X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/e6d6991c815cb4b06efc4b3be4c631e0ef166bc4..refs/heads/mdw/xdh:/README diff --git a/README b/README index 98ddec8..5a4db52 100644 --- a/README +++ b/README @@ -18,7 +18,7 @@ secnet is Copyright 1995-2003 Peter Benie Copyright 2011 Richard Kettlewell Copyright 2012 Matthew Vernon - Copyright 2013 Mark Wooding + Copyright 2013-2017 Mark Wooding Copyright 1995-2013 Simon Tatham secnet is distributed under the terms of the GNU General Public @@ -236,14 +236,18 @@ polypath: dict argument buffer (buffer closure): buffer for incoming packets authbind (string): optional, path to authbind-helper program max-interfaces (number): optional, max number of different interfaces to - use (also, maximum steady-state amount of packet multiplication) + use (also, maximum steady-state amount of packet multiplication); + interfaces marked with `@' do not count. interfaces (string list): which interfaces to process; each entry is - optionally `!' or `+' followed by a glob pattern (which is applied to a - prospective interface using fnmatch with no flags). If no list is - specified, or the list ends with a `!' entry, a default list is - used/appended: "!tun*","!tap*","!sl*","!userv*","!lo","*". Patterns - which do not start with `*' or an alphanumeric need to be preceded - by `!' or `+'. + optionally `!' or `+' or `@' followed by a glob pattern (which is + applied to a prospective interface using fnmatch with no flags). + `+' or nothing means to process normally. `!' means to ignore; + `@' means to use only in conjunction with dedicated-interface-addr. + If no list is specified, or the list ends with a `!' entry, a + default list is used/appended: + "!tun*","!tap*","!sl*","!userv*","!lo","@hippo*","*". + Patterns which do not start with `*' or an alphanumeric need to be + preceded by `!' or `+' or `@'. monitor-command (string list): Program to use to monitor appearance and disappearance of addresses on local network interfaces. Should produce lines of the form `+|- 4|6 ' where is @@ -272,6 +276,14 @@ parameter set to `true'. When the local site site is not marked mobile the address selection machinery might fixate on an unsuitable address. +polypath takes site-specific informtion as passed to the `comm-info' +site closure parameter. The entries understood in the dictionary +are: + dedicated-interface-addr (string): IPv4 or IPv6 address + literal. Interfaces specified with `@' in `interfaces' will be + used for the corresponding site iff the interface local address + is this address. + For an interface to work with polypath, it must either have a suitable default route, or be a point-to-point interface. In the general case this might mean that the host would have to have multiple default @@ -383,8 +395,9 @@ site: dict argument packet [5; mobile: 30] setup-timeout (integer): time between retransmissions of key negotiation packets, in ms [2000; mobile: 1000] - wait-time (integer): after failed key setup, wait this long (in ms) before - allowing another attempt [20000; mobile: 10000] + wait-time (integer): after failed key setup, wait roughly this long + (in ms) before allowing another attempt [20000; mobile: 10000] + Actual wait time is randomly chosen between ~0.5x and ~1.5x this. renegotiate-time (integer): if we see traffic on the link after this time then renegotiate another session key immediately (in ms) [half key-lifetime, or key-lifetime minus 5 mins (mobile: 12 hours), @@ -444,6 +457,9 @@ site: dict argument should be reflected in the local private interface MTU, ie the mtu parameter to netlink). If this parameter is not set, or is set to 0, the default is to use the local private link mtu. + comm-info (dict): Information for the comm, used when this site + wants to transmit. If the comm does not support this, it is + ignored. Links involving mobile peers have some different tuning parameter default values, which are generally more aggressive about retrying key