  Used by
.BR connect (8).
.TP
.B mtu
Maximum transmission unit for the tunnel interface.  Used by
.BR tripe-ifup (8).
.TP
.B nets
Networks to be routed over the tunnel interface.  Used by
.BR tripe-ifup (8).
.TP
.B peer
Network address for this peer, or
.BR PASSIVE .
Used by
.BR connect (8).
.TP
.B priv
Tag of the private key to use when communicating with the peer.
.TP
.B raddr
Remote address for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B retries
Number of failed ping attempts before attempting reconnection.  Used by
.BR watch (8).
.TP
.B timeout
Timeout for ping probes.  Used by
.BR watch (8).
.TP
.B tunnel
Tunnel driver to use when adding the peer.  Used by
.BR connect (8)).
.TP
.B user
Peer will make active connection as
.IR user .
Used by
.BR connect (8)
and
.BR tripe-newpeers (8);
described below.
.SS "Conversion"
This section describes how the textual
.B peers.in
file is converted into the
.BR peers.cdb (5)
database.
.PP
The handling of each section depends on its name.
.hP \*o
Sections whose names have the form
.BI @ whatever
are ignored (though their contents may be relevant if the section is
named in another section's
.B @inherits
key).
.hP \*o
Sections whose names have the form
.BI $ whatever
are written to local-type database records with the same name.  The keys
and values defined in the section (and its parent section, if it
contains an
.B @inherits
key) are stored in the record using
.B form-urlencoding
as defined in RFC1822, except that the key-value pairs are separated by
semicolons
.RB ` ; '
rather than ampersands
.RB ` & '.
The
.B @inherits
key-value pair is not written to the database.
.hP \*o
Other sections are written to peer-type database records, named
.BI P name \fR,
in exactly the same way as for local-type records.  However, two special
actions are also taken.
.IP
Firstly, if there is a key
.B auto
in the section (or in its parent, etc.), and the value is
.BR y ,
.BR yes .
.BR t ,
.BR true ,
.BR 1 ,
or
.BR on ,
then the section's name is added in the special
.B %AUTO
record.
.IP
Secondly, if there is a key
.B user
in the section (or in its parent, etc.), then a user record
.BI U user
is created whose contents is the section name.
.
.\"--------------------------------------------------------------------------
.SH "SEE ALSO"
.
.BR cdb (5),
.BR tripe (8).
.PP
.BR tripe-newpeers (8),
.BR peers.cdb (5),
.BR connect (8),
.BR watch (8),
.BR tripe-ifup (8).
.
.\"--------------------------------------------------------------------------
.SH "AUTHOR"
.
Mark Wooding, <mdw@distorted.org.uk>
.
.\"----- That's all, folks --------------------------------------------------
Commit	Line	Data
6005ef9b MW	1	.\" --nroff--
	2	.\".
	3	.\" Manual for the peer configuration file
	4	.\"
	5	.\" (c) 2008 Straylight/Edgeware
	6	.\"
	7	.
	8	.\"----- Licensing notice ---------------------------------------------------
	9	.\"
	10	.\" This file is part of Trivial IP Encryption (TrIPE).
	11	.\"
	12	.\" TrIPE is free software; you can redistribute it and/or modify
	13	.\" it under the terms of the GNU General Public License as published by
	14	.\" the Free Software Foundation; either version 2 of the License, or
	15	.\" (at your option) any later version.
	16	.\"
	17	.\" TrIPE is distributed in the hope that it will be useful,
	18	.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	.\" GNU General Public License for more details.
	21	.\"
	22	.\" You should have received a copy of the GNU General Public License
	23	.\" along with TrIPE; if not, write to the Free Software Foundation,
	24	.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25	.
	26	.\"--------------------------------------------------------------------------
	27	.so ../defs.man.in \"@@@PRE@@@
	28	.
	29	.\"--------------------------------------------------------------------------
	30	.TH peers.in 5 "27 March 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
	31	.
	32	.\"--------------------------------------------------------------------------
	33	.SH "NAME"
	34	.
	35	peers.in \- source form for TrIPE peer database
	36	.
	37	.\"--------------------------------------------------------------------------
	38	.SH "DESCRIPTION"
	39	.
	40	The
	41	.B peers.in
	42	file is a plain text configuration file. It is read by
	43	.BR tripe-newpeers (8)
	44	in order to produce the
	45	.BR tripe.cdb (8)
	46	database used by services and other tools.
	47	.SS "General structure"
	48	The configuration file is line-oriented. Blank lines are ignored; lines
	49	beginning with a hash
	50	.RB ` # '
	51	or semicolon
	52	.RB ` ; '
	53	are ignored. The file is divided into sections by section headers,
	54	which are lines of the form
	55	.IP
	56	.BI [ name ]
	57	.PP
	58	Within each section are a number of assignments, of the form
	59	.IP
	60	.IB key " = " value
	61	.PP
	62	or (entirely equivalent)
	63	.IP
	64	.IB key ": " value
65	.PP
66	The
67	.I key
68	must start in the left hand column. The
69	.I value
70	may span multiple lines if subsequent lines begin with whitespace, in
71	the manner of RFC822 headers.
72	.PP
73	There is a special case to be aware of: if a section doesn't specify a
74	value for the key
75	.B name
76	then the section's own name is used as a default.
77	.PP
78	The following substitutions are made in the body of a value.
79	.hP \*o
80	An occurrence of
81	.BI $( key )
82	is replaced by the value assigned to the given
83	.IR key .
84	.hP \*o
85	An occurrence of
86	.BI $[ host ]
87	is replaced by the IP address of the named
88	.IR host .
89	Note that
90	.I host
91	may itself contain
92	.BI $( key )
93	substitutions.
94	.PP
95	There is a simple concept of
96	.I inheritance
97	for sections. If a section contains an assignment
98	.IP
99	.BI "@inherits = " parent
100	.PP
101	then any lookups which can't be satisfied in that section will be
102	satisfied instead from the
103	.I parent
104	section (and, if necessary, its parent in turn, and so on). Note that
105	.BI $( key )
106	substitutions in the resulting value will be satisfied from the original
107	section (though falling back to scanning the parent section). For
108	example, given the sections
109	.VS
110	[parent]
111	detail = in parent
112	blurb = expand $(detail)
2273401c	113	.VE
6005ef9b MW	114	Apart from its effect on lookups, as just described, the
	115	.B @inherits
	116	key is entirely ignored. In particular, it is never written to the
	117	database.
	118	.SS "Standard keys and their meanings"
	119	The following keys have meanings to programs in the TrIPE suite. Other
	120	keys may be used by separately distributed extensions or for local use.
	121	The descriptions given are summaries only; see the references for
	122	details.
	123	.TP
	124	.B auto
	125	If true, include the peer in the
	126	.B %AUTO
	127	record. Used by
a62f8e8a MW	128	.BR connect (8)
a62f8e8a MW	129	and
6005ef9b MW	130	.BR tripe-newpeers (8);
	131	described below.
	132	.TP
a62f8e8a MW	133	.B connect
	134	Shell command for initiating connection to this peer. Used by
	135	.BR watch (8).
	136	.TP
	137	.B cork
6411163d	138	Don't initiate immediate key exchange. Used by
a62f8e8a MW	139	.BR connect (8).
a62f8e8a MW	140	.TP
d3731285 MW	141	.B disconnect
	142	Shell command for closing down connection to this peer. Used by
	143	.BR watch (8).
	144	.TP
a62f8e8a MW	145	.B every
	146	Interval for checking that the peer is still alive and well. Used by
	147	.BR watch (8).
	148	.TP
	149	.B ifdown
	150	Script to bring down tunnel interface connected to the peer. Used by
	151	.BR watch (8).
	152	.TP
	153	.B ifname
	154	Interface name to set for the tunnel interface to the peer. Used by
	155	.BR tripe-ifup (8).
	156	.TP
	157	.B ifup
	158	Script to bring up tunnel interface connected to the peer. Used by
	159	.BR watch (8).
	160	.TP
	161	.B ifupextra
	162	Script containing additional interface setup. Used by
	163	.BR tripe-ifup (8).
	164	.TP
	165	.B laddr
	166	Local address for the tunnel interface to the peer. Used by
	167	.BR tripe-ifup (8).
	168	.TP
	169	.B keepalive
	170	Interval for sending keepalive pings. Used by
	171	.BR connect (8).
	172	.TP
48b84569 MW	173	.B key
	174	Key tag to use to authenticate the peer. Used by
	175	.BR connect (8).
	176	.TP
6411163d MW	177	.B mobile
	178	Peer's IP address is highly volatile. Used by
	179	.BR connect (8).
	180	.TP
a62f8e8a MW	181	.B mtu
	182	Maximum transmission unit for the tunnel interface. Used by
	183	.BR tripe-ifup (8).
	184	.TP
	185	.B nets
	186	Networks to be routed over the tunnel interface. Used by
	187	.BR tripe-ifup (8).
	188	.TP
	189	.B peer
	190	Network address for this peer, or
	191	.BR PASSIVE .
	192	Used by
	193	.BR connect (8).
	194	.TP
fe2a5dcf MW	195	.B priv
	196	Tag of the private key to use when communicating with the peer.
	197	.TP
a62f8e8a MW	198	.B raddr
	199	Remote address for the tunnel interface to the peer. Used by
	200	.BR tripe-ifup (8).
	201	.TP
	202	.B retries
	203	Number of failed ping attempts before attempting reconnection. Used by
	204	.BR watch (8).
	205	.TP
	206	.B timeout
	207	Timeout for ping probes. Used by
	208	.BR watch (8).
	209	.TP
	210	.B tunnel
	211	Tunnel driver to use when adding the peer. Used by
	212	.BR connect (8)).
	213	.TP
6005ef9b MW	214	.B user
	215	Peer will make active connection as
	216	.IR user .
	217	Used by
a62f8e8a MW	218	.BR connect (8)
a62f8e8a MW	219	and
6005ef9b MW	220	.BR tripe-newpeers (8);
	221	described below.
	222	.SS "Conversion"
	223	This section describes how the textual
	224	.B peers.in
	225	file is converted into the
	226	.BR peers.cdb (5)
	227	database.
	228	.PP
	229	The handling of each section depends on its name.
	230	.hP \*o
	231	Sections whose names have the form
	232	.BI @ whatever
	233	are ignored (though their contents may be relevant if the section is
	234	named in another section's
	235	.B @inherits
	236	key).
	237	.hP \*o
	238	Sections whose names have the form
	239	.BI $ whatever
	240	are written to local-type database records with the same name. The keys
	241	and values defined in the section (and its parent section, if it
	242	contains an
	243	.B @inherits
	244	key) are stored in the record using
	245	.B form-urlencoding
	246	as defined in RFC1822, except that the key-value pairs are separated by
	247	semicolons
	248	.RB ` ; '
	249	rather than ampersands
	250	.RB ` & '.
	251	The
	252	.B @inherits
	253	key-value pair is not written to the database.
	254	.hP \*o
	255	Other sections are written to peer-type database records, named
	256	.BI P name \fR,
	257	in exactly the same way as for local-type records. However, two special
	258	actions are also taken.
	259	.IP
	260	Firstly, if there is a key
	261	.B auto
	262	in the section (or in its parent, etc.), and the value is
	263	.BR y ,
	264	.BR yes .
	265	.BR t ,
	266	.BR true ,
	267	.BR 1 ,
	268	or
	269	.BR on ,
	270	then the section's name is added in the special
	271	.B %AUTO
	272	record.
	273	.IP
	274	Secondly, if there is a key
	275	.B user
	276	in the section (or in its parent, etc.), then a user record
	277	.BI U user
	278	is created whose contents is the section name.
	279	.
	280	.\"--------------------------------------------------------------------------
	281	.SH "SEE ALSO"
	282	.
	283	.BR cdb (5),
284	.BR tripe (8).
285	.PP
286	.BR tripe-newpeers (8),
287	.BR peers.cdb (5),
a62f8e8a MW	288	.BR connect (8),
a62f8e8a MW	289	.BR watch (8),
6005ef9b MW	290	.BR tripe-ifup (8).
	291	.
	292	.\"--------------------------------------------------------------------------
	293	.SH "AUTHOR"
	294	.
	295	Mark Wooding, <mdw@distorted.org.uk>
	296	.
	297	.\"----- That's all, folks --------------------------------------------------