X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/042a8da9053c205ea74ec1785c93ca4bcf4ea5e0..d3fe100dfc120244d316e083ce87b1eb130fe4fd:/README diff --git a/README b/README index a21a2e7..4fe279d 100644 --- a/README +++ b/README @@ -1,5 +1,20 @@ secnet - flexible VPN software +* Copying + +secnet is Copyright (C) 1995--2001 Stephen Early +It is distributed under the terms of the GNU General Public License, +version 2 or later. See the file COPYING for more information. + +The portable snprintf implementation in snprintf.c is Copyright (C) +1999 Mark Martinec and is distributed under the +terms of the Frontier Artistic License. You can find the standard +version of snprintf.c at http://www.ijs.si/software/snprintf/ + +The IP address handling library in ipaddr.py is Copyright (C) +1996--2000 Cendio Systems AB, and is distributed under the terms of +the GPL. + * Introduction secnet allows large virtual private networks to be constructed @@ -19,6 +34,20 @@ providing complete links between multiple sites to a simple laptop-to-host link), read the section in this file on 'Creating a VPN'. +* Mailing lists and bug reporting + +There are two mailing lists associated with secnet: an 'announce' list +and a 'discuss' list. Their addresses are: +http://www.chiark.greenend.org.uk/mailman/listinfo/secnet-announce +http://www.chiark.greenend.org.uk/mailman/listinfo/secnet-discuss + +The -announce list receives one message per secnet release. The +-discuss list is for general discussion, including help with +configuration, bug reports, feature requests, etc. + +Bug reports should be sent to ; they will be +forwarded to the -discuss list by me. + * Creating a VPN XXX TODO @@ -136,7 +165,17 @@ in configuration space to tell it what to do: * secnet command line options -XXX TODO +Usage: secnet [OPTION]... + + -f, --silent, --quiet suppress error messages + -w, --nowarnings suppress warnings + -v, --verbose output extra diagnostics + -c, --config=filename specify a configuration file + -j, --just-check-config stop after reading configfile + -n, --nodetach do not run in background + -d, --debug=item,... set debug options + --help display this help and exit + --version output version information and exit * secnet builtin modules @@ -232,7 +271,7 @@ Defines: site: dict argument local-name (string): this site's name for itself name (string): the name of the site's peer - netlink (netlink closure) + link (netlink closure) comm (comm closure) resolver (resolver closure) random (randomsrc closure) @@ -240,7 +279,6 @@ site: dict argument address (string): optional, DNS name used to find our peer port (integer): mandatory if 'address' is specified: the port used to contact our peer - networks (string list): networks that our peer may claim traffic for key (rsapubkey closure): our peer's public key transform (transform closure): how to mangle packets sent between sites dh (dh closure) @@ -267,12 +305,6 @@ site: dict argument dump-packets: every key setup packet we see errors: failure of name resolution, internal errors all: everything (too much!) - netlink-options (string list): options to pass to netlink device when - registering remote networks - soft: create 'soft' routes that go away when there's no key established - with the peer - allow-route: allow packets from our peer to be sent down other tunnels, - as well as to the host ** transform @@ -282,7 +314,7 @@ Defines: ** netlink Defines: - null-netlink (closure => netlink closure) + null-netlink (closure => closure or netlink closure) null-netlink: dict argument name (string): name for netlink device, used in log messages @@ -291,8 +323,24 @@ null-netlink: dict argument by any remote site using this netlink device local-address (string): IP address of host's tunnel interface secnet-address (string): IP address of this netlink device + ptp-address (string): IP address of the other end of a point-to-point link mtu (integer): MTU of host's tunnel interface +Only one of secnet-address or ptp-address may be specified. If +point-to-point mode is in use then the "routes" option must also be +specified, and netlink returns a netlink closure that should be used +directly with the "link" option to the site closure. If +point-to-point mode is not in use then netlink returns a closure that +may be invoked using a dict argument with the following keys to yield +a netlink closure: + routes (string list): networks reachable down the tunnel attached to + this instance of netlink + options (string list): + allow-route: allow packets coming from this tunnel to be routed to + other tunnels as well as the host (used for mobile devices like laptops) + soft-route: remove these routes from the host's routing table when + the tunnel link quality is zero + Netlink will dump its current routing table to the system/log on receipt of SIGUSR1. @@ -331,6 +379,9 @@ tun-old: dict argument route-path (string): optional, path to route command plus generic netlink options, as for 'null-netlink' + I recommend you don't specify the 'interface' option unless you're + doing something that requires the interface name to be constant. + ** rsa Defines: @@ -364,3 +415,21 @@ Defines: Defines: sha1 (hash closure) + +** conffile + +Defines: + makelist (dictionary => list of definitions) + readfile (string => string) + map (closure,list => list) + +makelist: dictionary + returns a list consisting of the definitions in the dictionary. The keys + are discarded. + +readfile: string + reads the named file and returns its contents as a string + +map: + applies the closure specified as arg1 to each of the elements in the list. + Returns a list made up of the outputs of the closure.