.\" -*-nroff-*-
+.\".
+.\" Manual for the administration protocol
+.\"
+.\" (c) 2008 Straylight/Edgeware
.\"
-.ie t \{\
-. if \n(.g \{\
-. fam P
-. \}
-.\}
.
-.de SP
-.TP
-..
+.\"----- Licensing notice ---------------------------------------------------
+.\"
+.\" This file is part of Trivial IP Encryption (TrIPE).
+.\"
+.\" TrIPE is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 2 of the License, or
+.\" (at your option) any later version.
+.\"
+.\" TrIPE is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with TrIPE; if not, write to the Free Software Foundation,
+.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+.
+.\"--------------------------------------------------------------------------
+.so ../defs.man.in \" @@@PRE@@@
+.
+.\"--------------------------------------------------------------------------
.TH tripe-admin 5 "18 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
-.SH NAME
+.
+.\"--------------------------------------------------------------------------
+.SH "NAME"
+.
tripe-admin \- administrator commands for TrIPE
-.SH DESCRIPTION
+.
+.\"--------------------------------------------------------------------------
+.SH "DESCRIPTION"
+.
This manual page describes the administration interface provided by the
.BR tripe (8)
daemon.
.PP
Lowercase key letters control individual message types. Uppercase key
letters control collections of message types.
+.
+.\"--------------------------------------------------------------------------
.SH "COMMAND REFERENCE"
+.
.\"* 10 Commands
The commands provided are:
.SP
line reporting the IP address and port number stored for
.IR peer .
.SP
+.B "ALGS"
+Emits information about the cryptographic algorithms in use, in
+key-value form. The keys are as follows.
+.RS
+.TP
+.B kx-group
+Type of key-exchange group in use, currently either
+.B ec
+or
+.BR prime .
+.TP
+.B kx-group-order-bits
+Length of the group order, in bits. This gives an approximate measure
+of the group strength.
+.TP
+.B kx-group-elt-bits
+Length of a group element, in bits. This may be useful when analyzing
+protocol traces.
+.TP
+.B hash
+The hash function in use, e.g.,
+.BR sha256 .
+.TP
+.B mgf
+The mask-generating function in use, e.g.,
+.BR whirlpool-mgf .
+.TP
+.B hashsz
+The size of the hash function's output, in octets.
+.TP
+.B cipher
+The name of the bulk data cipher in use, e.g.,
+.BR blowfish-cbc .
+.TP
+.B cipher-keysz
+The length of key used by the bulk data cipher, in octets.
+.TP
+.B cipher-blksz
+The block size of the bulk data cipher, or zero if it's not based on a
+block cipher.
+.TP
+.B cipher-data-limit
+The maximum amount of data to be encrypted using a single key. (A new
+key exchange is instigated well before the limit is reached, in order to
+allow for a seamless changeover of keys.)
+.TP
+.B mac
+The message authentication algorithm in use, e.g.,
+.BR ripemd160-hmac ..
+.TP
+.B mac-keysz
+The length of the key used by the message authentication algorithm, in
+octets.
+.TP
+.B mac-tagsz
+The length of the message authentication tag, in octets.
+.PP
+The various sizes are useful, for example, when computing the MTU for a
+tunnel interface. If
+.I MTU
+is the MTU of the path to the peer, then the tunnel MTU should be
+.IP
+.I MTU
+\- 33 \-
+.I cipher-blksz
+\-
+.I mac-tagsz
+.PP
+allowing 20 bytes of IP header, 8 bytes of UDP header, a packet type
+octet, a four-octet sequence number, an IV, and a MAC tag.
+.RE
+.SP
.BI "BGCANCEL " tag
Cancels the background job with the named
.IR tag .
Issues a
.B USER
warning to all interested administration clients.
+.
+.\"--------------------------------------------------------------------------
.SH "ERROR MESSAGES"
+.
.\"* 20 Error messages (FAIL codes)
The following
.B FAIL
failed for some reason. A warning should have been emitted explaining
why.
.SP
+.BI "peer-addr-exists " address\fR...
+(For
+.BR ADD .)
+There is already a peer with the given
+.IR address .
+.SP
.BI "peer-exists " peer
(For
.BR ADD .)
.I tag
is not the tag for any outstanding background job. It may have just
finished.
+.
+.\"--------------------------------------------------------------------------
.SH "NOTIFICATIONS"
+.
.\"* 30 Notification broadcasts (NOTE codes)
The following notifications are sent to clients who request them.
.SP
An administration client issued a notification using the
.B NOTIFY
command.
+.
+.\"--------------------------------------------------------------------------
.SH "WARNINGS"
+.
.\"* 40 Warning broadcasts (WARN codes)
.\"+sep
There are many possible warnings. They are categorized according to
.B QUIT
command.
.SP
+.BI "SERVER quit foreground-eof"
+The server is running in foreground mode (the
+.B \-F
+option), and encountered end-of-file on standard input.
+.SP
.BI "SERVER select-error " ecode " " message
An error occurred in the server's main event loop. This is bad: if it
happens too many times, the server will abort.
.BI "USER " tokens\fR...
An administration client issued a warning.
.\"-sep
+.
+.\"--------------------------------------------------------------------------
.SH "SUMMARY"
+.
.SS "Command responses"
.nf
.BI "BGDETACH " tag
.B OK
.fi
.\"= summary
+.
+.\"--------------------------------------------------------------------------
.SH "SEE ALSO"
+.
.BR tripectl (1),
.BR tripe (8).
.PP
.IR "The Trivial IP Encryption Protocol" .
+.
+.\"--------------------------------------------------------------------------
.SH "AUTHOR"
+.
Mark Wooding, <mdw@distorted.org.uk>
+.
+.\"----- That's all, folks --------------------------------------------------