| 1 | .\" -*-nroff-*- |
| 2 | .\". |
| 3 | .\" Manual for the server |
| 4 | .\" |
| 5 | .\" (c) 2008 Straylight/Edgeware |
| 6 | .\" |
| 7 | . |
| 8 | .\"----- Licensing notice --------------------------------------------------- |
| 9 | .\" |
| 10 | .\" This file is part of Trivial IP Encryption (TrIPE). |
| 11 | .\" |
| 12 | .\" TrIPE is free software: you can redistribute it and/or modify it under |
| 13 | .\" the terms of the GNU General Public License as published by the Free |
| 14 | .\" Software Foundation; either version 3 of the License, or (at your |
| 15 | .\" option) any later version. |
| 16 | .\" |
| 17 | .\" TrIPE is distributed in the hope that it will be useful, but WITHOUT |
| 18 | .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 19 | .\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 20 | .\" for more details. |
| 21 | .\" |
| 22 | .\" You should have received a copy of the GNU General Public License |
| 23 | .\" along with TrIPE. If not, see <https://www.gnu.org/licenses/>. |
| 24 | . |
| 25 | .\"-------------------------------------------------------------------------- |
| 26 | .so ../common/defs.man \" @@@PRE@@@ |
| 27 | . |
| 28 | .\"-------------------------------------------------------------------------- |
| 29 | .TH tripe 8tripe "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption" |
| 30 | . |
| 31 | .\"-------------------------------------------------------------------------- |
| 32 | .SH "NAME" |
| 33 | . |
| 34 | tripe \- a simple VPN daemon |
| 35 | . |
| 36 | .\"-------------------------------------------------------------------------- |
| 37 | .SH "SYNOPSIS" |
| 38 | . |
| 39 | .B tripe |
| 40 | .RB [ \-46DF ] |
| 41 | .RB [ \-d |
| 42 | .IR dir ] |
| 43 | .RB [ \-b |
| 44 | .IR addr ] |
| 45 | .RB [ \-p |
| 46 | .IR port ] |
| 47 | .RB [ \-n |
| 48 | .IR tunnel ] |
| 49 | .br |
| 50 | \c |
| 51 | .RB [ \-U |
| 52 | .IR user ] |
| 53 | .RB [ \-G |
| 54 | .IR group ] |
| 55 | .RB [ \-a |
| 56 | .IR socket ] |
| 57 | .RB [ \-m |
| 58 | .IR mode ] |
| 59 | .RB [ \-T |
| 60 | .IR trace-opts ] |
| 61 | .br |
| 62 | \c |
| 63 | .RB [ \-k |
| 64 | .IR priv-keyring ] |
| 65 | .RB [ \-K |
| 66 | .IR pub-keyring ] |
| 67 | .RB [ \-t |
| 68 | .IR key-tag ] |
| 69 | . |
| 70 | .\"-------------------------------------------------------------------------- |
| 71 | .SH "DESCRIPTION" |
| 72 | . |
| 73 | The |
| 74 | .B tripe |
| 75 | program is a server which can provide strong IP-level encryption and |
| 76 | authentication between co-operating hosts. The program and its protocol |
| 77 | are deliberately very simple, to make analysing them easy and to help |
| 78 | build trust rapidly in the system. |
| 79 | .SS "Overview" |
| 80 | The |
| 81 | .B tripe |
| 82 | server manages a number of secure connections to other `peer' hosts. |
| 83 | Each daemon is given a private key of its own, and a file of public keys |
| 84 | for the peers with which it is meant to communicate. It is responsible |
| 85 | for negotiating sets of symmetric keys with its peers, and for |
| 86 | encrypting, encapsulating and sending IP packets to its peers, and |
| 87 | decrypting, checking and de-encapsulating packets it receives from |
| 88 | them. |
| 89 | .PP |
| 90 | When the server starts, it creates a Unix-domain socket on which it |
| 91 | listens for administration commands. It also logs warnings and |
| 92 | diagnostic information to the programs connected to its admin socket. |
| 93 | Clients connected to the socket can add new peers, and remove or find |
| 94 | out about existing peers. The textual protocol used to give the |
| 95 | .B tripe |
| 96 | server admin commands is described in |
| 97 | .BR tripe\-admin (5). |
| 98 | A client program |
| 99 | .BR tripectl (1) |
| 100 | is provided to allow commands to be sent to the server either |
| 101 | interactively or by simple scripts. |
| 102 | .SS "Command-line arguments" |
| 103 | If not given any command-line arguments, |
| 104 | .B tripe |
| 105 | will initialize by following these steps: |
| 106 | .hP 1. |
| 107 | It sets the directory named by the |
| 108 | .B TRIPEDIR |
| 109 | environment variable (or |
| 110 | .B "\*(/c" |
| 111 | if the variable is unset) as the current directory. |
| 112 | .hP 2. |
| 113 | It acquires a UDP socket. The default port is 4070 |
| 114 | It will use this socket to send and receive all communications with its |
| 115 | peer servers. The port chosen may be discovered by means of the |
| 116 | .B PORT |
| 117 | admin command (see |
| 118 | .BR tripe\-admin (5)). |
| 119 | .hP 3. |
| 120 | It loads the private key with the tag or type name |
| 121 | .B tripe |
| 122 | (or, failing that, |
| 123 | .B tripe\-dh |
| 124 | for backwards compatibility reasons) from the Catacomb-format file |
| 125 | .BR keyring , |
| 126 | and loads the file |
| 127 | .B keyring.pub |
| 128 | ready for extracting the public keys of peers as they're introduced. |
| 129 | (The format of these files is described in |
| 130 | .BR keyring (5). |
| 131 | They are maintained using the program |
| 132 | .BR key (1) |
| 133 | provided with the Catacomb distribution.) |
| 134 | .hP 4. |
| 135 | It creates and listens to the Unix-domain socket |
| 136 | .BR tripesock . |
| 137 | .PP |
| 138 | Following this, the server enters its main loop, accepting admin |
| 139 | connections and obeying any administrative commands, and communicating |
| 140 | with peers. It also treats its standard input and standard output |
| 141 | streams as an admin connection, reading commands from standard input and |
| 142 | writing responses and diagnostics messages to standard output. Finally, |
| 143 | it will reload keys from its keyring files if it notices that they've |
| 144 | changed (it checks inode number and modification time) \- there's no |
| 145 | need to send a signal. |
| 146 | .PP |
| 147 | Much of this behaviour may be altered by giving |
| 148 | .B tripe |
| 149 | suitable command-line options: |
| 150 | .TP |
| 151 | .B "\-h, \-\-help" |
| 152 | Writes a brief description of the command-line options available to |
| 153 | standard output and exits with status 0. |
| 154 | .TP |
| 155 | .B "\-v, \-\-version" |
| 156 | Writes |
| 157 | .BR tripe 's |
| 158 | version number to standard output and exits with status 0. |
| 159 | .TP |
| 160 | .B "\-u, \-\-usage" |
| 161 | Writes a brief usage summary to standard output and exits with status 0. |
| 162 | .TP |
| 163 | .B "\-\-tunnels" |
| 164 | Writes to standard output a list of the configured tunnel drivers, one |
| 165 | per line, and exits with status 0. This is intended for the use of the |
| 166 | start-up script, so that it can check that it will actually work. |
| 167 | .TP |
| 168 | .B "\-4, \-\-ipv4" |
| 169 | Use only IPv4 addresses. The server will resolve names only to IPv4 |
| 170 | addresses, and not attempt to create IPv6 sockets. |
| 171 | .TP |
| 172 | .B "\-6, \-\-ipv6" |
| 173 | Use only IPv6 addresses. The server will resolve names only to IPv6 |
| 174 | addresses, and not attempt to create IPv4 sockets. Note that v6-mapped |
| 175 | IPv4 addresses won't work either. |
| 176 | .TP |
| 177 | .B "\-D, \-\-daemon" |
| 178 | Dissociates from its terminal and starts running in the background after |
| 179 | completing the initialization procedure described above. If running as |
| 180 | a daemon, |
| 181 | .B tripe |
| 182 | will not read commands from standard input or write diagnostics to |
| 183 | standard output. A better way to start |
| 184 | .B tripe |
| 185 | in the background is with |
| 186 | .BR tripectl (1). |
| 187 | .TP |
| 188 | .B "\-F, \-\-foreground" |
| 189 | Runs the server in the `foreground'; i.e., |
| 190 | .B tripe |
| 191 | will quit if it sees end-of-file on its standard input. This is |
| 192 | incompatible with |
| 193 | .BR \-D . |
| 194 | .TP |
| 195 | .BI "\-d, \-\-directory=" dir |
| 196 | Makes |
| 197 | .I dir |
| 198 | the current directory. The default directory to change to is given by |
| 199 | the environment variable |
| 200 | .BR TRIPEDIR ; |
| 201 | if that's not specified, a default default of |
| 202 | .B "\*(/c" |
| 203 | is used. Give a current directory of |
| 204 | .B . |
| 205 | if you don't want it to change directory at all. |
| 206 | .TP |
| 207 | .BI "\-b, \-\-bind-address="addr |
| 208 | Bind the UDP socket to IP address |
| 209 | .I addr |
| 210 | rather than the default of |
| 211 | .BR INADDR_ANY . |
| 212 | This is useful if your main globally-routable IP address is one you want |
| 213 | to tunnel through the VPN. |
| 214 | .TP |
| 215 | .BI "\-p, \-\-port=" port |
| 216 | Use the specified UDP port for all communications with peers, rather |
| 217 | than the default port 4070. If this is zero, the kernel will assign a |
| 218 | free port, which can be determined using the |
| 219 | .B PORT |
| 220 | administration command (see |
| 221 | .BR tripe-admin (5)). |
| 222 | .TP |
| 223 | .BI "\-n, \-\-tunnel=" tunnel |
| 224 | Use the specified tunnel driver for new peers by default. |
| 225 | .TP |
| 226 | .BI "\-U, \-\-setuid=" user |
| 227 | Set uid to that of |
| 228 | .I user |
| 229 | (either a user name or integer uid) after initialization. Also set gid |
| 230 | to |
| 231 | .IR user 's |
| 232 | primary group, unless overridden by a |
| 233 | .B \-G |
| 234 | option. The selected user (and group) will also be the owner of the |
| 235 | administration socket. |
| 236 | .TP |
| 237 | .BI "\-G, \-\-setgid=" group |
| 238 | If the current effective uid is zero (i.e., the daemon was invoked as |
| 239 | .BR root ) |
| 240 | then set gid to that of |
| 241 | .I group |
| 242 | (either a group name or integer gid) after initialization. In any |
| 243 | event, arrange hat the administration socket be owned by the given |
| 244 | .IR group . |
| 245 | .TP |
| 246 | .BI "\-k, \-\-priv\-keyring=" file |
| 247 | Reads the private key from |
| 248 | .I file |
| 249 | rather than the default |
| 250 | .BR keyring . |
| 251 | .TP |
| 252 | .BI "\-K, \-\-pub\-keyring=" file |
| 253 | Reads public keys from |
| 254 | .I file |
| 255 | rather than the default |
| 256 | .BR keyring.pub . |
| 257 | This can be the same as the private keyring, but that's not recommended. |
| 258 | .TP |
| 259 | .BI "\-t, \-\-tag=" tag |
| 260 | Uses the private key whose tag or type is |
| 261 | .I tag |
| 262 | rather than the default |
| 263 | .B tripe |
| 264 | or |
| 265 | .BR tripe\-dh . |
| 266 | .TP |
| 267 | .BI "\-a, \-\-admin\-socket=" socket |
| 268 | Accept admin connections to a Unix-domain socket named |
| 269 | .IR socket . |
| 270 | The default socket, if this option isn't specified, is given by the |
| 271 | environment variable |
| 272 | .BR TRIPESOCK ; |
| 273 | if that's not set either, then a default default of |
| 274 | .B "\*(/s/tripesock" |
| 275 | is used instead. |
| 276 | .TP |
| 277 | .BI "\-m, \-\-admin\-perms=" mode |
| 278 | Permissions (as an octal number) to set on the administration socket. The |
| 279 | default is 600, which allows only the socket owner. Setting 660 allows |
| 280 | members of the |
| 281 | .I group |
| 282 | configured through the |
| 283 | .B \-G |
| 284 | option to connect to the socket, which may be useful. Allowing world access |
| 285 | is a terrible idea. |
| 286 | .TP |
| 287 | .BI "\-T, \-\-trace=" trace-opts |
| 288 | Allows the enabling or disabling of various internal diagnostics. See |
| 289 | below for the list of options. |
| 290 | .SS "Key exchange group types" |
| 291 | The |
| 292 | .B tripe |
| 293 | server uses Diffie\(en\&Hellman key exchange to agree the symmetric keys |
| 294 | used for bulk data transfer. |
| 295 | .PP |
| 296 | The server works out which it should be doing based on the key's |
| 297 | .B kx-group |
| 298 | attribute. |
| 299 | If this attribute isn't present, then the key's type is examined: if |
| 300 | it's of the form |
| 301 | .BI tripe\- group |
| 302 | then the |
| 303 | .I group |
| 304 | is used. If no group is specified, |
| 305 | .B dh |
| 306 | is used as a fallback. |
| 307 | The following groups are defined. |
| 308 | .TP |
| 309 | .B dh |
| 310 | .RS |
| 311 | Use traditional Diffie\(enHellman in a |
| 312 | .IR "Schnorr group" : |
| 313 | a prime-order subgroup of the multiplicative group of |
| 314 | a finite field; this is the usual |
| 315 | .I g\*(ssx\*(se |
| 316 | mod |
| 317 | .I p |
| 318 | kind of Diffie\(en\&Hellman. |
| 319 | .PP |
| 320 | To create usual Schnorr-group keys, say something like |
| 321 | .VS |
| 322 | key add \-adh-param \-LS \-b3072 \-B256 \e |
| 323 | \-eforever \-tparam tripe\-param kx-group=dh |
| 324 | .VE |
| 325 | to construct a parameters key; and create the private keys by |
| 326 | .VS |
| 327 | key add \-adh \-pparam \-talice \e |
| 328 | \-e"now + 1 year" tripe |
| 329 | .VE |
| 330 | .RE |
| 331 | .sv -1 |
| 332 | .TP |
| 333 | .B ec |
| 334 | .RS |
| 335 | Use elliptic curve Diffie\(enHellman. |
| 336 | An elliptic curve group is a prime-order |
| 337 | subgroup of the abelian group of |
| 338 | .BR K -rational |
| 339 | points on an elliptic curve defined over a finite field |
| 340 | .BR K . |
| 341 | .PP |
| 342 | Given current public knowledge, elliptic curves can provide similar or |
| 343 | better security to systems based on integer discrete log problems, |
| 344 | faster, and with less transmitted data. It's a matter of controversy |
| 345 | whether this will continue to be the case. The author uses elliptic |
| 346 | curves. |
| 347 | .PP |
| 348 | To create elliptic curve keys, say something like |
| 349 | .VS |
| 350 | key add \-aec\-param \-Cnist-p256 \-eforever \e |
| 351 | \-tparam tripe\-param kx-group=ec |
| 352 | .VE |
| 353 | to construct a parameters key, using your preferred elliptic curve in |
| 354 | the |
| 355 | .B \-C |
| 356 | option (see |
| 357 | .BR key (1) |
| 358 | for details); and create the private keys by |
| 359 | .VS |
| 360 | key add \-aec \-pparam \-talice \e |
| 361 | \-e"now + 1 year" tripe |
| 362 | .VE |
| 363 | .RE |
| 364 | .sv -1 |
| 365 | .TP |
| 366 | .B x25519 |
| 367 | .RS |
| 368 | Use Bernstein's X25519 Diffie\(enHellman function. |
| 369 | This is technically a variant on |
| 370 | the general elliptic curve Diffie\(enHellman |
| 371 | available through the |
| 372 | .B ec |
| 373 | setting, |
| 374 | but carefully designed and heavily optimized. |
| 375 | .PP |
| 376 | To create |
| 377 | .B x25519 |
| 378 | keys, |
| 379 | say something like |
| 380 | .VS |
| 381 | key add \-aempty \-eforever \e |
| 382 | \-tparam tripe\-param kx-group=x25519 |
| 383 | .VE |
| 384 | to construct a parameters key |
| 385 | (see |
| 386 | .BR key (1) |
| 387 | for details); |
| 388 | and create the private keys by |
| 389 | .VS |
| 390 | key add \-ax25519 \-pparam \-talice \e |
| 391 | \-e"now + 1 year" tripe |
| 392 | .VE |
| 393 | .RE |
| 394 | .sv -1 |
| 395 | .TP |
| 396 | .B x448 |
| 397 | .RS |
| 398 | Use Hamburg's X448 Diffie\(enHellman function. |
| 399 | Like |
| 400 | .B x25519 |
| 401 | above, |
| 402 | this is technically a variant on |
| 403 | the general elliptic curve Diffie\(enHellman |
| 404 | available through the |
| 405 | .B ec |
| 406 | setting, |
| 407 | but carefully designed and heavily optimized. |
| 408 | .PP |
| 409 | To create |
| 410 | .B x448 |
| 411 | keys, |
| 412 | say something like |
| 413 | .VS |
| 414 | key add \-aempty \-eforever \e |
| 415 | \-tparam tripe\-param kx-group=x448 |
| 416 | .VE |
| 417 | to construct a parameters key |
| 418 | (see |
| 419 | .BR key (1) |
| 420 | for details); |
| 421 | and create the private keys by |
| 422 | .VS |
| 423 | key add \-ax448 \-pparam \-talice \e |
| 424 | \-e"now + 1 year" tripe |
| 425 | .VE |
| 426 | .RE |
| 427 | Note that the |
| 428 | .BR tripe-keys (8) |
| 429 | program provides a rather more convenient means for generating and |
| 430 | managing keys for |
| 431 | .BR tripe . |
| 432 | .SS "Using other symmetric algorithms" |
| 433 | The default symmetric algorithms |
| 434 | .B tripe |
| 435 | uses are Blowfish (by Schneier) for symmetric encryption, and RIPEMD-160 |
| 436 | (by Dobbertin, Bosselaers and Preneel) for hashing and as a MAC (in HMAC |
| 437 | mode, designed by Bellare, Canetti and Krawczyk). These can all be |
| 438 | overridden by setting attributes on your private key, as follows. |
| 439 | .TP |
| 440 | .B bulk |
| 441 | Names the bulk-crypto transform to use. See below. |
| 442 | .TP |
| 443 | .B blkc |
| 444 | Names a blockcipher, used by some bulk-crypto transforms (e.g., |
| 445 | .BR iiv ). |
| 446 | The default is to use the blockcipher underlying the chosen |
| 447 | .BR cipher , |
| 448 | if any. |
| 449 | .TP |
| 450 | .B cipher |
| 451 | Names the symmetric encryption scheme to use. The default is |
| 452 | .BR blowfish\-cbc . |
| 453 | .TP |
| 454 | .B hash |
| 455 | Names the hash function to use. The default is |
| 456 | .BR rmd160 . |
| 457 | .TP |
| 458 | .B mac |
| 459 | Names the message authentication code to use. The name of the MAC may |
| 460 | be followed by a |
| 461 | .RB ` / ' |
| 462 | and the desired tag length in bits. The default is |
| 463 | .IB hash \-hmac |
| 464 | at half the underlying hash function's output length. |
| 465 | If the MAC's name contains a |
| 466 | .RB ` / ' |
| 467 | character, |
| 468 | e.g., |
| 469 | .RB ` sha512/256 ', |
| 470 | then an |
| 471 | .I additional |
| 472 | .RB ` / ' |
| 473 | and the tag size is required to disambiguate, |
| 474 | so, e.g., |
| 475 | one might write |
| 476 | .RB ` sha512/256/256 '. |
| 477 | .TP |
| 478 | .B mgf |
| 479 | A `mask-generation function', used in the key-exchange. The default is |
| 480 | .IB hash \-mgf |
| 481 | and there's no good reason to change it. |
| 482 | .PP |
| 483 | The available bulk-crypto transforms are as follows. |
| 484 | .TP |
| 485 | .B v0 |
| 486 | Originally this was the only transform available. It's a standard |
| 487 | generic composition of a CPA-secure symmetric encryption scheme with a |
| 488 | MAC; initialization vectors for symmetric encryption are chosen at |
| 489 | random and included explicitly in the cryptogram. |
| 490 | .TP |
| 491 | .B iiv |
| 492 | A newer `implicit-IV' transform. Rather than having an explicit random |
| 493 | IV, the IV is computed from the sequence number using a blockcipher. |
| 494 | This has two advantages over the |
| 495 | .B v0 |
| 496 | transform. Firstly, it adds less overhead to encrypted messages |
| 497 | (because the IV no longer needs to be sent explicitly). Secondly, and |
| 498 | more significantly, the transform is entirely deterministic, so (a) it |
| 499 | doesn't need the (possibly slow) random number generator, and (b) it |
| 500 | closes a kleptographic channel, over which a compromised implementation |
| 501 | could leak secret information to a third party. |
| 502 | .TP |
| 503 | .B aead |
| 504 | A transform based on an all-in-one `authenticated encryption with |
| 505 | additional data' scheme. The scheme is named in the |
| 506 | .B cipher |
| 507 | attribute; the default is |
| 508 | .BR rijndael-ocb3 . |
| 509 | If the |
| 510 | .B mac |
| 511 | attribute is given, it must be either |
| 512 | .B aead |
| 513 | or |
| 514 | .BR aead/ \c |
| 515 | .IR tagsz , |
| 516 | where |
| 517 | .I tagsz |
| 518 | is the desired tag length in bits; alternatively, the tag length can be |
| 519 | set in the |
| 520 | .B tagsz |
| 521 | attribute. The chosen AEAD scheme must accept at least a 64-bit nonce |
| 522 | (this rules out OCB3 and CCM with 64-bit blockciphers); it mustn't |
| 523 | require an absurdly large nonce size (none of the schemes implemented in |
| 524 | Catacomb present a problem here, but it bears mentioning); it must |
| 525 | actually support additional header data (which rules out the |
| 526 | .B naclbox |
| 527 | schemes, but see the |
| 528 | .B naclbox |
| 529 | transform below); and it must produce an empty ciphertext when |
| 530 | encrypting an empty message (again, all of Catacomb's schemes meet this |
| 531 | requirement). |
| 532 | .TP |
| 533 | .B naclbox |
| 534 | A transform based on the NaCl |
| 535 | .B crypto_secretbox |
| 536 | transformation. |
| 537 | The main difference is that NaCl uses XSalsa20, |
| 538 | while TrIPE uses plain Salsa20 or ChaCha, |
| 539 | because it doesn't need the larger nonce space. |
| 540 | You can set the |
| 541 | .B cipher |
| 542 | key attribute to one of |
| 543 | .BR salsa20 , |
| 544 | .BR salsa20/12 , |
| 545 | .BR salsa20/8 , |
| 546 | .BR chacha20 , |
| 547 | .BR chacha12 , |
| 548 | or |
| 549 | .B chacha8 |
| 550 | to select the main cipher. |
| 551 | You can set the |
| 552 | .B mac |
| 553 | key attribute to |
| 554 | .B poly1305 |
| 555 | or |
| 556 | .B poly1305/128 |
| 557 | but these are the default and no other choice is permitted. |
| 558 | (This is for forward compatibility, |
| 559 | in case other MACs and/or tag sizes are allowed later.) |
| 560 | .SS "Other key attributes" |
| 561 | The following attributes can also be set on keys. |
| 562 | .TP |
| 563 | .B serialization |
| 564 | Selects group-element serialization formats. |
| 565 | The recommended setting is |
| 566 | .BR constlen , |
| 567 | which selects a constant-length encoding when hashing group elements. |
| 568 | The default, |
| 569 | for backwards compatibility, is |
| 570 | .BR v0 ; |
| 571 | but this is deprecated. |
| 572 | (The old format uses a variable length format for hashing, |
| 573 | which can leak information through timing.) |
| 574 | .SS "Using SLIP interfaces" |
| 575 | Though not for the faint of heart, it is possible to get |
| 576 | .B tripe |
| 577 | to read and write network packets to a pair of file descriptors using |
| 578 | SLIP encapsulation. No fancy header compression of any kind is |
| 579 | supported. |
| 580 | .PP |
| 581 | Two usage modes are supported: a preallocation system, whereby SLIP |
| 582 | interfaces are created and passed to the |
| 583 | .B tripe |
| 584 | server at startup; and a dynamic system, where the server runs a script |
| 585 | to allocate a new SLIP interface when it needs one. It is possible to |
| 586 | use a mixture of these two modes, starting |
| 587 | .B tripe |
| 588 | with a few preallocated interfaces and having it allocate more |
| 589 | dynamically as it needs them. |
| 590 | .PP |
| 591 | The behaviour of |
| 592 | .BR tripe 's |
| 593 | SLIP driver is controlled by the |
| 594 | .B TRIPE_SLIPIF |
| 595 | environment variable. The server will not create SLIP tunnels if this |
| 596 | variable is not defined. The variable's value is a colon-delimited list |
| 597 | of preallocated interfaces, followed optionally by the filename of a |
| 598 | script to run to dynamically allocate more interfaces. |
| 599 | .PP |
| 600 | A static allocation entry has the form |
| 601 | .IR infd [ \c |
| 602 | .BI , outfd \c |
| 603 | .RB ] \c |
| 604 | .BI = \c |
| 605 | .IR ifname , |
| 606 | If the |
| 607 | .I outfd |
| 608 | is omitted, the same file descriptor is used for input and output. |
| 609 | .PP |
| 610 | The dynamic allocation script must be named by an absolute or relative |
| 611 | pathname, beginning with |
| 612 | .RB ` / ' |
| 613 | or |
| 614 | .RB ` . '. |
| 615 | The server will pass the script an argument, which is the name of the |
| 616 | peer for which the interface is being created. The script should |
| 617 | allocate a new SLIP interface (presumably by creating a pty pair), |
| 618 | configure it appropriately, and write the interface's name to its |
| 619 | standard output, followed by a newline. It should then read and write |
| 620 | SLIP packets on its stdin and stdout. The script's stdin will be closed |
| 621 | when the interface is no longer needed, and the server will attempt to |
| 622 | send it a |
| 623 | .B SIGTERM |
| 624 | signal (though this may fail if the script runs with higher privileges |
| 625 | than the server). |
| 626 | .PP |
| 627 | The output file descriptor should not block unless it really needs to: |
| 628 | the |
| 629 | .B tripe |
| 630 | daemon assumes that it won't, and will get wedged waiting for it to |
| 631 | accept output. |
| 632 | .SS "About the name" |
| 633 | The program's name is |
| 634 | .BR tripe , |
| 635 | all in lower-case. The name of the protocol it uses is `TrIPE', with |
| 636 | four capital letters and one lower-case. The name stands for `Trivial |
| 637 | IP Encryption'. |
| 638 | . |
| 639 | .\"-------------------------------------------------------------------------- |
| 640 | .SH "BUGS" |
| 641 | . |
| 642 | The code hasn't been audited. It may contain security bugs. If you |
| 643 | find one, please inform the author |
| 644 | .IR immediately . |
| 645 | . |
| 646 | .\"-------------------------------------------------------------------------- |
| 647 | .SH "SEE ALSO" |
| 648 | . |
| 649 | .BR key (1), |
| 650 | .BR tripectl (1), |
| 651 | .BR tripe\-admin (5), |
| 652 | .BR tripe\-keys (8). |
| 653 | .PP |
| 654 | .IR "The Trivial IP Encryption Protocol" , |
| 655 | .IR "The Wrestlers Protocol" . |
| 656 | . |
| 657 | .\"-------------------------------------------------------------------------- |
| 658 | .SH "AUTHOR" |
| 659 | . |
| 660 | Mark Wooding, <mdw@distorted.org.uk> |
| 661 | . |
| 662 | .\"----- That's all, folks -------------------------------------------------- |