| 1 | .\" -*-nroff-*- |
| 2 | .TH tripe-admin 5 "18 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" |
| 3 | .SH NAME |
| 4 | tripe-admin \- administrator commands for TrIPE |
| 5 | .SH DESCRIPTION |
| 6 | This manual page describes the administration interface provided by the |
| 7 | .BR tripe (8) |
| 8 | daemon. |
| 9 | .PP |
| 10 | The |
| 11 | .BR tripectl (8) |
| 12 | program can be used either interactively or in scripts to communicate |
| 13 | with the server using this interface. Alternatively, simple custom |
| 14 | clients can be written in scripting languages such as Perl, Python or |
| 15 | Tcl, or more advanced clients such as GUI monitors can be written in C |
| 16 | with little difficulty. |
| 17 | .PP |
| 18 | By default, the server listens for admin connections on the Unix-domain |
| 19 | socket |
| 20 | .BR /var/lib/tripe/tripesock . |
| 21 | Administration commands use a simple textual protocol. Each client |
| 22 | command or server response consists of a line of ASCII text terminated |
| 23 | by a single linefeed character. No command may be longer than 255 |
| 24 | characters. |
| 25 | .SS "General structure" |
| 26 | Each command or response line consists of a sequence of |
| 27 | whitespace-separated words. The number and nature of whitespace |
| 28 | characters separating two words in a client command is not significant; |
| 29 | the server always uses a single space character. The first word in a |
| 30 | line is a |
| 31 | .I keyword |
| 32 | identifying the type of command or response contained. Keywords in |
| 33 | client commands are not case-sensitive; the server always uses uppercase |
| 34 | for its keywords. |
| 35 | .SS "Server responses" |
| 36 | For client command, the server responds with zero or more |
| 37 | .B INFO |
| 38 | lines, followed by either an |
| 39 | .B OK |
| 40 | line or a |
| 41 | .B FAIL |
| 42 | line. Each |
| 43 | .B INFO |
| 44 | provides information requested in the command. An |
| 45 | .B OK |
| 46 | response contains no further data. A |
| 47 | .B FAIL |
| 48 | code is followed by a machine-readable explanation of why the command |
| 49 | failed. |
| 50 | .PP |
| 51 | In addition, there are three types of asynchronous messages which |
| 52 | aren't associated with any particular command. The |
| 53 | .B WARN |
| 54 | message contains a machine-readable message warning of an error |
| 55 | encountered while processing a command, unexpected or unusual behaviour |
| 56 | by a peer, or a possible attack by an adversary. Under normal |
| 57 | conditions, the server shouldn't emit any warnings. The |
| 58 | .B TRACE |
| 59 | message contains a human-readable tracing message containing diagnostic |
| 60 | information. Trace messages are controlled using the |
| 61 | .B \-T |
| 62 | command-line option to the server, or the |
| 63 | .B TRACE |
| 64 | administration command (see below). Support for tracing can be disabled |
| 65 | when the package is being configured, and may not be available in your |
| 66 | version. Finally, the |
| 67 | .B NOTE |
| 68 | message is a machine-readable notification about some routine but |
| 69 | interesting event such as creation or destruction of peers. |
| 70 | .PP |
| 71 | The presence of asynchronous messages can be controlled using the |
| 72 | .B WATCH |
| 73 | command. |
| 74 | .SS "Network addresses" |
| 75 | A network address is a sequence of words. The first is a token |
| 76 | identifying the network address family. The length of an address and |
| 77 | the meanings of the subsequent words depend on the address family. |
| 78 | Address family tokens are not case-sensitive on input; on output, they |
| 79 | are always in upper-case. |
| 80 | .PP |
| 81 | At present, only one address family is understood. |
| 82 | .TP |
| 83 | .BI "INET " address " " port |
| 84 | An Internet socket, naming an IPv4 address and UDP port. On output, the |
| 85 | address is always in numeric dotted-quad form, and the port is given as |
| 86 | a plain number. On input, DNS hostnames and symbolic port names are |
| 87 | permitted. Name resolution does not block the main server, but will |
| 88 | block the requesting client. This hopefully makes life simpler for |
| 89 | stupid clients. Complex clients which don't wish to be held up can open |
| 90 | extra connections or do the resolution themselves.) |
| 91 | .PP |
| 92 | If, on input, no recognised address family token is found, the following |
| 93 | words are assumed to represent an |
| 94 | .B INET |
| 95 | address. |
| 96 | .SH "COMMAND REFERENCE" |
| 97 | The commands provided are: |
| 98 | .TP |
| 99 | .BI "ADD " peer " \fR[" options "\fR] " address "\fR..." |
| 100 | Adds a new peer. The peer is given the name |
| 101 | .IR peer ; |
| 102 | the peer's public key is assumed to be in the file |
| 103 | .B keyring.pub |
| 104 | (or whatever alternative file was specified in the |
| 105 | .B \-K |
| 106 | option on the command line). The |
| 107 | .I address |
| 108 | is the network address (see above for the format) at which the peer can |
| 109 | be contacted. The following options are recognised. |
| 110 | .RS |
| 111 | .TP |
| 112 | .BI "\-keepalive " time |
| 113 | Send a no-op packet if we've not sent a packet to the peer in the last |
| 114 | .I time |
| 115 | interval. This is useful for persuading port-translating firewalls to |
| 116 | believe that the `connection' is still active. The |
| 117 | .I time |
| 118 | is expressed as a nonnegative integer followed optionally by |
| 119 | .BR d , |
| 120 | .BR h , |
| 121 | .BR m , |
| 122 | or |
| 123 | .BR s |
| 124 | for days, hours, minutes, or seconds respectively; if no suffix is |
| 125 | given, seconds are assumed. |
| 126 | .TP |
| 127 | .BI "\-tunnel " tunnel |
| 128 | Use the named tunnel driver, rather than the default. |
| 129 | .RE |
| 130 | .TP |
| 131 | .BI "ADDR " peer |
| 132 | Emits an |
| 133 | .B INFO |
| 134 | line reporting the IP address and port number stored for |
| 135 | .IR peer . |
| 136 | .TP |
| 137 | .B "DAEMON" |
| 138 | Causes the server to disassociate itself from its terminal and become a |
| 139 | background task. This only works once. A warning is issued. |
| 140 | .TP |
| 141 | .BI "EPING \fR[" options "\fR] " peer |
| 142 | Sends an encrypted ping to the peer, and expects an encrypted response. |
| 143 | This checks that the peer is running (and not being impersonated), and |
| 144 | that it can encrypt and decrypt packets correctly. Options and |
| 145 | responses are the same as for the |
| 146 | .B PING |
| 147 | command. |
| 148 | .TP |
| 149 | .B "HELP" |
| 150 | Causes the server to emit an |
| 151 | .B INFO |
| 152 | line for each command it supports. Each line lists the command name, |
| 153 | followed by the names of the arguments. This may be helpful as a memory |
| 154 | aid for interactive use, or for program clients probing for features. |
| 155 | .TP |
| 156 | .BI "IFNAME " peer |
| 157 | Emits an |
| 158 | .B INFO |
| 159 | line containing the name of the network interface used to collect IP |
| 160 | packets which are to be encrypted and sent to |
| 161 | .IR peer . |
| 162 | Used by configuration scripts so that they can set up routing tables |
| 163 | appropriately after adding new peers. |
| 164 | .TP |
| 165 | .BI "KILL " peer |
| 166 | Causes the server to forget all about |
| 167 | .IR peer . |
| 168 | All keys are destroyed, and no more packets are sent. No notification |
| 169 | is sent to the peer: if it's important that the peer be notified, you |
| 170 | must think of a way to do that yourself. |
| 171 | .TP |
| 172 | .B "LIST" |
| 173 | For each currently-known peer, an |
| 174 | .B INFO |
| 175 | line is written containing the peer's name, as given to |
| 176 | .BR ADD . |
| 177 | .TP |
| 178 | .BI "NOTIFY " tokens\fR... |
| 179 | Issues a |
| 180 | .B USER |
| 181 | notification to all interested administration clients. |
| 182 | .TP |
| 183 | .BI "PING \fR[" options "\fR] " peer |
| 184 | Send a transport-level ping to the peer. The ping and its response are |
| 185 | not encrypted or authenticated. This command, possibly in conjunction |
| 186 | with tracing, is useful for ensuring that UDP packets are actually |
| 187 | flowing in both directions. See also the |
| 188 | .B EPING |
| 189 | command. |
| 190 | .IP |
| 191 | An |
| 192 | .B INFO |
| 193 | line is printed describing the outcome: |
| 194 | .RS |
| 195 | .TP |
| 196 | .BI "ping-ok " millis |
| 197 | A response was received |
| 198 | .I millis |
| 199 | after the ping was sent. |
| 200 | .TP |
| 201 | .BI "ping-timeout" |
| 202 | No response was received within the time allowed. |
| 203 | .TP |
| 204 | .BI "ping-peer-died" |
| 205 | The peer was killed (probably by another admin connection) before a |
| 206 | response was received. |
| 207 | .RE |
| 208 | .IP |
| 209 | Options recognized for this command are: |
| 210 | .RS |
| 211 | .TP |
| 212 | .BI "\-timeout " time |
| 213 | Wait for |
| 214 | .I time |
| 215 | seconds before giving up on a response. The default is 5 seconds. (The |
| 216 | time format is the same as for the |
| 217 | .B "ADD \-keepalive" |
| 218 | option.) |
| 219 | .RE |
| 220 | .TP |
| 221 | .B "PORT" |
| 222 | Emits an |
| 223 | .B INFO |
| 224 | line containing just the number of the UDP port used by the |
| 225 | .B tripe |
| 226 | server. If you've allowed your server to allocate a port dynamically, |
| 227 | this is how to find out which one it chose. |
| 228 | .TP |
| 229 | .B "QUIT" |
| 230 | Instructs the server to exit immediately. A warning is sent. |
| 231 | .TP |
| 232 | .BI "STATS " peer |
| 233 | Emits a number of |
| 234 | .B INFO |
| 235 | lines, each containing one or more statistics in the form |
| 236 | .IB name = value \fR. |
| 237 | The statistics-gathering is experimental and subject to change. |
| 238 | .TP |
| 239 | .BR "TRACE " [\fIoptions\fP] |
| 240 | A trace argument consists of a string of letters (listed below) |
| 241 | selecting trace outputs, optionally interspersed with |
| 242 | .RB ` + ' |
| 243 | to enable, or |
| 244 | .RB ` \- ' |
| 245 | to disable, the subsequently listed outputs; the initial behaviour is to |
| 246 | enable listed outputs. For example, the string |
| 247 | .B ra\-st+x |
| 248 | enables tracing of peer management, admin-connection handling and |
| 249 | key-exchange processing, and disables tracing of symmetric keyset |
| 250 | management and the system-specific tunnel driver. If no argument is |
| 251 | given, a table is returned showing the available tracing option letters |
| 252 | and their meanings. Programs should not attempt to parse this table: |
| 253 | its format is not guaranteed to remain the same. |
| 254 | .RS |
| 255 | .PP |
| 256 | Currently, the following tracing options are supported: |
| 257 | .TP |
| 258 | .B t |
| 259 | Tunnel events: reception of packets to be encrypted, and injection of |
| 260 | successfully-decrypted packets. |
| 261 | .TP |
| 262 | .B r |
| 263 | Peer management events: creation and destruction of peer attachments, |
| 264 | and arrival of messages. |
| 265 | .TP |
| 266 | .B a |
| 267 | Administration interface: acceptance of new connections, and handling of |
| 268 | the backgroud name-resolution required by the |
| 269 | .B ADD |
| 270 | command. |
| 271 | .TP |
| 272 | .B p |
| 273 | Display contents of packets sent and received by the tunnel and/or peer |
| 274 | modules. |
| 275 | .TP |
| 276 | .B c |
| 277 | Display inputs, outputs and intermediate results of cryptographic |
| 278 | operations. This includes plaintext and key material. Use with |
| 279 | caution. |
| 280 | .TP |
| 281 | .B s |
| 282 | Handling of symmetric keysets: creation and expiry of keysets, and |
| 283 | encryption and decryption of messages. |
| 284 | .TP |
| 285 | .B x |
| 286 | Key exchange: reception, parsing and emission of key exchange messages. |
| 287 | .TP |
| 288 | .B m |
| 289 | Key management: loading keys and checking for file modifications. |
| 290 | .PP |
| 291 | Note that the |
| 292 | .B p |
| 293 | (packet contents) |
| 294 | and |
| 295 | .B c |
| 296 | (crypto details) |
| 297 | outputs provide extra detail for other outputs. Specifying |
| 298 | .B p |
| 299 | without |
| 300 | .B r |
| 301 | or |
| 302 | .B t |
| 303 | isn't useful; neither is specifying |
| 304 | .B c |
| 305 | without one of |
| 306 | .BR s , |
| 307 | .B x |
| 308 | or |
| 309 | .BR m . |
| 310 | .TP |
| 311 | .B A |
| 312 | All of the above. |
| 313 | .RE |
| 314 | .TP |
| 315 | .BR "WATCH " [\fIoptions\fP] |
| 316 | Enables or disables asynchronous messages |
| 317 | .IR "for the current connection only" . |
| 318 | This command has no effect on other connections. A watch argument |
| 319 | consists of a string of letters (listed below) selecting message types, |
| 320 | optionally interspersed with |
| 321 | .RB ` + ' |
| 322 | to enable, or |
| 323 | .RB ` \- ' |
| 324 | to disable, the subsequently listed types, similar to |
| 325 | .B trace |
| 326 | above. The default watch state for the connection the server opens |
| 327 | automatically on stdin/stdout is to show warnings and trace messages; |
| 328 | other connections show no asynchronous messages. (This is done in order |
| 329 | to guarantee that a program reading the server's stdout does not miss |
| 330 | any warnings.) |
| 331 | .RS |
| 332 | .PP |
| 333 | Currently, the following watch options are supported: |
| 334 | .TP |
| 335 | .B t |
| 336 | .B TRACE |
| 337 | messages. |
| 338 | .TP |
| 339 | .B n |
| 340 | .B NOTE |
| 341 | messages. |
| 342 | .TP |
| 343 | .B w |
| 344 | .B WARN |
| 345 | messages. |
| 346 | .TP |
| 347 | .B a |
| 348 | All of the above. |
| 349 | .RE |
| 350 | .TP |
| 351 | .B "VERSION" |
| 352 | Causes the server to emit an |
| 353 | .B INFO |
| 354 | line stating its software version, as two words: the server name, and |
| 355 | its version string. The server name |
| 356 | .B tripe |
| 357 | is reserved to the Straylight/Edgeware implementation. |
| 358 | .TP |
| 359 | .BI "WARN " tokens\fR... |
| 360 | Issues a |
| 361 | .B USER |
| 362 | warning to all interested administration clients. |
| 363 | .SH "ERROR MESSAGES" |
| 364 | The following |
| 365 | .B FAIL |
| 366 | messages are sent to clients as a result of errors during command |
| 367 | processing. |
| 368 | .TP |
| 369 | .BI "already-daemon" |
| 370 | (For |
| 371 | .BR DAEMON .) |
| 372 | The |
| 373 | .B tripe |
| 374 | server is already running as a daemon. |
| 375 | .TP |
| 376 | .BI "bad-syntax \-\- " message |
| 377 | (For any command.) The command couldn't be understood: e.g., the number |
| 378 | of arguments was wrong. |
| 379 | .TP |
| 380 | .BI "bad-time-spec " word |
| 381 | The |
| 382 | .I word |
| 383 | is not a valid time interval specification. Acceptable time |
| 384 | specifications are nonnegative integers followed optionally by |
| 385 | .BR d , |
| 386 | .BR h , |
| 387 | .BR m , |
| 388 | or |
| 389 | .BR s , |
| 390 | for days, hours, minutes, or seconds, respectively. |
| 391 | .TP |
| 392 | .BI "bad-trace-option " char |
| 393 | (For |
| 394 | .BR TRACE .) |
| 395 | An unknown trace option was requested. |
| 396 | .TP |
| 397 | .BI "bad-watch-option " char |
| 398 | (For |
| 399 | .BR WATCH .) |
| 400 | An unknown watch option was requested. |
| 401 | .TP |
| 402 | .BI "daemon-error \-\- " message |
| 403 | (For |
| 404 | .BR DAEMON .) |
| 405 | An error occurred during the attempt to become a daemon, as reported by |
| 406 | .IR message . |
| 407 | .TP |
| 408 | .BI "invalid-port " number |
| 409 | (For |
| 410 | .BR ADD .) |
| 411 | The given port number is out of range. |
| 412 | .TP |
| 413 | .BI "peer-create-fail " peer |
| 414 | (For |
| 415 | .BR ADD .) |
| 416 | Adding |
| 417 | .I peer |
| 418 | failed for some reason. A warning should have been emitted explaining |
| 419 | why. |
| 420 | .TP |
| 421 | .BI "peer-exists " peer |
| 422 | (For |
| 423 | .BR ADD .) |
| 424 | There is already a peer named |
| 425 | .IR peer . |
| 426 | .TP |
| 427 | .B "ping-send-failed" |
| 428 | The attempt to send a ping packet failed, probably due to lack of |
| 429 | encryption keys. |
| 430 | .TP |
| 431 | .BI "resolve-error " hostname |
| 432 | (For |
| 433 | .BR ADD .) |
| 434 | The DNS name |
| 435 | .I hostname |
| 436 | could not be resolved. |
| 437 | .TP |
| 438 | .BI "resolver-timeout " hostname |
| 439 | (For |
| 440 | .BR ADD .) |
| 441 | The DNS name |
| 442 | .I hostname |
| 443 | took too long to resolve. |
| 444 | .TP |
| 445 | .BI "unknown-command " token |
| 446 | The command |
| 447 | .B token |
| 448 | was not recognised. |
| 449 | .TP |
| 450 | .BI "unknown-peer " name |
| 451 | (For |
| 452 | .BR ADDR , |
| 453 | .BR IFNAME , |
| 454 | .BR KILL , |
| 455 | and |
| 456 | .BR STATS .) |
| 457 | There is no peer called |
| 458 | .IR name . |
| 459 | .TP |
| 460 | .BI "unknown-service " service |
| 461 | (For |
| 462 | .BR ADD .) |
| 463 | The service name |
| 464 | .I service |
| 465 | couldn't be found in |
| 466 | .BR /etc/services . |
| 467 | .SH "NOTIFICATIONS" |
| 468 | The following notifications are sent to clients who request them. |
| 469 | .TP |
| 470 | .BI "ADD " peer " " ifname " " address \fR... |
| 471 | A new peer has been added. The peer's name is |
| 472 | .IR peer , |
| 473 | its tunnel is network interface |
| 474 | .IR ifname , |
| 475 | and its network address is |
| 476 | .IR address . |
| 477 | .TP |
| 478 | .BI "DAEMON" |
| 479 | The server has forked off into the sunset and become a daemon. |
| 480 | .TP |
| 481 | .BI "KILL " peer |
| 482 | The peer |
| 483 | .I peer |
| 484 | has been killed. |
| 485 | .TP |
| 486 | .BI "KXDONE " peer |
| 487 | Key exchange with |
| 488 | .I peer |
| 489 | finished successfully. |
| 490 | .TP |
| 491 | .BI "KXSTART " peer |
| 492 | Key exchange with |
| 493 | .I peer |
| 494 | has begun or restarted. If key exchange keeps failing, this message |
| 495 | will be repeated periodically. |
| 496 | .TP |
| 497 | .BI "USER " tokens\fR... |
| 498 | An administration client issued a notification using the |
| 499 | .B NOTIFY |
| 500 | command. |
| 501 | .SH "WARNINGS" |
| 502 | There are many possible warnings. They are categorized according to |
| 503 | their first tokens. |
| 504 | .SS "ABORT warnings" |
| 505 | These all indicate that the |
| 506 | .B tripe |
| 507 | server has become unable to continue. If enabled, the server will dump |
| 508 | core in its configuration directory. |
| 509 | .TP |
| 510 | .BI "ABORT repeated-select-errors" |
| 511 | The main event loop is repeatedly failing. If the server doesn't quit, |
| 512 | it will probably waste all available CPU doing nothing. |
| 513 | .SS "ADMIN warnings" |
| 514 | These indicate a problem with the administration socket interface. |
| 515 | .TP |
| 516 | .BI "ADMIN accept-error \-\- " message |
| 517 | There was an error while attempting to accept a connection from a new |
| 518 | client. |
| 519 | .TP |
| 520 | .BI "ADMIN client-read-error \-\- " message |
| 521 | There was an error sending data to a client. The connection to the |
| 522 | client has been closed. |
| 523 | .SS "KEYMGMT warnings" |
| 524 | These indicate a problem with the keyring files, or the keys stored in |
| 525 | them. |
| 526 | .TP |
| 527 | .BI "KEYMGMT bad-private-key \-\- " message |
| 528 | The private key could not be read, or failed a consistency check. If |
| 529 | there was a problem with the file, usually there will have been |
| 530 | .B key-file-error |
| 531 | warnings before this. |
| 532 | .TP |
| 533 | .BI "KEYMGMT bad-public-keyring \-\- " message |
| 534 | The public keyring couldn't be read. Usually, there will have been |
| 535 | .B key-file-error |
| 536 | warnings before this. |
| 537 | .TP |
| 538 | .BI "KEYMGMT key-file-error " file ":" line " \-\- " message |
| 539 | Reports a specific error with the named keyring file. This probably |
| 540 | indicates a bug in |
| 541 | .BR key (1). |
| 542 | .TP |
| 543 | .BI "KEYMGMT public-key " tag " " tokens\fR... |
| 544 | These messages all indicate a problem with the public key named |
| 545 | .IR tag . |
| 546 | .TP |
| 547 | .BI "KEYMGMT public-key " tag " algorithm-mismatch" |
| 548 | The algorithms specified on the public key don't match the ones for our |
| 549 | private key. All the peers in a network have to use the same |
| 550 | algorithms. |
| 551 | .TP |
| 552 | .BI "KEYMGMT public-key " tag " bad \-\- " message |
| 553 | The public key couldn't be read, or is invalid. |
| 554 | .TP |
| 555 | .BI "KEYMGMT public-key " tag " bad-public-group-element" |
| 556 | The public key is invalid. This may indicate a malicious attempt to |
| 557 | introduce a bogus key. |
| 558 | .TP |
| 559 | .BI "KEYMGMT public-key " tag " bad-algorithm-selection" |
| 560 | The algorithms listed on the public key couldn't be understood. The |
| 561 | algorithm selection attributes are probably malformed and need fixing. |
| 562 | .TP |
| 563 | .BI "KEYMGMT public-key " tag " incorrect-group" |
| 564 | The public key doesn't use the same group as our private key. All the |
| 565 | peers in a network have to use the same group. |
| 566 | .TP |
| 567 | .BI "KEYMGMT public-key " tag " not-found" |
| 568 | The public key for peer |
| 569 | .I tag |
| 570 | wasn't in the public keyring. |
| 571 | .TP |
| 572 | .BI "KEYMGMT public-key " tag " unknown-type" |
| 573 | The type of the public key isn't understood. Maybe you need to upgrade |
| 574 | your copy of |
| 575 | .BR tripe . |
| 576 | (Even if you do, you'll have to regenerate your keys.) |
| 577 | .SS "KX warnings" |
| 578 | These indicate problems during key-exchange. Many indicate either a bug |
| 579 | in the server (either yours or the remote one), or some kind of attack |
| 580 | in progress. All name a |
| 581 | .I peer |
| 582 | as the second token: this is the peer the packet is apparently from, |
| 583 | though it may have been sent by an attacker instead. |
| 584 | .PP |
| 585 | In the descriptions below, |
| 586 | .I msgtoken |
| 587 | is one of the tokens |
| 588 | .BR pre-challenge , |
| 589 | .BR cookie , |
| 590 | .BR challenge , |
| 591 | .BR reply , |
| 592 | .BR switch-rq , |
| 593 | or |
| 594 | .BR switch-ok . |
| 595 | .TP |
| 596 | .BI "KX " peer " bad-expected-reply-log" |
| 597 | The challenges |
| 598 | .B tripe |
| 599 | uses in its protocol contain a check value which proves that the |
| 600 | challenge is honest. This message indicates that the check value |
| 601 | supplied is wrong: someone is attempting to use bogus challenges to |
| 602 | persuade your |
| 603 | .B tripe |
| 604 | server to leak private key information. No chance! |
| 605 | .TP |
| 606 | .BI "KX " peer " decrypt-failed reply\fR|\fBswitch-ok" |
| 607 | A symmetrically-encrypted portion of a key-exchange message failed to |
| 608 | decrypt. |
| 609 | .TP |
| 610 | .BI "KX " peer " invalid " msgtoken |
| 611 | A key-exchange message was malformed. This almost certainly indicates a |
| 612 | bug somewhere. |
| 613 | .TP |
| 614 | .BI "KX " peer " incorrect cookie\fR|\fBswitch-rq\fR|\fBswitch-ok" |
| 615 | A message didn't contain the right magic data. This may be a replay of |
| 616 | some old exchange, or random packets being sent in an attempt to waste |
| 617 | CPU. |
| 618 | .TP |
| 619 | .BI "KX " peer " public-key-expired" |
| 620 | The peer's public key has expired. It's maintainer should have given |
| 621 | you a replacement before now. |
| 622 | .TP |
| 623 | .BI "KX " peer " sending-cookie" |
| 624 | We've received too many bogus pre-challenge messages. Someone is trying |
| 625 | to flood us with key-exchange messages and make us waste CPU on doing |
| 626 | hard asymmetric crypto sums. |
| 627 | .TP |
| 628 | .BI "KX " peer " unexpected " msgtoken |
| 629 | The message received wasn't appropriate for this stage of the key |
| 630 | exchange process. This may mean that one of our previous packets got |
| 631 | lost. For |
| 632 | .BR pre-challenge , |
| 633 | it may simply mean that the peer has recently restarted. |
| 634 | .TP |
| 635 | .BI "KX " peer " unknown-challenge" |
| 636 | The peer is asking for an answer to a challenge which we don't know |
| 637 | about. This may mean that we've been inundated with challenges from |
| 638 | some malicious source |
| 639 | .I who can read our messages |
| 640 | and discarded the valid one. |
| 641 | .TP |
| 642 | .BI "KX " peer " unknown-message 0x" nn |
| 643 | An unknown key-exchange message arrived. |
| 644 | .SS "PEER warnings" |
| 645 | These are largely concerned with management of peers and the low-level |
| 646 | details of the network protocol. The second word is usually the name of |
| 647 | a peer, or |
| 648 | .RB ` \- ' |
| 649 | if none is relevant. |
| 650 | .TP |
| 651 | .BI "PEER " peer " bad-packet no-type" |
| 652 | An empty packet arrived. This is very strange. |
| 653 | .TP |
| 654 | .BI "PEER " peer " bad-packet unknown-category 0x" nn |
| 655 | The message category |
| 656 | .I nn |
| 657 | (in hex) isn't understood. Probably a strange random packet from |
| 658 | somewhere; could be an unlikely bug. |
| 659 | .TP |
| 660 | .BI "PEER " peer " bad-packet unknown-type 0x" nn |
| 661 | The message type |
| 662 | .I nn |
| 663 | (in hex) isn't understood. Probably a strange random packet from |
| 664 | somewhere; could be an unlikely bug. |
| 665 | .TP |
| 666 | .BI "PEER " peer " corrupt-encrypted-ping" |
| 667 | The peer sent a ping response which matches an outstanding ping, but its |
| 668 | payload is wrong. There's definitely a bug somewhere. |
| 669 | .TP |
| 670 | .BI "PEER " peer " corrupt-transport-ping" |
| 671 | The peer (apparently) sent a ping response which matches an outstanding |
| 672 | ping, but its payload is wrong. Either there's a bug, or the bad guys |
| 673 | are playing tricks on you. |
| 674 | .TP |
| 675 | .BI "PEER " peer " decrypt-failed" |
| 676 | An encrypted IP packet failed to decrypt. It may have been mangled in |
| 677 | transit, or may be a very old packet from an expired previous session |
| 678 | key. There is usually a considerable overlap in the validity periods of |
| 679 | successive session keys, so this shouldn't occur unless the key exchange |
| 680 | takes ages or fails. |
| 681 | .TP |
| 682 | .BI "PEER " peer " malformed-encrypted-ping" |
| 683 | The peer sent a ping response which is hopelessly invalid. There's |
| 684 | definitely a bug somewhere. |
| 685 | .TP |
| 686 | .BI "PEER " peer " malformed-transport-ping" |
| 687 | The peer (apparently) sent a ping response which is hopelessly invalid. |
| 688 | Either there's a bug, or the bad guys are playing tricks on you. |
| 689 | .TP |
| 690 | .BI "PEER " peer " packet-build-failed" |
| 691 | There wasn't enough space in our buffer to put the packet we wanted to |
| 692 | send. Shouldn't happen. |
| 693 | .TP |
| 694 | .BI "PEER \- socket-read-error \-\- " message |
| 695 | An error occurred trying to read an incoming packet. |
| 696 | .TP |
| 697 | .BI "PEER " peer " socket-write-error \-\- " message |
| 698 | An error occurred attempting to send a network packet. We lost that |
| 699 | one. |
| 700 | .TP |
| 701 | .BI "PEER " peer " unexpected-encrypted-ping 0x" id |
| 702 | The peer sent an encrypted ping response whose id doesn't match any |
| 703 | outstanding ping. Maybe it was delayed for longer than the server was |
| 704 | willing to wait, or maybe the peer has gone mad. |
| 705 | .TP |
| 706 | .BI "PEER \- unexpected-source " address\fR... |
| 707 | A packet arrived from |
| 708 | .I address |
| 709 | (a network address \(en see above), but no peer is known at that |
| 710 | address. This may indicate a misconfiguration, or simply be a result of |
| 711 | one end of a connection being set up before the other. |
| 712 | .TP |
| 713 | .BI "PEER " peer " unexpected-transport-ping 0x" id |
| 714 | The peer (apparently) sent a transport ping response whose id doesn't |
| 715 | match any outstanding ping. Maybe it was delayed for longer than the |
| 716 | server was willing to wait, or maybe the peer has gone mad; or maybe |
| 717 | there are bad people trying to confuse you. |
| 718 | .SS "SERVER warnings" |
| 719 | These indicate problems concerning the server process as a whole. |
| 720 | .TP |
| 721 | .BI "SERVER ignore signal " name |
| 722 | A signal arrived, but the server ignored it. Currently this happens for |
| 723 | .B SIGHUP |
| 724 | because that's a popular way of telling daemons to re-read their |
| 725 | configuration files. Since |
| 726 | .B tripe |
| 727 | re-reads its keyrings automatically and has no other configuration |
| 728 | files, it's not relevant, but it seemed better to ignore the signal than |
| 729 | let the server die. |
| 730 | .TP |
| 731 | .BI "SERVER quit signal " \fR[\fInn\fR|\fIname\fR] |
| 732 | A signal arrived and |
| 733 | .B tripe |
| 734 | is going to quit. |
| 735 | .TP |
| 736 | .BI "SERVER quit admin-request" |
| 737 | A client of the administration interface issued a |
| 738 | .B QUIT |
| 739 | command. |
| 740 | .TP |
| 741 | .BI "SERVER select-error \-\- " message |
| 742 | An error occurred in the server's main event loop. This is bad: if it |
| 743 | happens too many times, the server will abort. |
| 744 | .SS "SYMM warnings" |
| 745 | These are concerned with the symmetric encryption and decryption |
| 746 | process. |
| 747 | .TP |
| 748 | .BI "SYMM replay old-sequence" |
| 749 | A packet was received with an old sequence number. It may just have |
| 750 | been delayed or duplicated, or it may have been an attempt at a replay |
| 751 | attack. |
| 752 | .TP |
| 753 | .BI "SYMM replay duplicated-sequence" |
| 754 | A packet was received with a sequence number we've definitely seen |
| 755 | before. It may be an accidental duplication because the 'net is like |
| 756 | that, or a deliberate attempt at a replay. |
| 757 | .SS "TUN warnings" |
| 758 | These concern the workings of the system-specific tunnel driver. The |
| 759 | second word is the name of the tunnel interface in question, or |
| 760 | .RB ` \- ' |
| 761 | if none. |
| 762 | .TP |
| 763 | .BI "TUN \- bsd no-tunnel-devices" |
| 764 | The driver couldn't find an available tunnel device. Maybe if you |
| 765 | create some more |
| 766 | .BI /dev/tun nn |
| 767 | files, it will work. |
| 768 | .TP |
| 769 | .BI "TUN - open-error " device " \-\- " message |
| 770 | An attempt to open the tunnel device file |
| 771 | .I device |
| 772 | failed. |
| 773 | .TP |
| 774 | .BI "TUN \- linux config-error \-\- " message |
| 775 | Configuring the Linux TUN/TAP interface failed. |
| 776 | .TP |
| 777 | .BI "TUN " ifname " read-error \-\- " message |
| 778 | Reading from the tunnel device failed. |
| 779 | .TP |
| 780 | .BI "TUN " ifname " slip bad-escape" |
| 781 | The SLIP driver encountered a escaped byte it wasn't expecting to see. |
| 782 | The erroneous packet will be ignored. |
| 783 | .TP |
| 784 | .BI "TUN " ifname " slip eof" |
| 785 | The SLIP driver encountered end-of-file on its input descriptor. |
| 786 | Pending data is discarded, and no attempt is made to read any more data |
| 787 | from that interface ever. |
| 788 | .TP |
| 789 | .BI "TUN " ifname " slip escape-end" |
| 790 | The SLIP driver encountered an escaped `end' marker. This probably |
| 791 | means that someone's been sending it junk. The erroneous packet is |
| 792 | discarded, and we hope that we've rediscovered synchronization. |
| 793 | .TP |
| 794 | .BI "TUN \- slip fork-error \-\- " message |
| 795 | The SLIP driver encountered an error forking a child process while |
| 796 | allocating a new dynamic interface. |
| 797 | .TP |
| 798 | .BI "TUN \- slip no-slip-interfaces" |
| 799 | The driver ran out of static SLIP interfaces. Either preallocate more, |
| 800 | or use dynamic SLIP interface allocation. |
| 801 | .TP |
| 802 | .BI "TUN " ifname " slip overflow" |
| 803 | The SLIP driver gave up reading a packet because it got too large. |
| 804 | .TP |
| 805 | .BI "TUN \- slip pipe-error \-\- " message |
| 806 | The SLIP driver encountered an error creating pipes while allocating a |
| 807 | new dynamic interface. |
| 808 | .TP |
| 809 | .BI "TUN \- slip read-ifname-failed \-\- " message |
| 810 | The SLIP driver encountered an error reading the name of a dynamically |
| 811 | allocated interface. Maybe the allocation script is broken. |
| 812 | .TP |
| 813 | .BI "TUN \- unet config-error \-\- " message |
| 814 | Configuring the Linux Unet interface failed. Unet is obsolete and |
| 815 | shouldn't be used any more. |
| 816 | .TP |
| 817 | .BI "TUN \- unet getinfo-error \-\- " message |
| 818 | Reading information about the Unet interface failed. Unet is obsolete |
| 819 | and shouldn't be used any more. |
| 820 | .TP |
| 821 | .BI "TUN \- unet ifname-too-long \-\- " message |
| 822 | The Unet interface's name overflowed, so we couldn't read it properly. |
| 823 | Unet is obsolete and shouldn't be used any more. |
| 824 | .SS "USER warnings" |
| 825 | These are issued by administration clients using the |
| 826 | .B WARN |
| 827 | command. |
| 828 | .TP |
| 829 | .BI "USER " tokens\fR... |
| 830 | An administration client issued a warning. |
| 831 | .SH "SEE ALSO" |
| 832 | .BR tripectl (1), |
| 833 | .BR tripe (8). |
| 834 | .PP |
| 835 | .IR "The Trivial IP Encryption Protocol" . |
| 836 | .SH "AUTHOR" |
| 837 | Mark Wooding, <mdw@distorted.org.uk> |