3 .\" Manual for the conntrack service
5 .\" (c) 2010 Straylight/Edgeware
8 .\"----- Licensing notice ---------------------------------------------------
10 .\" This file is part of Trivial IP Encryption (TrIPE).
12 .\" TrIPE is free software: you can redistribute it and/or modify it under
13 .\" the terms of the GNU General Public License as published by the Free
14 .\" Software Foundation; either version 3 of the License, or (at your
15 .\" option) any later version.
17 .\" TrIPE is distributed in the hope that it will be useful, but WITHOUT
18 .\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
19 .\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 .\" You should have received a copy of the GNU General Public License
23 .\" along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
25 .\"--------------------------------------------------------------------------
26 .so ../common/defs.man \"@@@PRE@@@
28 .\"--------------------------------------------------------------------------
29 .TH conntrack 8tripe "8 January 2007" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
31 .\"--------------------------------------------------------------------------
34 conntrack \- tripe service to start/stop peers depending on external connectivity
36 .\"--------------------------------------------------------------------------
52 .\"--------------------------------------------------------------------------
57 service watches D-Bus network management services like
58 .BR NetworkManager (8),
63 bringing peers up and down automatically. It's designed to be useful on
64 a mobile device, such as a laptop; I expect servers to stay where
65 they're put and be configured statically.
69 service reads a configuration file, by default
71 explaining which peers to bring up under which circumstances. The
72 configuration file is automatically re-read if it's changed.
75 configuration is split into sections, each describing a
77 A section begins with the peer group name in square brackets:
81 The group name is entirely arbitrary, and affects nothing else. This is
82 followed by peer definitions, each of which looks like this:
90 This means that the peer
92 should be selected if the host's current IP address is within one of the
94 .IB network / mask \fR.
97 is an IP address in dotted-quad form, and
99 is a netmask, either in dotted-quad form, or as a number of 1-bits.
100 Only one peer in each group may be connected at any given time; if a
101 change is needed, any existing peer in the group is killed before
102 connecting the new one. If no match is found in a particular group,
103 then no peers in the group are connected. Strange and unhelpful things
104 will happen if you put the same peer in several different groups.
110 are special and mean that no peer from the group should be active. This
111 is useful for detecting a `home' network, where a VPN is unnecessary
112 (or, worse, break routing completely).
114 The notion of `current IP address' is somewhat vague. The
116 service calculates it as the source address that the host would put on
117 an IP packet sent to an arbitrarily chosen remote address. The default
118 remote address is 1.2.3.4 (which is unlikely ever to be assigned); this
119 should determine an IP address on the network interface closest to the
120 default gateway. You can influence this process in two ways. Firstly,
121 you can change the default remote address used by adding a line
126 before the first peer group section. Secondly, you can specify a
129 to use when checking whether a particular peer is applicable.
131 The peer definitions in each group are checked in the order given, and
132 searching stops as soon as a match is found.
134 Peers are connected using the
138 .B SVCSUBMIT connect active
141 In addition to the standard options described in
142 .BR tripe-service (7),
143 the following command-line options are recognized.
145 .BI "\-f, \-\-config=" file
148 as the configuration file. In the absence of this option, the
151 in the current working directory is used instead.
153 .\"--------------------------------------------------------------------------
154 .SH "SERVICE COMMAND REFERENCE"
156 .\"* 10 Service commands
157 The commands provided by the service are as follows.
159 .BI "up " reason\fR...
160 Informs the service that the network connection has been established:
161 peer groups should be connected. The
163 is quoted in the status notification.
165 .BI "down " reason\fR...
166 Informs the service that the network connection has been lost:
167 peer groups should be disconnected. The
169 is quoted in the status notification.
171 .\"--------------------------------------------------------------------------
174 .\"* 30 Notification broadcasts (NOTE codes)
175 All notifications issued by
177 begin with the tokens
178 .BR "USER conntrack" .
180 .BI "USER conntrack dbus-connection " status
181 The service's connection to D-Bus has changed state. The
183 is one of the following.
187 Initially trying to connect.
190 Successfully established a connection to the bus.
193 A connection has been lost.
196 The service's internal state machine is confused.
199 .BI "USER conntrack " up \fR| down " " group = peer\fR... " " reason\fR...
200 The network connection has apparently gone up or down, and
202 is about to kill and/or connect peers accordingly: for each group, the
203 selected peer is listed; if a group is not listed, then either the group
204 is to be brought down, or no matching peer was found. The
206 is one of the following.
209 .BI "connman initially-" state
210 ConnMan was detected on startup, and is in the given
215 ConnMan has transitioned to
217 The possible states are:
219 (the network is turned off by user request);
221 (no network interfaces are active);
223 (an interface is up but not fully configured); and
225 (an interface is up and configured).
227 .BI "icd connected " iap
228 Maemo ICd has acquired an active network connection, identified by
232 Maemo ICd has lost its active network connection.
234 .BI "icd initially-connected " iap
235 Maemo ICd was detected on startup, and has an active network connection
239 .B "icd initially-disconnected"
240 Maemo ICd was detected on startup, and has no active network connection.
243 A change was detected during
245 periodic status check. This usually means that the network connection
246 was reconfigured manually without informing
249 .BI "manual " reason\fR...
250 The connection status was changed manually, using the
257 NetworkManager has acquired an active network connection.
259 .B "nm default-connection-change"
260 NetworkManager has changed its default route.
263 NetworkManager has lost its active network connection.
265 .B "nm initially-connected"
266 NetworkManager was detected on startup, and has an active network
269 .B "nm initially-disconnected"
270 NetworkManager was detected on startup, and has no active network
274 .\"--------------------------------------------------------------------------
277 .\"* 40 Warning broadcasts (WARN codes)
278 All warnings issued by
280 begin with the tokens
281 .BR "USER conntrack" .
283 .BI "USER conntrack config-file-error " exception " " error-text
284 The configuration file is invalid. The
286 token names a Python exception; the
288 describes the problem encountered, though it may not be very useful.
290 .BI "USER conntrack connect-failed " peer " " tokens\fR...
291 An attempt to connect the named
293 failed; the error message is given by the
296 .\"--------------------------------------------------------------------------
301 .\"--------------------------------------------------------------------------
304 .BR tripe-service (7),
309 .\"--------------------------------------------------------------------------
312 Mark Wooding, <mdw@distorted.org.uk>
314 .\"----- That's all, folks --------------------------------------------------