| 1 | secnet - flexible VPN software |
| 2 | |
| 3 | * Copying |
| 4 | |
| 5 | secnet is |
| 6 | Copyright 1995-2003 Stephen Early <steve@greenend.org.uk> |
| 7 | Copyright 2002-2014 Ian Jackson <ijackson@chiark.greenend.org.uk> |
| 8 | Copyright 1991 Massachusetts Institute of Technology |
| 9 | Copyright 1998 Ross Anderson, Eli Biham, Lars Knudsen |
| 10 | Copyright 1993 Colin Plumb |
| 11 | Copyright 1998 James H. Brown, Steve Reid |
| 12 | Copyright 2000 Vincent Rijmen, Antoon Bosselaers, Paulo Barreto |
| 13 | Copyright 2001 Saul Kravitz |
| 14 | Copyright 2004 Fabrice Bellard |
| 15 | Copyright 2002 Guido Draheim |
| 16 | Copyright 2005-2010 Free Software Foundation, Inc. |
| 17 | Copyright 1995-2001 Jonathan Amery |
| 18 | Copyright 1995-2003 Peter Benie |
| 19 | Copyright 2011 Richard Kettlewell |
| 20 | Copyright 2012 Matthew Vernon |
| 21 | Copyright 2013 Mark Wooding |
| 22 | Copyright 1995-2013 Simon Tatham |
| 23 | |
| 24 | secnet is distributed under the terms of the GNU General Public |
| 25 | License, version 3 or later. Some individual files have more |
| 26 | permissive licences; where this is the case, it is documented in the |
| 27 | header comment for the files in question. |
| 28 | |
| 29 | secnet is distributed in the hope that it will be useful, but WITHOUT |
| 30 | ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 31 | FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 32 | for more details. |
| 33 | |
| 34 | The file COPYING contains a copy of the GNU GPL v3. |
| 35 | |
| 36 | |
| 37 | * Introduction |
| 38 | |
| 39 | secnet allows large virtual private networks to be constructed |
| 40 | spanning multiple separate sites. It is designed for the case where a |
| 41 | private network connecting many hosts is 'hidden' behind a single |
| 42 | globally-routable IP address, but can also be applied in other |
| 43 | circumstances. It communicates entirely using UDP, and works well |
| 44 | with gateways that implement network address translation. |
| 45 | |
| 46 | If you are installing secnet to join an existing VPN, you should read |
| 47 | the 'INSTALL' file and your particular VPN's documentation now. You |
| 48 | may need to refer back to this file for information on the netlink and |
| 49 | comm sections of the configuration file. |
| 50 | |
| 51 | If you are thinking about setting up a new VPN of any size (from one |
| 52 | providing complete links between multiple sites to a simple |
| 53 | laptop-to-host link), read the section in this file on 'Creating a |
| 54 | VPN'. |
| 55 | |
| 56 | * Mailing lists and bug reporting |
| 57 | |
| 58 | There are two mailing lists associated with secnet: an 'announce' list |
| 59 | and a 'discuss' list. Their addresses are: |
| 60 | http://www.chiark.greenend.org.uk/mailman/listinfo/secnet-announce |
| 61 | http://www.chiark.greenend.org.uk/mailman/listinfo/secnet-discuss |
| 62 | |
| 63 | The -announce list receives one message per secnet release. The |
| 64 | -discuss list is for general discussion, including help with |
| 65 | configuration, bug reports, feature requests, etc. |
| 66 | |
| 67 | Bug reports should be sent to <steve@greenend.org.uk>; they will be |
| 68 | forwarded to the -discuss list by me. |
| 69 | |
| 70 | * Creating a VPN |
| 71 | |
| 72 | XXX TODO |
| 73 | |
| 74 | * secnet configuration file format |
| 75 | |
| 76 | By default secnet on linux reads /etc/secnet/secnet.conf. The default |
| 77 | may be different on other platforms. |
| 78 | |
| 79 | This file defines a dictionary (a mapping from keys to values) full of |
| 80 | configuration information for secnet. Two keys must be defined in |
| 81 | this file for secnet to start. One is "system", a dictionary |
| 82 | containing systemwide control parameters. The other is "sites", a |
| 83 | list of all the sites that you intend to communicate with. |
| 84 | |
| 85 | The configuration file has a very simple syntax; keys are defined as |
| 86 | follows: |
| 87 | |
| 88 | key definition; |
| 89 | or |
| 90 | key = definition; |
| 91 | |
| 92 | (the "=" is optional) |
| 93 | |
| 94 | Keys must match the following regular expression: |
| 95 | [[:alpha:]_][[:alnum:]\-_]* |
| 96 | |
| 97 | i.e. the first character must be an alpha or an underscore, and the |
| 98 | remaining characters may be alphanumeric, '-' or '_'. |
| 99 | |
| 100 | Keys can be defined to be a comma-separated list of any of the |
| 101 | following types: |
| 102 | |
| 103 | a boolean |
| 104 | a string, in quotes |
| 105 | a number, in decimal |
| 106 | a dictionary of definitions, enclosed in { } |
| 107 | a "closure", followed by arguments |
| 108 | a path to a key that already exists, to reference that definition |
| 109 | |
| 110 | Note that dictionaries can be nested: a key in one dictionary can |
| 111 | refer to another dictionary. When secnet looks for a key in a |
| 112 | particular directory and can't find it, it looks in the dictionary's |
| 113 | lexical 'parents' in turn until it finds it (or fails to find it at |
| 114 | all and stops with an error). |
| 115 | |
| 116 | Definitions can refer to previous definitions by naming them with a |
| 117 | path. Paths are key1/key2/key3... (starting from wherever we find |
| 118 | key1, i.e. in the current dictionary or any of its parents), or |
| 119 | alternatively /key1/key2/key3... (to start from the root). |
| 120 | Definitions cannot refer to future definitions. |
| 121 | |
| 122 | Example: |
| 123 | |
| 124 | a=1; |
| 125 | b=2; |
| 126 | c={ d=3; e=a; }; |
| 127 | f={ a=4; g=c; }; |
| 128 | |
| 129 | The following paths are valid: |
| 130 | a is 1 |
| 131 | b is 2 |
| 132 | c is a dictionary: |
| 133 | c/d is 3 |
| 134 | c/e is 1 |
| 135 | f is a dictionary: |
| 136 | f/a is 4 |
| 137 | f/g is a dictionary: |
| 138 | f/g/d is 3 |
| 139 | f/g/e is 1 |
| 140 | |
| 141 | Note that f/g/e is NOT 4. |
| 142 | |
| 143 | Elements that are lists are inserted into lists in definitions, not |
| 144 | referenced by them (i.e. you can't have lists of lists). |
| 145 | |
| 146 | Some closures may be followed by an argument list in ( ), and may |
| 147 | return any number of whatever type they like (including other |
| 148 | closures). Some types of closure (typically those returned from |
| 149 | invokations of other closures) cannot be invoked. |
| 150 | |
| 151 | closure { definitions } is short for closure({definitions}). |
| 152 | |
| 153 | The main body of secnet, and all the additional modules, predefine |
| 154 | some keys in the root dictionary. The main ones are: |
| 155 | |
| 156 | yes, true, True, TRUE, on: the boolean value True |
| 157 | no, false, False, FALSE, off: the boolean value False |
| 158 | makelist: turns a dictionary (arg1) into a list of definitions |
| 159 | (ignoring the keys) |
| 160 | readfile: reads a file (arg1) and returns it as a string |
| 161 | map: applies the closure specified as arg1 to each of the |
| 162 | remaining elements in the list in turn. Returns a list |
| 163 | made up of the outputs of the closure. |
| 164 | |
| 165 | Keys defined by modules are described below, in the module |
| 166 | documentation. |
| 167 | |
| 168 | Other configuration files can be included inline by writing "include |
| 169 | filename" at the start of a line. |
| 170 | |
| 171 | After the configuration file is read, secnet looks for particular keys |
| 172 | in configuration space to tell it what to do: |
| 173 | |
| 174 | system: a dictionary which can contain the following keys: |
| 175 | log (log closure): a destination for system messages |
| 176 | userid (string): the userid for secnet to run as once it drops privileges |
| 177 | pidfile (string): where to store its PID |
| 178 | |
| 179 | sites: a list of closures of type 'site', which define other tunnel |
| 180 | endpoints that secnet will attempt to communicate with |
| 181 | |
| 182 | * secnet command line options |
| 183 | |
| 184 | Usage: secnet [OPTION]... |
| 185 | |
| 186 | -f, --silent, --quiet suppress error messages |
| 187 | -w, --nowarnings suppress warnings |
| 188 | -v, --verbose output extra diagnostics |
| 189 | -c, --config=filename specify a configuration file |
| 190 | -j, --just-check-config stop after reading configfile |
| 191 | -n, --nodetach do not run in background |
| 192 | -d, --debug=item,... set debug options |
| 193 | --help display this help and exit |
| 194 | --version output version information and exit |
| 195 | |
| 196 | * secnet builtin modules |
| 197 | |
| 198 | ** resolver |
| 199 | |
| 200 | Defines: |
| 201 | adns (closure => resolver closure) |
| 202 | |
| 203 | adns: dict argument |
| 204 | config (string): optional, a resolv.conf for ADNS to use |
| 205 | |
| 206 | ** random |
| 207 | |
| 208 | Defines: |
| 209 | randomsrc (closure => randomsrc closure) |
| 210 | |
| 211 | randomsrc: string[,bool] |
| 212 | arg1: filename of random source |
| 213 | arg2: if True then source is blocking |
| 214 | |
| 215 | ** udp |
| 216 | |
| 217 | Defines: |
| 218 | udp (closure => comm closure) |
| 219 | |
| 220 | udp: dict argument |
| 221 | address (string list): IPv6 or IPv4 addresses to listen and send on; |
| 222 | default is all local addresses |
| 223 | port (integer): UDP port to listen and send on; optional if you |
| 224 | don't need to have a stable address for your peers to talk to |
| 225 | (in which case your site ought probably to have `local-mobile true'). |
| 226 | buffer (buffer closure): buffer for incoming packets |
| 227 | authbind (string): optional, path to authbind-helper program |
| 228 | |
| 229 | ** polypath |
| 230 | |
| 231 | Defines: |
| 232 | polypath (closure => comm closure) |
| 233 | |
| 234 | polypath: dict argument |
| 235 | port (integer): UDP port to listen and send on |
| 236 | buffer (buffer closure): buffer for incoming packets |
| 237 | authbind (string): optional, path to authbind-helper program |
| 238 | max-interfaces (number): optional, max number of different interfaces to |
| 239 | use (also, maximum steady-state amount of packet multiplication) |
| 240 | interfaces (string list): which interfaces to process; each entry is |
| 241 | optionally `!' or `+' followed by a glob pattern (which is applied to a |
| 242 | prospective interface using fnmatch with no flags). If no list is |
| 243 | specified, or the list ends with a `!' entry, a default list is |
| 244 | used/appended: "!tun*","!tap*","!sl*","!userv*","!lo","*". Patterns |
| 245 | which do not start with `*' or an alphanumeric need to be preceded |
| 246 | by `!' or `+'. |
| 247 | monitor-command (string list): Program to use to monitor appearance |
| 248 | and disappearance of addresses on local network interfaces. Should |
| 249 | produce lines of the form `+|-<ifname> 4|6 <addr>' where <addr> is |
| 250 | an address literal. Each - line should relate to a previously |
| 251 | printed + line. On startup, should produce a + line for each |
| 252 | currently existing address. secnet does filtering so there is no |
| 253 | need to strip out tun interfaces, multicast addresses, and so on. |
| 254 | The command is run as the user secnet is started as (not the one |
| 255 | which secnet may drop privilege to due to the configured `userid'). |
| 256 | The default depends on the operating system. |
| 257 | permit-loopback (boolean): Normally, loopback IPv6 and IPv4 |
| 258 | addresses on local interfaces are disregarded, because such |
| 259 | interfaces are not interesting for communicating with distant |
| 260 | hosts. Setting this option will ignore that check, which can be |
| 261 | useful for testing. Setting this option also removes "!lo*" from |
| 262 | the default interface pattern list. |
| 263 | |
| 264 | When using this comm, packets are sent out of every active interface |
| 265 | on the host (where possible). It is important that interfaces created |
| 266 | by secnet itself are not included! secnet's default filter list tries |
| 267 | to do this. |
| 268 | |
| 269 | This comm only makes sense for sites which are mobile. That is, the |
| 270 | site closures used with this comm should all have the `local-mobile' |
| 271 | parameter set to `true'. When the local site site is not marked |
| 272 | mobile the address selection machinery might fixate on an unsuitable |
| 273 | address. |
| 274 | |
| 275 | For an interface to work with polypath, it must either have a suitable |
| 276 | default route, or be a point-to-point interface. In the general case |
| 277 | this might mean that the host would have to have multiple default |
| 278 | routes. However in practice the most useful configuration is two |
| 279 | interfaces being (1) wifi (2) mobile internet. |
| 280 | |
| 281 | I have had success on Linux by using network-manager for wifi and |
| 282 | invoking ppp directly for mobile internet. ppp sets up a |
| 283 | point-to-point link, and does not add a default route if there already |
| 284 | is one. network-manager always sets up a default route. The result |
| 285 | is that the wifi always has a default route (so is useable); ppp |
| 286 | (being a point-to-point link) does not need one. |
| 287 | |
| 288 | The use of polypath requires that secnet be started with root |
| 289 | privilege, to make the setsockopt(,,SO_BINDTODEVICE,) calls. If the |
| 290 | configuration specifies that secnet should drop privilege (see |
| 291 | `userid' above), secnet will keep a special process around for this |
| 292 | purpose; that process will handle local network interface changes but |
| 293 | does not deal with any packets, key exchange, etc. |
| 294 | |
| 295 | polypath support is only available when secnet is built against an |
| 296 | IPv6-capable version of adns (because it wants features in the newer |
| 297 | adns). |
| 298 | |
| 299 | ** log |
| 300 | |
| 301 | Defines: |
| 302 | logfile (closure => log closure) |
| 303 | syslog (closure => log closure) |
| 304 | |
| 305 | logfile: dict argument |
| 306 | filename (string): where to log to |
| 307 | class (string list): what type of messages to log |
| 308 | { "debug-config", M_DEBUG_CONFIG }, |
| 309 | { "debug-phase", M_DEBUG_PHASE }, |
| 310 | { "debug", M_DEBUG }, |
| 311 | { "all-debug", M_DEBUG|M_DEBUG_PHASE|M_DEBUG_CONFIG }, |
| 312 | { "info", M_INFO }, |
| 313 | { "notice", M_NOTICE }, |
| 314 | { "warning", M_WARNING }, |
| 315 | { "error", M_ERROR }, |
| 316 | { "security", M_SECURITY }, |
| 317 | { "fatal", M_FATAL }, |
| 318 | { "default", M_WARNING|M_ERROR|M_SECURITY|M_FATAL }, |
| 319 | { "verbose", M_INFO|M_NOTICE|M_WARNING|M_ERROR|M_SECURITY|M_FATAL }, |
| 320 | { "quiet", M_FATAL } |
| 321 | |
| 322 | logfile will close and reopen its file upon receipt of SIGHUP. |
| 323 | |
| 324 | syslog: dict argument |
| 325 | ident (string): include this string in every log message |
| 326 | facility (string): facility to log as |
| 327 | { "authpriv", LOG_AUTHPRIV }, |
| 328 | { "cron", LOG_CRON }, |
| 329 | { "daemon", LOG_DAEMON }, |
| 330 | { "kern", LOG_KERN }, |
| 331 | { "local0", LOG_LOCAL0 }, |
| 332 | { "local1", LOG_LOCAL1 }, |
| 333 | { "local2", LOG_LOCAL2 }, |
| 334 | { "local3", LOG_LOCAL3 }, |
| 335 | { "local4", LOG_LOCAL4 }, |
| 336 | { "local5", LOG_LOCAL5 }, |
| 337 | { "local6", LOG_LOCAL6 }, |
| 338 | { "local7", LOG_LOCAL7 }, |
| 339 | { "lpr", LOG_LPR }, |
| 340 | { "mail", LOG_MAIL }, |
| 341 | { "news", LOG_NEWS }, |
| 342 | { "syslog", LOG_SYSLOG }, |
| 343 | { "user", LOG_USER }, |
| 344 | { "uucp", LOG_UUCP } |
| 345 | |
| 346 | ** util |
| 347 | |
| 348 | Defines: |
| 349 | sysbuffer (closure => buffer closure) |
| 350 | |
| 351 | sysbuffer: integer[,dict] |
| 352 | arg1: buffer length |
| 353 | arg2: options: |
| 354 | lockdown (boolean): if True, mlock() the buffer |
| 355 | |
| 356 | ** site |
| 357 | |
| 358 | Defines: |
| 359 | site (closure => site closure) |
| 360 | |
| 361 | site: dict argument |
| 362 | local-name (string): this site's name for itself |
| 363 | name (string): the name of the site's peer |
| 364 | link (netlink closure) |
| 365 | comm (one or more comm closures): if there is more than one, the |
| 366 | first one will be used for any key setups initiated by us using the |
| 367 | configured address. Others are only used if our peer talks to |
| 368 | them. |
| 369 | resolver (resolver closure) |
| 370 | random (randomsrc closure) |
| 371 | local-key (rsaprivkey closure) |
| 372 | address (string list): optional, DNS name(s) used to find our peer; |
| 373 | address literals are supported too if enclosed in `[' `]'. |
| 374 | port (integer): mandatory if 'address' is specified: the port used |
| 375 | to contact our peer |
| 376 | key (rsapubkey closure): our peer's public key |
| 377 | transform (transform closure): how to mangle packets sent between sites |
| 378 | dh (dh closure) |
| 379 | hash (hash closure) |
| 380 | key-lifetime (integer): max lifetime of a session key, in ms |
| 381 | [one hour; mobile: 2 days] |
| 382 | setup-retries (integer): max number of times to transmit a key negotiation |
| 383 | packet [5; mobile: 30] |
| 384 | setup-timeout (integer): time between retransmissions of key negotiation |
| 385 | packets, in ms [2000; mobile: 1000] |
| 386 | wait-time (integer): after failed key setup, wait this long (in ms) before |
| 387 | allowing another attempt [20000; mobile: 10000] |
| 388 | renegotiate-time (integer): if we see traffic on the link after this time |
| 389 | then renegotiate another session key immediately (in ms) |
| 390 | [half key-lifetime, or key-lifetime minus 5 mins (mobile: 12 hours), |
| 391 | whichever is longer]. |
| 392 | keepalive (bool): if True then attempt always to keep a valid session key. |
| 393 | [false] |
| 394 | log-events (string list): types of events to log for this site |
| 395 | unexpected: unexpected key setup packets (may be late retransmissions) |
| 396 | setup-init: start of attempt to setup a session key |
| 397 | setup-timeout: failure of attempt to setup a session key, through timeout |
| 398 | activate-key: activation of a new session key |
| 399 | timeout-key: deletion of current session key through age |
| 400 | security: anything potentially suspicious |
| 401 | state-change: steps in the key setup protocol |
| 402 | packet-drop: whenever we throw away an outgoing packet |
| 403 | dump-packets: every key setup packet we see |
| 404 | errors: failure of name resolution, internal errors |
| 405 | peer-addrs: changes to sets of peer addresses (interesting for mobile peers) |
| 406 | all: everything (too much!) |
| 407 | mobile (bool): if True then peer is "mobile" ie we assume it may |
| 408 | change its apparent IP address and port number without either it |
| 409 | or us being aware of the change; so, we remember the last several |
| 410 | port/addr pairs we've seen and send packets to all of them |
| 411 | (subject to a timeout). We maintain one set of addresses for key |
| 412 | setup exchanges, and another for data traffic. Two communicating |
| 413 | peers must not each regard the other as mobile, or all the traffic |
| 414 | in each direction will be triplicated (strictly, transmitted |
| 415 | mobile-peers-max times) and anyway two peers whose public contact |
| 416 | address may suddenly change couldn't communicate reliably because |
| 417 | their contact addresses might both change at once. [false] |
| 418 | mobile-peers-max (integer): Maximum number of peer port/addr pairs we |
| 419 | remember and send to. Must be at least 1 and no more than 5. |
| 420 | [4 if any address is configured, otherwise 3] |
| 421 | static-peers-max (integer): Maximum number of peer port/addr pairs |
| 422 | we can try for a static site. Must be at least 1 and no more |
| 423 | than 5. [4 or 3, as above] |
| 424 | mobile-peer-expiry (integer): For "mobile" peers only, the length |
| 425 | of time (in seconds) for which we will keep sending to multiple |
| 426 | address/ports from which we have not seen incoming traffic. [120] |
| 427 | local-mobile (bool): if True then other peers have been told we are |
| 428 | "mobile". This should be True iff the peers' site configurations |
| 429 | for us have "mobile True" (and if we find a site configuration for |
| 430 | ourselves in the config, we insist on this). The effect is to |
| 431 | check that there are no links both ends of which are allegedly |
| 432 | mobile (which is not supported, so those links are ignored) and |
| 433 | to change some of the tuning parameter defaults. [false] |
| 434 | mtu-target (integer): Desired value of the inter-site MTU for this |
| 435 | peering. This value will be advertised to the peer (which ought |
| 436 | to affect incoming packets), and if the peer advertises an MTU its |
| 437 | value will be combined with this setting to compute the inter-site |
| 438 | MTU. (secnet will still accept packets which exceed the |
| 439 | (negotiated or assumed) inter-site MTU.) Setting a lower |
| 440 | inter-site MTU can be used to try to restrict the sizes of the |
| 441 | packets sent over the underlying public network (e.g. to work |
| 442 | around network braindamage). It is not normally useful to set a |
| 443 | larger value for mtu-target than the VPN's general MTU (which |
| 444 | should be reflected in the local private interface MTU, ie the mtu |
| 445 | parameter to netlink). If this parameter is not set, or is set |
| 446 | to 0, the default is to use the local private link mtu. |
| 447 | comm-info (dict): Information for the comm, used when this site |
| 448 | wants to transmit. If the comm does not support this, it is |
| 449 | ignored. (Currently nothing uses this.) |
| 450 | |
| 451 | Links involving mobile peers have some different tuning parameter |
| 452 | default values, which are generally more aggressive about retrying key |
| 453 | setup but more relaxed about using old keys. These are noted with |
| 454 | "mobile:", above, and apply whether the mobile peer is local or |
| 455 | remote. |
| 456 | |
| 457 | ** transform-eax |
| 458 | |
| 459 | Defines: |
| 460 | eax-serpent (closure => transform closure) |
| 461 | |
| 462 | ** transform-cbcmac |
| 463 | |
| 464 | Defines: |
| 465 | serpent256-cbc (closure => transform closure) |
| 466 | |
| 467 | ** netlink |
| 468 | |
| 469 | Defines: |
| 470 | null-netlink (closure => closure or netlink closure) |
| 471 | |
| 472 | null-netlink: dict argument |
| 473 | name (string): name for netlink device, used in log messages |
| 474 | networks (string list): networks on the host side of the netlink device |
| 475 | remote-networks (string list): networks that may be claimed |
| 476 | by the remote site using this netlink device |
| 477 | local-address (string): IP address of host's tunnel interface |
| 478 | secnet-address (string): IP address of this netlink device |
| 479 | ptp-address (string): IP address of the other end of a point-to-point link |
| 480 | mtu (integer): MTU of host's tunnel interface |
| 481 | |
| 482 | Only one of secnet-address or ptp-address may be specified. If |
| 483 | point-to-point mode is in use then the "routes" option must also be |
| 484 | specified, and netlink returns a netlink closure that should be used |
| 485 | directly with the "link" option to the site closure. If |
| 486 | point-to-point mode is not in use then netlink returns a closure that |
| 487 | may be invoked using a dict argument with the following keys to yield |
| 488 | a netlink closure: |
| 489 | routes (string list): networks reachable down the tunnel attached to |
| 490 | this instance of netlink |
| 491 | options (string list): |
| 492 | allow-route: allow packets coming from this tunnel to be routed to |
| 493 | other tunnels as well as the host (used for mobile devices like laptops) |
| 494 | soft: remove these routes from the host's routing table when |
| 495 | the tunnel link quality is zero |
| 496 | mtu (integer): MTU of host's tunnel interface |
| 497 | |
| 498 | Netlink will dump its current routing table to the system/log on |
| 499 | receipt of SIGUSR1. |
| 500 | |
| 501 | ** slip |
| 502 | |
| 503 | Defines: |
| 504 | userv-ipif (closure => netlink closure) |
| 505 | |
| 506 | userv-ipif: dict argument |
| 507 | userv-path (string): optional, where to find userv ["userv"] |
| 508 | service-user (string): optional, username for userv-ipif service ["root"] |
| 509 | service-name (string): optional, name of userv-ipif service ["ipif"] |
| 510 | buffer (buffer closure): buffer for assembly of host->secnet packets |
| 511 | plus generic netlink options, as for 'null-netlink' |
| 512 | |
| 513 | ** tun |
| 514 | |
| 515 | Defines: |
| 516 | tun (closure => netlink closure) [only on linux-2.4] |
| 517 | tun-old (closure => netlink closure) |
| 518 | |
| 519 | tun: dict argument |
| 520 | flavour (string): optional, type of TUN interface to use |
| 521 | ("guess","linux","bsd","streams") |
| 522 | device (string): optional, path of TUN/TAP device file ["/dev/net/tun"] |
| 523 | interface (string): optional, name of tunnel network interface |
| 524 | ifconfig-path (string): optional, path to ifconfig command |
| 525 | route-path (string): optional, path to route command |
| 526 | ifconfig-type (string): optional, how to perform ifconfig |
| 527 | route-type (string): optional, how to add and remove routes |
| 528 | types are: "guess", "ioctl", "bsd", "linux", "solaris-2.5" |
| 529 | buffer (buffer closure): buffer for host->secnet packets |
| 530 | plus generic netlink options, as for 'null-netlink' |
| 531 | |
| 532 | I recommend you don't specify the 'interface' option unless you're |
| 533 | doing something that requires the interface name to be constant. |
| 534 | |
| 535 | ** rsa |
| 536 | |
| 537 | Defines: |
| 538 | rsa-private (closure => rsaprivkey closure) |
| 539 | rsa-public (closure => rsapubkey closure) |
| 540 | |
| 541 | rsa-private: string[,bool] |
| 542 | arg1: filename of SSH private key file (version 1, no password) |
| 543 | arg2: whether to check that the key is usable [default True] |
| 544 | |
| 545 | rsa-public: string,string |
| 546 | arg1: encryption key (decimal) |
| 547 | arg2: modulus (decimal) |
| 548 | |
| 549 | ** dh |
| 550 | |
| 551 | Defines: |
| 552 | diffie-hellman (closure => dh closure) |
| 553 | |
| 554 | diffie-hellman: string,string[,bool] |
| 555 | arg1: modulus (hex) |
| 556 | arg2: generator (hex) |
| 557 | arg3: whether to check that the modulus is prime [default True] |
| 558 | |
| 559 | ** md5 |
| 560 | |
| 561 | Defines: |
| 562 | md5 (hash closure) |
| 563 | |
| 564 | ** sha1 |
| 565 | |
| 566 | Defines: |
| 567 | sha1 (hash closure) |
| 568 | |
| 569 | ** conffile |
| 570 | |
| 571 | Defines: |
| 572 | makelist (dictionary => list of definitions) |
| 573 | readfile (string => string) |
| 574 | map (closure,list => list) |
| 575 | |
| 576 | makelist: dictionary |
| 577 | returns a list consisting of the definitions in the dictionary. The keys |
| 578 | are discarded. |
| 579 | |
| 580 | readfile: string |
| 581 | reads the named file and returns its contents as a string |
| 582 | |
| 583 | map: |
| 584 | applies the closure specified as arg1 to each of the elements in the list. |
| 585 | Returns a list made up of the outputs of the closure. |