[tripe] / peerdb / peers.in.5.in

.\" -*-nroff-*-
.\".
.\" Manual for the peer configuration file
.\"
.\" (c) 2008 Straylight/Edgeware
.\"
.
.\"----- Licensing notice ---------------------------------------------------
.\"
.\" This file is part of Trivial IP Encryption (TrIPE).
.\"
.\" TrIPE is free software: you can redistribute it and/or modify it under
.\" the terms of the GNU General Public License as published by the Free
.\" Software Foundation; either version 3 of the License, or (at your
.\" option) any later version.
.\"
.\" TrIPE is distributed in the hope that it will be useful, but WITHOUT
.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
.\" FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
.\" for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.
.
.\"--------------------------------------------------------------------------
.so ../common/defs.man \"@@@PRE@@@
.
.\"--------------------------------------------------------------------------
.TH peers.in 5tripe "27 March 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
.
peers.in \- source form for TrIPE peer database
.
.\"--------------------------------------------------------------------------
.SH "DESCRIPTION"
.
The
.B peers.in
file is a plain text configuration file.  It is read by
.BR tripe-newpeers (8)
in order to produce the
.BR tripe.cdb (8)
database used by services and other tools.
.
.SS "General structure"
The configuration file is line-oriented.  Blank lines are ignored; lines
beginning with a hash
.RB ` # '
or semicolon
.RB ` ; '
are ignored.  The file is divided into sections by section headers,
which are lines of the form
.IP
.BI [ name ]
.PP
Within each section are a number of assignments, of the form
.IP
.IB key " = " value
.PP
or (entirely equivalent)
.IP
.IB key ": " value
.PP
The
.I key
must start in the left hand column.  The
.I value
may span multiple lines if subsequent lines begin with whitespace, in
the manner of RFC822 headers.
.PP
There is a special case to be aware of: if a section doesn't specify a
value for the key
.B name
then the section's own name is used as a default.
.PP
The following substitutions are made in the body of a value.
.hP \*o
An occurrence of
.BI $( key )
is replaced by the value assigned to the given
.IR key .
.hP \*o
An occurrence of
.BI $ flags [ host ]
is replaced by the IP address of the named
.IR host .
Note that
.I host
may itself contain
.BI $( key )
substitutions.  The
.I flags
consist of zero or more of the following characters:
.RB ` * '
returns all of the found addresses, separated by spaces, rather than
just the first one.
.PP
There is a simple concept of
.I inheritance
for sections.  If a section contains an assignment
.IP
.BI "@inherit = " parent
.RB [[,]
.I parent
\&...]
.PP
then any lookups which can't be satisfied in that section will be
satisfied instead from its
.I parent
sections (and, if necessary, their parents in turn, and so on).
.PP
.hP \*o
If a value can be found for a key via multiple parents then all of them
must report the
.I same
value.  This restriction may be relaxed somewhat, if it turns out that a
more flexible notion of multiple inheritance is useful.
.hP \*o
It's not allowed for a section to inherit, possibly indirectly, from
itself.  Currently errors of this kind are only diagnosed when a cycle
is encountered while looking up a key and none of the sections on the
path from the original section up to and round the cycle define a value
for it.  Future versions of this program might be more picky.
.PP
Note that
.BI $( key )
substitutions in the resulting value will be satisfied from the original
section (though falling back to scanning parent sections).  For
example, given the sections
.VS
[parent]
detail = in $(name)
blurb = expand $(detail)

[child]
@inherit = parent
.VE
the key
.B blurb
takes the value
.RB ` "expand in parent" '
in section
.BR parent ,
and
.RB ` "expand in child" '
in section
.BR child .
.PP
Apart from its effect on lookups, as just described, the
.B @inherit
key is entirely ignored.  In particular, it is never written to the
database.
.
.SS "Standard keys and their meanings"
The following keys have meanings to programs in the TrIPE suite.  Other
keys may be used by separately distributed extensions or for local use.
The descriptions given are summaries only; see the references for
details.
.TP
.B auto
If true, include the peer in the
.B %AUTO
record.  Used by
.BR connect (8)
and
.BR tripe-newpeers (8);
described below.
.TP
.B connect
Shell command for initiating connection to this peer.  Used by
.BR connect (8).
.TP
.B cork
Don't initiate immediate key exchange.  Used by
.BR connect (8).
.TP
.B disconnect
Shell command for closing down connection to this peer.  Used by
.BR connect (8).
.TP
.B every
Interval for checking that the peer is still alive and well.  Used by
.BR connect (8).
.TP
.B ifdown
Script to bring down tunnel interface connected to the peer.  Used by
.BR connect (8).
.TP
.B ifname
Interface name to set for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B ifup
Script to bring up tunnel interface connected to the peer.  Used by
.BR connect (8).
.TP
.B ifupextra
Script containing additional interface setup.  Used by
.BR tripe-ifup (8).
.TP
.B laddr
Local address for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B keepalive
Interval for sending keepalive pings.  Used by
.BR connect (8).
.TP
.B key
Key tag to use to authenticate the peer.  Used by
.BR connect (8).
.TP
.B mobile
Peer's IP address is highly volatile.  Used by
.BR connect (8).
.TP
.B mtu
Maximum transmission unit for the tunnel interface.  Used by
.BR tripe-ifup (8).
.TP
.B nets
Networks to be routed over the tunnel interface.  Used by
.BR tripe-ifup (8).
.TP
.B peer
Network address for this peer, or
.BR PASSIVE .
Used by
.BR connect (8).
.TP
.B priv
Tag of the private key to use when communicating with the peer.
Used by
.BR connect (8).
.TP
.B raddr
Remote address for the tunnel interface to the peer.  Used by
.BR tripe-ifup (8).
.TP
.B retries
Number of failed ping attempts before attempting reconnection.  Used by
.BR connect (8).
.TP
.B timeout
Timeout for ping probes.  Used by
.BR connect (8).
.TP
.B tunnel
Tunnel driver to use when adding the peer.  Used by
.BR connect (8)).
.TP
.B user
Peer will make active connection as
.IR user .
Used by
.BR connect (8)
and
.BR tripe-newpeers (8);
described below.
.
.SS "Conversion"
This section describes how the textual
.B peers.in
file is converted into the
.BR peers.cdb (5)
database.
.PP
The handling of each section depends on its name.
.hP \*o
Sections whose names have the form
.BI @ whatever
are ignored (though their contents may be relevant if the section is
named in another section's
.B @inherit
key).
.hP \*o
Sections whose names have the form
.BI $ whatever
are written to local-type database records with the same name.  The keys
and values defined in the section (and its parent section, if it
contains an
.B @inherit
key) are stored in the record using
.B form-urlencoding
as defined in RFC1822, except that the key-value pairs are separated by
semicolons
.RB ` ; '
rather than ampersands
.RB ` & '.
Keys whose names begin with
.RB ` @ '
are not written to the database.
.hP \*o
Other sections are written to peer-type database records, named
.BI P name \fR,
in exactly the same way as for local-type records.  However, two special
actions are also taken.
.IP
Firstly, if there is a key
.B auto
in the section (or in its parent, etc.), and the value is
.BR y ,
.BR yes .
.BR t ,
.BR true ,
.BR 1 ,
or
.BR on ,
then the section's name is added in the special
.B %AUTO
record.
.IP
Secondly, if there is a key
.B user
in the section (or in its parent, etc.), then a user record
.BI U user
is created whose contents is the section name.
.
.\"--------------------------------------------------------------------------
.SH "SEE ALSO"
.
.BR cdb (5),
.BR tripe (8).
.PP
.BR tripe-newpeers (8),
.BR peers.cdb (5),
.BR connect (8),
.BR tripe-ifup (8).
.
.\"--------------------------------------------------------------------------
.SH "AUTHOR"
.
Mark Wooding, <mdw@distorted.org.uk>
.
.\"----- That's all, folks --------------------------------------------------
Commit	Line	Data
6005ef9b MW	1	.\" --nroff--
	2	.\".
	3	.\" Manual for the peer configuration file
	4	.\"
	5	.\" (c) 2008 Straylight/Edgeware
	6	.\"
	7	.
	8	.\"----- Licensing notice ---------------------------------------------------
	9	.\"
	10	.\" This file is part of Trivial IP Encryption (TrIPE).
	11	.\"
11ad66c2 MW	12	.\" TrIPE is free software: you can redistribute it and/or modify it under
	13	.\" the terms of the GNU General Public License as published by the Free
	14	.\" Software Foundation; either version 3 of the License, or (at your
	15	.\" option) any later version.
6005ef9b	16	.\"
11ad66c2 MW	17	.\" TrIPE is distributed in the hope that it will be useful, but WITHOUT
	18	.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	19	.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	20	.\" for more details.
6005ef9b MW	21	.\"
6005ef9b MW	22	.\" You should have received a copy of the GNU General Public License
11ad66c2	23	.\" along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
6005ef9b MW	24	.
6005ef9b MW	25	.\"--------------------------------------------------------------------------
cd450424	26	.so ../common/defs.man \"@@@PRE@@@
6005ef9b MW	27	.
6005ef9b MW	28	.\"--------------------------------------------------------------------------
0647ba7c	29	.TH peers.in 5tripe "27 March 2008" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
6005ef9b MW	30	.
	31	.\"--------------------------------------------------------------------------
	32	.SH "NAME"
	33	.
	34	peers.in \- source form for TrIPE peer database
	35	.
	36	.\"--------------------------------------------------------------------------
	37	.SH "DESCRIPTION"
	38	.
	39	The
	40	.B peers.in
	41	file is a plain text configuration file. It is read by
	42	.BR tripe-newpeers (8)
	43	in order to produce the
	44	.BR tripe.cdb (8)
	45	database used by services and other tools.
d64ce4ae	46	.
6005ef9b MW	47	.SS "General structure"
	48	The configuration file is line-oriented. Blank lines are ignored; lines
	49	beginning with a hash
	50	.RB ` # '
	51	or semicolon
	52	.RB ` ; '
	53	are ignored. The file is divided into sections by section headers,
	54	which are lines of the form
	55	.IP
	56	.BI [ name ]
	57	.PP
	58	Within each section are a number of assignments, of the form
	59	.IP
	60	.IB key " = " value
	61	.PP
	62	or (entirely equivalent)
	63	.IP
	64	.IB key ": " value
	65	.PP
	66	The
	67	.I key
	68	must start in the left hand column. The
	69	.I value
	70	may span multiple lines if subsequent lines begin with whitespace, in
	71	the manner of RFC822 headers.
	72	.PP
	73	There is a special case to be aware of: if a section doesn't specify a
	74	value for the key
	75	.B name
	76	then the section's own name is used as a default.
	77	.PP
	78	The following substitutions are made in the body of a value.
	79	.hP \*o
	80	An occurrence of
	81	.BI $( key )
	82	is replaced by the value assigned to the given
	83	.IR key .
	84	.hP \*o
	85	An occurrence of
ef7d7afb	86	.BI $ flags [ host ]
6005ef9b MW	87	is replaced by the IP address of the named
	88	.IR host .
	89	Note that
	90	.I host
	91	may itself contain
	92	.BI $( key )
ef7d7afb MW	93	substitutions. The
	94	.I flags
	95	consist of zero or more of the following characters:
	96	.RB ` * '
	97	returns all of the found addresses, separated by spaces, rather than
	98	just the first one.
6005ef9b MW	99	.PP
	100	There is a simple concept of
	101	.I inheritance
	102	for sections. If a section contains an assignment
	103	.IP
833bdc38	104	.BI "@inherit = " parent
bd3db76c MW	105	.RB [[,]
	106	.I parent
	107	\&...]
6005ef9b MW	108	.PP
6005ef9b MW	109	then any lookups which can't be satisfied in that section will be
bd3db76c	110	satisfied instead from its
6005ef9b	111	.I parent
bd3db76c MW	112	sections (and, if necessary, their parents in turn, and so on).
	113	.PP
	114	.hP \*o
	115	If a value can be found for a key via multiple parents then all of them
	116	must report the
	117	.I same
	118	value. This restriction may be relaxed somewhat, if it turns out that a
	119	more flexible notion of multiple inheritance is useful.
	120	.hP \*o
	121	It's not allowed for a section to inherit, possibly indirectly, from
	122	itself. Currently errors of this kind are only diagnosed when a cycle
	123	is encountered while looking up a key and none of the sections on the
	124	path from the original section up to and round the cycle define a value
	125	for it. Future versions of this program might be more picky.
	126	.PP
	127	Note that
6005ef9b MW	128	.BI $( key )
6005ef9b MW	129	substitutions in the resulting value will be satisfied from the original
bd3db76c	130	section (though falling back to scanning parent sections). For
6005ef9b MW	131	example, given the sections
	132	.VS
	133	[parent]
f08fe72e	134	detail = in $(name)
6005ef9b	135	blurb = expand $(detail)
f08fe72e MW	136
	137	[child]
	138	@inherit = parent
2273401c	139	.VE
f08fe72e MW	140	the key
	141	.B blurb
	142	takes the value
	143	.RB ` "expand in parent" '
	144	in section
	145	.BR parent ,
	146	and
	147	.RB ` "expand in child" '
	148	in section
	149	.BR child .
	150	.PP
6005ef9b	151	Apart from its effect on lookups, as just described, the
833bdc38	152	.B @inherit
6005ef9b MW	153	key is entirely ignored. In particular, it is never written to the
6005ef9b MW	154	database.
d64ce4ae	155	.
6005ef9b MW	156	.SS "Standard keys and their meanings"
	157	The following keys have meanings to programs in the TrIPE suite. Other
	158	keys may be used by separately distributed extensions or for local use.
	159	The descriptions given are summaries only; see the references for
	160	details.
	161	.TP
	162	.B auto
	163	If true, include the peer in the
	164	.B %AUTO
	165	record. Used by
a62f8e8a MW	166	.BR connect (8)
a62f8e8a MW	167	and
6005ef9b MW	168	.BR tripe-newpeers (8);
	169	described below.
	170	.TP
a62f8e8a MW	171	.B connect
a62f8e8a MW	172	Shell command for initiating connection to this peer. Used by
d64ce4ae	173	.BR connect (8).
a62f8e8a MW	174	.TP
a62f8e8a MW	175	.B cork
6411163d	176	Don't initiate immediate key exchange. Used by
a62f8e8a MW	177	.BR connect (8).
a62f8e8a MW	178	.TP
d3731285 MW	179	.B disconnect
d3731285 MW	180	Shell command for closing down connection to this peer. Used by
d64ce4ae	181	.BR connect (8).
d3731285	182	.TP
a62f8e8a MW	183	.B every
a62f8e8a MW	184	Interval for checking that the peer is still alive and well. Used by
d64ce4ae	185	.BR connect (8).
a62f8e8a MW	186	.TP
	187	.B ifdown
	188	Script to bring down tunnel interface connected to the peer. Used by
d64ce4ae	189	.BR connect (8).
a62f8e8a MW	190	.TP
	191	.B ifname
	192	Interface name to set for the tunnel interface to the peer. Used by
	193	.BR tripe-ifup (8).
	194	.TP
	195	.B ifup
	196	Script to bring up tunnel interface connected to the peer. Used by
d64ce4ae	197	.BR connect (8).
a62f8e8a MW	198	.TP
	199	.B ifupextra
	200	Script containing additional interface setup. Used by
	201	.BR tripe-ifup (8).
	202	.TP
	203	.B laddr
	204	Local address for the tunnel interface to the peer. Used by
	205	.BR tripe-ifup (8).
	206	.TP
	207	.B keepalive
	208	Interval for sending keepalive pings. Used by
	209	.BR connect (8).
	210	.TP
48b84569 MW	211	.B key
	212	Key tag to use to authenticate the peer. Used by
	213	.BR connect (8).
	214	.TP
6411163d MW	215	.B mobile
	216	Peer's IP address is highly volatile. Used by
	217	.BR connect (8).
	218	.TP
a62f8e8a MW	219	.B mtu
	220	Maximum transmission unit for the tunnel interface. Used by
	221	.BR tripe-ifup (8).
	222	.TP
	223	.B nets
	224	Networks to be routed over the tunnel interface. Used by
	225	.BR tripe-ifup (8).
	226	.TP
	227	.B peer
	228	Network address for this peer, or
	229	.BR PASSIVE .
	230	Used by
	231	.BR connect (8).
	232	.TP
fe2a5dcf MW	233	.B priv
fe2a5dcf MW	234	Tag of the private key to use when communicating with the peer.
d64ce4ae MW	235	Used by
d64ce4ae MW	236	.BR connect (8).
fe2a5dcf	237	.TP
a62f8e8a MW	238	.B raddr
	239	Remote address for the tunnel interface to the peer. Used by
	240	.BR tripe-ifup (8).
	241	.TP
	242	.B retries
	243	Number of failed ping attempts before attempting reconnection. Used by
d64ce4ae	244	.BR connect (8).
a62f8e8a MW	245	.TP
	246	.B timeout
	247	Timeout for ping probes. Used by
d64ce4ae	248	.BR connect (8).
a62f8e8a MW	249	.TP
	250	.B tunnel
	251	Tunnel driver to use when adding the peer. Used by
	252	.BR connect (8)).
	253	.TP
6005ef9b MW	254	.B user
	255	Peer will make active connection as
	256	.IR user .
	257	Used by
a62f8e8a MW	258	.BR connect (8)
a62f8e8a MW	259	and
6005ef9b MW	260	.BR tripe-newpeers (8);
6005ef9b MW	261	described below.
d64ce4ae	262	.
6005ef9b MW	263	.SS "Conversion"
	264	This section describes how the textual
	265	.B peers.in
	266	file is converted into the
	267	.BR peers.cdb (5)
	268	database.
	269	.PP
	270	The handling of each section depends on its name.
	271	.hP \*o
	272	Sections whose names have the form
	273	.BI @ whatever
	274	are ignored (though their contents may be relevant if the section is
	275	named in another section's
833bdc38	276	.B @inherit
6005ef9b MW	277	key).
	278	.hP \*o
	279	Sections whose names have the form
	280	.BI $ whatever
	281	are written to local-type database records with the same name. The keys
	282	and values defined in the section (and its parent section, if it
	283	contains an
833bdc38	284	.B @inherit
6005ef9b MW	285	key) are stored in the record using
	286	.B form-urlencoding
	287	as defined in RFC1822, except that the key-value pairs are separated by
	288	semicolons
	289	.RB ` ; '
	290	rather than ampersands
	291	.RB ` & '.
6c2ee518 MW	292	Keys whose names begin with
	293	.RB ` @ '
	294	are not written to the database.
6005ef9b MW	295	.hP \*o
	296	Other sections are written to peer-type database records, named
	297	.BI P name \fR,
	298	in exactly the same way as for local-type records. However, two special
	299	actions are also taken.
	300	.IP
	301	Firstly, if there is a key
	302	.B auto
	303	in the section (or in its parent, etc.), and the value is
	304	.BR y ,
	305	.BR yes .
	306	.BR t ,
	307	.BR true ,
	308	.BR 1 ,
	309	or
	310	.BR on ,
	311	then the section's name is added in the special
	312	.B %AUTO
	313	record.
	314	.IP
	315	Secondly, if there is a key
	316	.B user
	317	in the section (or in its parent, etc.), then a user record
	318	.BI U user
	319	is created whose contents is the section name.
	320	.
	321	.\"--------------------------------------------------------------------------
	322	.SH "SEE ALSO"
	323	.
	324	.BR cdb (5),
	325	.BR tripe (8).
	326	.PP
	327	.BR tripe-newpeers (8),
	328	.BR peers.cdb (5),
a62f8e8a	329	.BR connect (8),
6005ef9b MW	330	.BR tripe-ifup (8).
	331	.
	332	.\"--------------------------------------------------------------------------
	333	.SH "AUTHOR"
	334	.
	335	Mark Wooding, <mdw@distorted.org.uk>
	336	.
	337	.\"----- That's all, folks --------------------------------------------------