[tripe] / peerdb / peers.in.5.in

.\" -*-nroff-*-
.\".
.\" Manual for the peer configuration file
.\"
.\" (c) 2008 Straylight/Edgeware
.\"
.
.\"----- Licensing notice ---------------------------------------------------
.\"
.\" This file is part of Trivial IP Encryption (TrIPE).
.\"
.\" TrIPE is free software; you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation; either version 2 of the License, or
.\" (at your option) any later version.
.\"
.\" TrIPE is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with TrIPE; if not, write to the Free Software Foundation,
.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
.
.\"--------------------------------------------------------------------------
.so ../defs.man.in \"@@@PRE@@@
.
.\"--------------------------------------------------------------------------
.TH peers.in 5tripe "27 March 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
.
peers.in \- source form for TrIPE peer database
.
.\"--------------------------------------------------------------------------
.SH "DESCRIPTION"
.
The
.B peers.in
file is a plain text configuration file.  It is read by
.BR tripe-newpeers (8)
in order to produce the
.BR tripe.cdb (8)
database used by services and other tools.
.
.SS "General structure"
The configuration file is line-oriented.  Blank lines are ignored; lines
beginning with a hash
.RB ` # '
or semicolon
.RB ` ; '
are ignored.  The file is divided into sections by section headers,
which are lines of the form
.IP
.BI [ name ]
.PP
Within each section are a number of assignments, of the form
.IP
.IB key " = " value
.PP
or (entirely equivalent)
.IP
.IB key ": " value
.PP
The
.I key
must start in the left hand column.  The
.I value
may span multiple lines if subsequent lines begin with whitespace, in
the manner of RFC822 headers.
.PP
There is a special case to be aware of: if a section doesn't specify a
value for the key
.B name
then the section's own name is used as a default.
.PP
The following substitutions are made in the body of a value.
.hP \*o
An occurrence of
.BI $( key )
is replaced by the value assigned to the given
.IR key .
.hP \*o
An occurrence of
.BI $[ host ]
is replaced by the IP address of the named
.IR host .
Note that
.I host
may itself contain
.BI $( key )
substitutions.
.PP
There is a simple concept of
.I inheritance
for sections.  If a section contains an assignment
.IP
.BI "@inherit = " parent
.RB [[,]
.I parent
\&...]
.PP
then any lookups which can't be satisfied in that section will be
satisfied instead from its
.I parent
sections (and, if necessary, their parents in turn, and so on).
.PP
.hP \*o
If a value can be found for a key via multiple parents then all of them
must report the
.I same
value.  This restriction may be relaxed somewhat, if it turns out that a
more flexible notion of multiple inheritance is useful.
.hP \*o
It's not allowed for a section to inherit, possibly indirectly, from
itself.  Currently errors of this kind are only diagnosed when a cycle
is encountered while looking up a key and none of the sections on the
path from the original section up to and round the cycle define a value
for it.  Future versions of this program might be more picky.
.PP
Note that
.BI $( key )
substitutions in the resulting value will be satisfied from the original
section (though falling back to scanning parent sections).  For
example, given the sections
.VS
[parent]
detail = in $(name)
blurb = expand $(detail)

[child]
@inherit = parent
.VE
the key
.B blurb
takes the value
.RB ` "expand in parent" '
in section
.BR parent ,
and
.RB ` "expand in child" '
in section
.BR child .
.PP
Apart from its effect on lookups, as just described, the
.B @inherit
key is entirely ignored.  In particular, it is never written to the
database.
.
.SS "Standard keys and their meanings"
The following keys have meanings to programs in the TrIPE suite.  Other
keys may be used by separately distributed extensions or for local use.
The descriptions given are summaries only; see the references for
details.
.TP
.B auto
If true, include the peer in the
.B %AUTO
record.  Used by
.BR connect (8)
and
.BR tripe-newpeers (8);
described below.
.TP
.B connect
Shell command for initiating connection to this peer.  Used by
.BR connect (8).
.TP
.B cork
Don't initiate immediate key exchange.  Used by
.BR connect (8).
.TP
.B disconnect
Shell command for closing down connection to this peer.  Used by
.BR connect (8).
.TP
.B every
Interval for checking that the peer is still alive and well.  Used by
.BR connect (8).
.TP
.B ifdown
Script to bring down tunnel interface connected to the peer.  Used by
.BR connect (8).
.TP
.B ifname
Interface name to set for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B ifup
Script to bring up tunnel interface connected to the peer.  Used by
.BR connect (8).
.TP
.B ifupextra
Script containing additional interface setup.  Used by
.BR tripe-ifup (8).
.TP
.B laddr
Local address for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B keepalive
Interval for sending keepalive pings.  Used by
.BR connect (8).
.TP
.B key
Key tag to use to authenticate the peer.  Used by
.BR connect (8).
.TP
.B mobile
Peer's IP address is highly volatile.  Used by
.BR connect (8).
.TP
.B mtu
Maximum transmission unit for the tunnel interface.  Used by
.BR tripe-ifup (8).
.TP
.B nets
Networks to be routed over the tunnel interface.  Used by
.BR tripe-ifup (8).
.TP
.B peer
Network address for this peer, or
.BR PASSIVE .
Used by
.BR connect (8).
.TP
.B priv
Tag of the private key to use when communicating with the peer.
Used by
.BR connect (8).
.TP
.B raddr
Remote address for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B retries
Number of failed ping attempts before attempting reconnection.  Used by
.BR connect (8).
.TP
.B timeout
Timeout for ping probes.  Used by
.BR connect (8).
.TP
.B tunnel
Tunnel driver to use when adding the peer.  Used by
.BR connect (8)).
.TP
.B user
Peer will make active connection as
.IR user .
Used by
.BR connect (8)
and
.BR tripe-newpeers (8);
described below.
.
.SS "Conversion"
This section describes how the textual
.B peers.in
file is converted into the
.BR peers.cdb (5)
database.
.PP
The handling of each section depends on its name.
.hP \*o
Sections whose names have the form
.BI @ whatever
are ignored (though their contents may be relevant if the section is
named in another section's
.B @inherit
key).
.hP \*o
Sections whose names have the form
.BI $ whatever
are written to local-type database records with the same name.  The keys
and values defined in the section (and its parent section, if it
contains an
.B @inherit
key) are stored in the record using
.B form-urlencoding
as defined in RFC1822, except that the key-value pairs are separated by
semicolons
.RB ` ; '
rather than ampersands
.RB ` & '.
The
.B @inherit
key-value pair is not written to the database.
.hP \*o
Other sections are written to peer-type database records, named
.BI P name \fR,
in exactly the same way as for local-type records.  However, two special
actions are also taken.
.IP
Firstly, if there is a key
.B auto
in the section (or in its parent, etc.), and the value is
.BR y ,
.BR yes .
.BR t ,
.BR true ,
.BR 1 ,
or
.BR on ,
then the section's name is added in the special
.B %AUTO
record.
.IP
Secondly, if there is a key
.B user
in the section (or in its parent, etc.), then a user record
.BI U user
is created whose contents is the section name.
.
.\"--------------------------------------------------------------------------
.SH "SEE ALSO"
.
.BR cdb (5),
.BR tripe (8).
.PP
.BR tripe-newpeers (8),
.BR peers.cdb (5),
.BR connect (8),
.BR tripe-ifup (8).
.
.\"--------------------------------------------------------------------------
.SH "AUTHOR"
.
Mark Wooding, <mdw@distorted.org.uk>
.
.\"----- That's all, folks --------------------------------------------------
Commit	Line	Data
6005ef9b MW	1	.\" --nroff--
	2	.\".
	3	.\" Manual for the peer configuration file
	4	.\"
	5	.\" (c) 2008 Straylight/Edgeware
	6	.\"
	7	.
	8	.\"----- Licensing notice ---------------------------------------------------
	9	.\"
	10	.\" This file is part of Trivial IP Encryption (TrIPE).
	11	.\"
	12	.\" TrIPE is free software; you can redistribute it and/or modify
	13	.\" it under the terms of the GNU General Public License as published by
	14	.\" the Free Software Foundation; either version 2 of the License, or
	15	.\" (at your option) any later version.
	16	.\"
	17	.\" TrIPE is distributed in the hope that it will be useful,
	18	.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	.\" GNU General Public License for more details.
	21	.\"
	22	.\" You should have received a copy of the GNU General Public License
	23	.\" along with TrIPE; if not, write to the Free Software Foundation,
	24	.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25	.
	26	.\"--------------------------------------------------------------------------
	27	.so ../defs.man.in \"@@@PRE@@@
	28	.
	29	.\"--------------------------------------------------------------------------
0647ba7c	30	.TH peers.in 5tripe "27 March 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
6005ef9b MW	31	.
	32	.\"--------------------------------------------------------------------------
	33	.SH "NAME"
	34	.
	35	peers.in \- source form for TrIPE peer database
	36	.
	37	.\"--------------------------------------------------------------------------
	38	.SH "DESCRIPTION"
	39	.
	40	The
	41	.B peers.in
	42	file is a plain text configuration file. It is read by
	43	.BR tripe-newpeers (8)
	44	in order to produce the
	45	.BR tripe.cdb (8)
	46	database used by services and other tools.
d64ce4ae	47	.
6005ef9b MW	48	.SS "General structure"
	49	The configuration file is line-oriented. Blank lines are ignored; lines
	50	beginning with a hash
	51	.RB ` # '
	52	or semicolon
	53	.RB ` ; '
	54	are ignored. The file is divided into sections by section headers,
	55	which are lines of the form
	56	.IP
	57	.BI [ name ]
	58	.PP
	59	Within each section are a number of assignments, of the form
	60	.IP
	61	.IB key " = " value
	62	.PP
	63	or (entirely equivalent)
	64	.IP
	65	.IB key ": " value
	66	.PP
	67	The
	68	.I key
	69	must start in the left hand column. The
	70	.I value
	71	may span multiple lines if subsequent lines begin with whitespace, in
	72	the manner of RFC822 headers.
	73	.PP
	74	There is a special case to be aware of: if a section doesn't specify a
	75	value for the key
	76	.B name
	77	then the section's own name is used as a default.
	78	.PP
	79	The following substitutions are made in the body of a value.
	80	.hP \*o
	81	An occurrence of
	82	.BI $( key )
	83	is replaced by the value assigned to the given
	84	.IR key .
	85	.hP \*o
	86	An occurrence of
	87	.BI $[ host ]
	88	is replaced by the IP address of the named
	89	.IR host .
	90	Note that
	91	.I host
	92	may itself contain
	93	.BI $( key )
	94	substitutions.
	95	.PP
	96	There is a simple concept of
	97	.I inheritance
	98	for sections. If a section contains an assignment
	99	.IP
833bdc38	100	.BI "@inherit = " parent
bd3db76c MW	101	.RB [[,]
	102	.I parent
	103	\&...]
6005ef9b MW	104	.PP
6005ef9b MW	105	then any lookups which can't be satisfied in that section will be
bd3db76c	106	satisfied instead from its
6005ef9b	107	.I parent
bd3db76c MW	108	sections (and, if necessary, their parents in turn, and so on).
	109	.PP
	110	.hP \*o
	111	If a value can be found for a key via multiple parents then all of them
	112	must report the
	113	.I same
	114	value. This restriction may be relaxed somewhat, if it turns out that a
	115	more flexible notion of multiple inheritance is useful.
	116	.hP \*o
	117	It's not allowed for a section to inherit, possibly indirectly, from
	118	itself. Currently errors of this kind are only diagnosed when a cycle
	119	is encountered while looking up a key and none of the sections on the
	120	path from the original section up to and round the cycle define a value
	121	for it. Future versions of this program might be more picky.
	122	.PP
	123	Note that
6005ef9b MW	124	.BI $( key )
6005ef9b MW	125	substitutions in the resulting value will be satisfied from the original
bd3db76c	126	section (though falling back to scanning parent sections). For
6005ef9b MW	127	example, given the sections
	128	.VS
	129	[parent]
f08fe72e	130	detail = in $(name)
6005ef9b	131	blurb = expand $(detail)
f08fe72e MW	132
	133	[child]
	134	@inherit = parent
2273401c	135	.VE
f08fe72e MW	136	the key
	137	.B blurb
	138	takes the value
	139	.RB ` "expand in parent" '
	140	in section
	141	.BR parent ,
	142	and
	143	.RB ` "expand in child" '
	144	in section
	145	.BR child .
	146	.PP
6005ef9b	147	Apart from its effect on lookups, as just described, the
833bdc38	148	.B @inherit
6005ef9b MW	149	key is entirely ignored. In particular, it is never written to the
6005ef9b MW	150	database.
d64ce4ae	151	.
6005ef9b MW	152	.SS "Standard keys and their meanings"
	153	The following keys have meanings to programs in the TrIPE suite. Other
	154	keys may be used by separately distributed extensions or for local use.
	155	The descriptions given are summaries only; see the references for
	156	details.
	157	.TP
	158	.B auto
	159	If true, include the peer in the
	160	.B %AUTO
	161	record. Used by
a62f8e8a MW	162	.BR connect (8)
a62f8e8a MW	163	and
6005ef9b MW	164	.BR tripe-newpeers (8);
	165	described below.
	166	.TP
a62f8e8a MW	167	.B connect
a62f8e8a MW	168	Shell command for initiating connection to this peer. Used by
d64ce4ae	169	.BR connect (8).
a62f8e8a MW	170	.TP
a62f8e8a MW	171	.B cork
6411163d	172	Don't initiate immediate key exchange. Used by
a62f8e8a MW	173	.BR connect (8).
a62f8e8a MW	174	.TP
d3731285 MW	175	.B disconnect
d3731285 MW	176	Shell command for closing down connection to this peer. Used by
d64ce4ae	177	.BR connect (8).
d3731285	178	.TP
a62f8e8a MW	179	.B every
a62f8e8a MW	180	Interval for checking that the peer is still alive and well. Used by
d64ce4ae	181	.BR connect (8).
a62f8e8a MW	182	.TP
	183	.B ifdown
	184	Script to bring down tunnel interface connected to the peer. Used by
d64ce4ae	185	.BR connect (8).
a62f8e8a MW	186	.TP
	187	.B ifname
	188	Interface name to set for the tunnel interface to the peer. Used by
	189	.BR tripe-ifup (8).
	190	.TP
	191	.B ifup
	192	Script to bring up tunnel interface connected to the peer. Used by
d64ce4ae	193	.BR connect (8).
a62f8e8a MW	194	.TP
	195	.B ifupextra
	196	Script containing additional interface setup. Used by
	197	.BR tripe-ifup (8).
	198	.TP
	199	.B laddr
	200	Local address for the tunnel interface to the peer. Used by
	201	.BR tripe-ifup (8).
	202	.TP
	203	.B keepalive
	204	Interval for sending keepalive pings. Used by
	205	.BR connect (8).
	206	.TP
48b84569 MW	207	.B key
	208	Key tag to use to authenticate the peer. Used by
	209	.BR connect (8).
	210	.TP
6411163d MW	211	.B mobile
	212	Peer's IP address is highly volatile. Used by
	213	.BR connect (8).
	214	.TP
a62f8e8a MW	215	.B mtu
	216	Maximum transmission unit for the tunnel interface. Used by
	217	.BR tripe-ifup (8).
	218	.TP
	219	.B nets
	220	Networks to be routed over the tunnel interface. Used by
	221	.BR tripe-ifup (8).
	222	.TP
	223	.B peer
	224	Network address for this peer, or
	225	.BR PASSIVE .
	226	Used by
	227	.BR connect (8).
	228	.TP
fe2a5dcf MW	229	.B priv
fe2a5dcf MW	230	Tag of the private key to use when communicating with the peer.
d64ce4ae MW	231	Used by
d64ce4ae MW	232	.BR connect (8).
fe2a5dcf	233	.TP
a62f8e8a MW	234	.B raddr
	235	Remote address for the tunnel interface to the peer. Used by
	236	.BR tripe-ifup (8).
	237	.TP
	238	.B retries
	239	Number of failed ping attempts before attempting reconnection. Used by
d64ce4ae	240	.BR connect (8).
a62f8e8a MW	241	.TP
	242	.B timeout
	243	Timeout for ping probes. Used by
d64ce4ae	244	.BR connect (8).
a62f8e8a MW	245	.TP
	246	.B tunnel
	247	Tunnel driver to use when adding the peer. Used by
	248	.BR connect (8)).
	249	.TP
6005ef9b MW	250	.B user
	251	Peer will make active connection as
	252	.IR user .
	253	Used by
a62f8e8a MW	254	.BR connect (8)
a62f8e8a MW	255	and
6005ef9b MW	256	.BR tripe-newpeers (8);
6005ef9b MW	257	described below.
d64ce4ae	258	.
6005ef9b MW	259	.SS "Conversion"
	260	This section describes how the textual
	261	.B peers.in
	262	file is converted into the
	263	.BR peers.cdb (5)
	264	database.
	265	.PP
	266	The handling of each section depends on its name.
	267	.hP \*o
	268	Sections whose names have the form
	269	.BI @ whatever
	270	are ignored (though their contents may be relevant if the section is
	271	named in another section's
833bdc38	272	.B @inherit
6005ef9b MW	273	key).
	274	.hP \*o
	275	Sections whose names have the form
	276	.BI $ whatever
	277	are written to local-type database records with the same name. The keys
	278	and values defined in the section (and its parent section, if it
	279	contains an
833bdc38	280	.B @inherit
6005ef9b MW	281	key) are stored in the record using
	282	.B form-urlencoding
	283	as defined in RFC1822, except that the key-value pairs are separated by
	284	semicolons
	285	.RB ` ; '
	286	rather than ampersands
	287	.RB ` & '.
	288	The
833bdc38	289	.B @inherit
6005ef9b MW	290	key-value pair is not written to the database.
	291	.hP \*o
	292	Other sections are written to peer-type database records, named
	293	.BI P name \fR,
	294	in exactly the same way as for local-type records. However, two special
	295	actions are also taken.
	296	.IP
	297	Firstly, if there is a key
	298	.B auto
	299	in the section (or in its parent, etc.), and the value is
	300	.BR y ,
	301	.BR yes .
	302	.BR t ,
	303	.BR true ,
	304	.BR 1 ,
	305	or
	306	.BR on ,
	307	then the section's name is added in the special
	308	.B %AUTO
	309	record.
	310	.IP
	311	Secondly, if there is a key
	312	.B user
	313	in the section (or in its parent, etc.), then a user record
	314	.BI U user
	315	is created whose contents is the section name.
	316	.
	317	.\"--------------------------------------------------------------------------
	318	.SH "SEE ALSO"
	319	.
	320	.BR cdb (5),
	321	.BR tripe (8).
	322	.PP
	323	.BR tripe-newpeers (8),
	324	.BR peers.cdb (5),
a62f8e8a	325	.BR connect (8),
6005ef9b MW	326	.BR tripe-ifup (8).
	327	.
	328	.\"--------------------------------------------------------------------------
	329	.SH "AUTHOR"
	330	.
	331	Mark Wooding, <mdw@distorted.org.uk>
	332	.
	333	.\"----- That's all, folks --------------------------------------------------