.\"
.\" This file is part of Trivial IP Encryption (TrIPE).
.\"
-.\" TrIPE is free software; you can redistribute it and/or modify
-.\" it under the terms of the GNU General Public License as published by
-.\" the Free Software Foundation; either version 2 of the License, or
-.\" (at your option) any later version.
+.\" TrIPE is free software: you can redistribute it and/or modify it under
+.\" the terms of the GNU General Public License as published by the Free
+.\" Software Foundation; either version 3 of the License, or (at your
+.\" option) any later version.
.\"
-.\" TrIPE is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-.\" GNU General Public License for more details.
+.\" TrIPE is distributed in the hope that it will be useful, but WITHOUT
+.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+.\" for more details.
.\"
.\" You should have received a copy of the GNU General Public License
-.\" along with TrIPE; if not, write to the Free Software Foundation,
-.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+.\" along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
.
.\"--------------------------------------------------------------------------
.so ../common/defs.man \" @@@PRE@@@
.
.\"--------------------------------------------------------------------------
-.TH tripe-admin 5 "18 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
+.TH tripe-admin 5tripe "18 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
.B hashsz
The size of the hash function's output, in octets.
.TP
+.B bulk-transform
+The name of the bulk-crypto transform.
+.TP
+.B bulk-overhead
+The amount of overhead, in bytes, caused by the crypto transform.
+.TP
.B cipher
The name of the bulk data cipher in use, e.g.,
.BR blowfish-cbc .
.TP
.B mac
The message authentication algorithm in use, e.g.,
-.BR ripemd160-hmac ..
+.BR ripemd160-hmac .
.TP
.B mac-keysz
The length of the key used by the message authentication algorithm, in
.TP
.B mac-tagsz
The length of the message authentication tag, in octets.
+.TP
+.B blkc
+The block cipher in use, e.g.,
+.BR blowfish .
+.TP
+.B blkc-keysz
+The length of key used by the block cipher, in octets.
+.TP
+.B blkc-blksz
+The block size of the block cipher.
.PP
The various sizes are useful, for example, when computing the MTU for a
tunnel interface. If
is the MTU of the path to the peer, then the tunnel MTU should be
.IP
.I MTU
-\- 33 \-
-.I cipher-blksz
-\-
-.I mac-tagsz
+\- 29 \-
+.I bulk-overhead
.PP
allowing 20 bytes of IP header, 8 bytes of UDP header, a packet type
-octet, a four-octet sequence number, an IV, and a MAC tag.
+octet, and the bulk-crypto transform overhead (which includes the
+sequence number).
.RE
.SP
.BI "BGCANCEL " tag
.SP
.B "DAEMON"
Causes the server to disassociate itself from its terminal and become a
-background task. This only works once. A warning is issued.
+background task. This only works once. A notification is issued.
.SP
.BI "EPING \fR[" options "\fR] " peer
Sends an encrypted ping to the peer, and expects an encrypted response.
.B private-key
The private key tag being used for the peer, as passed to the
.B ADD
-command.
+command, or the
+.RB ` \-t '
+command-line option. If neither of these was given explicitly, the
+private key tag is shown as
+.RB ` (default) ',
+since there is no fixed tag used under these circumstances.
.TP
.B current-private-key
The full key tag of the private key currently being used for this
association. This may change during the life of the association.
+.TP
+.B corked
+Either
+.B t
+or
+.B nil
+depending on whether or not (respectively) key-exchange is waiting for
+the peer to initiate.
+.TP
+.B mobile
+Either
+.B t
+or
+.B nil
+depending on whether or not (respectively) the peer is expected to
+change its address unpredictably.
.RE
.SP
.BI "PING \fR[" options "\fR] " peer
names: a setup script for a particular peer can change the name, and
then update the server's records so that they're accurate.
.SP
+.BI "STATS " peer
+Emits a number of
+.B INFO
+lines, each containing one or more statistics in the form
+.IB name = value \fR.
+The statistics-gathering is experimental and subject to change.
+.SP
.BI "SVCCLAIM " service " " version
Attempts to claim the named
.IR service ,
.RE
.\"-opts
.SP
-.BI "STATS " peer
-Emits a number of
-.B INFO
-lines, each containing one or more statistics in the form
-.IB name = value \fR.
-The statistics-gathering is experimental and subject to change.
-.SP
.BR "TRACE " [\fIoptions\fP]
Selects trace outputs: see
.B "Trace lists"
(For commands accepting socket addresses.) The address couldn't be
understood.
.SP
+.BI "bad-base64 " message
+(For commands accepting Base64-encoded input.) The Base64-encoded
+string was invalid.
+.SP
.BI "bad-syntax " cmd " " message
(For any command.) The command couldn't be understood: e.g., the number
of arguments was wrong.
.I port
couldn't be found in
.BR /etc/services .
-.TP
+.SP
.BI "unknown-service " service
(For
.BR SVCENSURE ,
The token
.I service
is not recognized as the name of a client-provided service.
-.TP
+.SP
.BI "unknown-tag " tag
(For
.BR BGCANCEL .)
tag may be given next, preceded by the token
.BR key .
.SP
+.BI "KEYMGMT private-keyring " file " key " tag " incorrect-public-key"
+The private key doesn't record the correct corresponding public key.
+.SP
.BI "KEYMGMT public-keyring " file " key " tag " algorithm-mismatch"
A peer's public key doesn't request the same algorithms as our private
key.
.BI "KEYMGMT " which "-keyring " file " io-error " ecode " " message
A system error occurred while opening or reading the keyring file.
.SP
+.BI "KEYMGMT " which "-keyring " file " key " tag " unknown-bulk-transform " bulk
+The key specifies the use of an unknown bulk-crypto transform
+.IR bulk .
+Maybe the key was generated wrongly, or maybe the version of Catacomb
+installed is too old.
+.SP
.BI "KEYMGMT " which "-keyring " file " key " tag " unknown-cipher " cipher
The key specifies the use of an unknown symmetric encryption algorithm
.IR cipher .
for mask generation. Maybe the key was generated wrongly, or maybe the
version of Catacomb installed is too old.
.SP
+.BI "KEYMGMT " which "-keyring " file " key " tag " unknown-serialization-format " ser
+The key specifies the use of an unknown serialization format
+.I ser
+for hashing group elements. Maybe the key was generated wrongly, or
+maybe the version of Catacomb installed is too old.
+.SP
.BI "KEYMGMT " which "-keyring " file " key " tag " no-hmac-for-hash " hash
No message authentication code was given explicitly, and there's no
implementation of HMAC for the selected hash function