line reporting the IP address and port number stored for
.IR peer .
.SP
+.B "ALGS"
+Emits information about the cryptographic algorithms in use, in
+key-value form. The keys are as follows.
+.RS
+.TP
+.B kx-group
+Type of key-exchange group in use, currently either
+.B ec
+or
+.BR prime .
+.TP
+.B kx-group-order-bits
+Length of the group order, in bits. This gives an approximate measure
+of the group strength.
+.TP
+.B kx-group-elt-bits
+Length of a group element, in bits. This may be useful when analyzing
+protocol traces.
+.TP
+.B hash
+The hash function in use, e.g.,
+.BR sha256 .
+.TP
+.B mgf
+The mask-generating function in use, e.g.,
+.BR whirlpool-mgf .
+.TP
+.B hashsz
+The size of the hash function's output, in octets.
+.TP
+.B cipher
+The name of the bulk data cipher in use, e.g.,
+.BR blowfish-cbc .
+.TP
+.B cipher-keysz
+The length of key used by the bulk data cipher, in octets.
+.TP
+.B cipher-blksz
+The block size of the bulk data cipher, or zero if it's not based on a
+block cipher.
+.TP
+.B cipher-data-limit
+The maximum amount of data to be encrypted using a single key. (A new
+key exchange is instigated well before the limit is reached, in order to
+allow for a seamless changeover of keys.)
+.TP
+.B mac
+The message authentication algorithm in use, e.g.,
+.BR ripemd160-hmac ..
+.TP
+.B mac-keysz
+The length of the key used by the message authentication algorithm, in
+octets.
+.TP
+.B mac-tagsz
+The length of the message authentication tag, in octets.
+.PP
+The various sizes are useful, for example, when computing the MTU for a
+tunnel interface. If
+.I MTU
+is the MTU of the path to the peer, then the tunnel MTU should be
+.IP
+.I MTU
+\- 33 \-
+.I cipher-blksz
+\-
+.I mac-tagsz
+.PP
+allowing 20 bytes of IP header, 8 bytes of UDP header, a packet type
+octet, a four-octet sequence number, an IV, and a MAC tag.
+.RE
+.SP
.BI "BGCANCEL " tag
Cancels the background job with the named
.IR tag .
failed for some reason. A warning should have been emitted explaining
why.
.SP
+.BI "peer-addr-exists " address\fR...
+(For
+.BR ADD .)
+There is already a peer with the given
+.IR address .
+.SP
.BI "peer-exists " peer
(For
.BR ADD .)
.B QUIT
command.
.SP
+.BI "SERVER quit foreground-eof"
+The server is running in foreground mode (the
+.B \-F
+option), and encountered end-of-file on standard input.
+.SP
.BI "SERVER select-error " ecode " " message
An error occurred in the server's main event loop. This is bad: if it
happens too many times, the server will abort.
~mdw / tripe / blobdiff