X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/067aa5f013dd6108e81c1df0c2ed19491802bc69..11586be23b78ec23a6a22cc7fa9f8970a3935782:/server/tripe-admin.5.in

diff --git a/server/tripe-admin.5.in b/server/tripe-admin.5.in
index c81dc111..bd0635e5 100644
--- a/server/tripe-admin.5.in
+++ b/server/tripe-admin.5.in
@@ -251,21 +251,50 @@ the meanings of the subsequent tokens depend on the address family.
 Address family tokens are not case-sensitive on input; on output, they
 are always in upper-case.
 .PP
-At present, only one address family is understood.
+The following address families are recognized.
+.TP
+.BI "ANY " address " \fR[" port \fR]
+An address and port number for any supported address family.  On output,
+.B tripe
+never uses this form.  On input, the
+.I address
+is examined: if it is a numeric address for some recognized address
+family, then it is interpreted as such; otherwise it is looked up using
+the DNS (in the background).  The background resolver's address-sorting
+rules apply, and
+.B tripe
+simply takes the first address in the returned list which is of a
+supported address family.  Symbolic port numbers are permitted; if
+omitted, the default port 4070 is used.
 .TP
 .BI "INET " address " \fR[" port \fR]
 An Internet socket, naming an IPv4 address and UDP port.  On output, the
-address is always in numeric dotted-quad form, and the port is given as
-a plain number.  On input, DNS hostnames and symbolic port names are
-permitted; if omitted, the default port 4070 is used.  Name resolution
-does not block the main server, but will block the requesting client,
-unless the command is run in the background.
+.I address
+is always in numeric dotted-quad form, and the
+.I port
+is given as a plain decimal number.  On input, DNS hostnames and
+symbolic port names are permitted; if omitted, the default port 4070 is
+used.
+.TP
+.BI "INET6 " address " \fR[" port \fR]
+An Internet socket, naming an IPv6 address and UDP port.  On output, the
+.I address
+is always in numeric hex-and-colons form, and the
+.I port
+is given as a plain decimal number.  On input, DNS hostnames and
+symbolic port names may be permitted, depending on how
+.B tripe
+was compiled; if omitted, the default port 4070 is used.
 .PP
 If, on input, no recognized address family token is found, the following
 tokens are assumed to represent an
-.B INET
+.B ANY
 address.  Addresses output by the server always have an address family
-token.
+token, and do not use
+.BR ANY .
+.PP
+Name resolution never blocks the main server, but will block the
+requesting client, unless the command is run in the background.
 .SS "Key-value output"
 Some commands (e.g.,
 .B STATS
@@ -507,12 +536,16 @@ tunnel interface.  If
 is the MTU of the path to the peer, then the tunnel MTU should be
 .IP
 .I MTU
-\- 29 \-
+\-
+.I header-length
+\- 9 \-
 .I bulk-overhead
 .PP
-allowing 20 bytes of IP header, 8 bytes of UDP header, a packet type
-octet, and the bulk-crypto transform overhead (which includes the
-sequence number).
+allowing
+.I header-length
+= 20 (IPv4) or 40 (IPv6) bytes of IP header, 8 bytes of UDP header, a
+packet type octet, and the bulk-crypto transform overhead (which
+includes the sequence number).
 .RE
 .SP
 .BI "BGCANCEL " tag
@@ -717,12 +750,18 @@ given, seconds are assumed.
 .RE
 .SP
 .B "PORT"
+.RI [ family ]
 Emits an
 .B INFO
 line containing just the number of the UDP port used by the
 .B tripe
-server.  If you've allowed your server to allocate a port dynamically,
-this is how to find out which one it chose.
+server, for the given address
+.I family
+(or one chosen arbitrarily if omitted -- though
+.B tripe
+tries to use the same port number consistently so this is not a likely
+problem in practice).  If you've allowed your server to allocate a port
+dynamically, this is how to find out which one it chose.
 .SP
 .B "RELOAD"
 Instructs the server to recheck its keyring files.  The server checks
@@ -1048,6 +1087,15 @@ An unknown watch option was requested.
 An error occurred during the attempt to become a daemon, as reported by
 .IR message .
 .SP
+.BI "disabled-address-family " afam
+(For
+.B ADD
+and
+.BR PORT .)
+The address family
+.I afam
+is supported, but was disabled using command-line arguments.
+.SP
 .BI "invalid-port " number
 (For
 .BR ADD .)
@@ -1133,6 +1181,13 @@ is available, which does not meet the stated requirements.
 .I tag
 is already the tag of an outstanding job.
 .SP
+.BI "unknown-address-family " afam
+(For
+.BR PORT .)
+The address family
+.I afam
+is unrecognized.
+.SP
 .BI "unknown-command " token
 The command
 .I token
@@ -1304,6 +1359,16 @@ core in its configuration directory.
 .BI "ABORT repeated-select-errors"
 The main event loop is repeatedly failing.  If the server doesn't quit,
 it will probably waste all available CPU doing nothing.
+.SP
+.BI "ABORT hash-size-too-large hash " name " size " sz " limit " max
+An internal inconsistency: the hash function
+.I name
+produces a
+.IR sz -byte
+hash, but the server has been compiled to assume that no hash function
+returns more than
+.I max
+bytes.
 .SS "ADMIN warnings"
 These indicate a problem with the administration socket interface.
 .SP
@@ -1314,6 +1379,59 @@ client.
 .BI "ADMIN client-write-error " ecode " " message
 There was an error sending data to a client.  The connection to the
 client has been closed.
+.SP
+.BI "ADMIN admin-socket " path " already-in-use"
+The server failed to create the Unix-domain socket object in the
+filesystem, because there's already a socket there, and some other
+process is actively listening for incoming connections.
+.SP
+.BI "ADMIN admin-socket " path " bind-failed " ecode " " message
+The server failed to create the Unix-domain socket object in the
+filesystem for an unusual reason.  (The usual reason is
+.BR EADDRINUSE ,
+but this is handled specially.)
+.SP
+.BI "ADMIN admin-socket " path " chmod-failed " ecode " " message
+The server failed to set the correct permissions of the Unix-domain
+socket object.
+.SP
+.BI "ADMIN admin-socket " path " chown-failed " ecode " " message
+The server failed to set the correct ownership of the Unix-domain socket
+object.
+.SP
+.BI "ADMIN admin-socket " path " create-failed " ecode " " message
+The server failed to create its administration socket.  This is usually
+because some system resource is unavailable.
+.SP
+.BI "ADMIN admin-socket " path " listen-failed " ecode " " message
+The server failed to arrange to receive incoming connections on its
+Unix-domain socket.
+.SP
+.BI "ADMIN admin-socket " path " name-too-long"
+The server can't create its administration socket, because the chosen
+pathname
+.I path
+is too long.  There is, for historical reasons, a rather tight limit on
+the length of name permitted for Unix-domain sockets, usually around 108
+bytes.
+.SP
+.BI "ADMIN admin-socket " path " stat-failed " ecode " " message
+The server failed to create the Unix-domain socket object in the
+filesystem, because there's already something there, but the server
+couldn't discover what.
+.SP
+.BI "ADMIN admin-socket " path " too-many-retries"
+The server failed to create the Unix-domain socket object in the
+filesystem.  This error indicates that another process is also
+repeatedly trying to create a Unix-domain socket at the same
+.IR path ,
+and then failing to actually listen for connections on it, but the
+server always loses the applicable race for some reason.  This situation
+merits investigation.
+.SP
+.BI "ADMIN adns-init-failed " ecode " " message
+The server failed to initialize the ADNS asynchronous DNS-resolution
+library.
 .SS "CHAL warnings"
 These indicate errors in challenges, either in the
 .B CHECKCHAL
@@ -1589,10 +1707,32 @@ An error occurred trying to read an incoming packet.
 An error occurred attempting to send a network packet.  We lost that
 one.
 .SP
+.BI "PEER " address\fR... " disabled-address-family"
+An attempt was made to send a packet to an address for which support was
+switched off by command-line options.
+.SP
 .BI "PEER " address\fR... " socket-write-error " ecode " " message
 An error occurred attempting to send a network packet.  We lost that
 one.
 .SP
+.BI "PEER \- udp-socket " address-family " bind-failed " ecode " " message
+The server failed to associate a UDP socket with a local address.
+.SP
+.BI "PEER \- udp-socket " address-family " create-failed " ecode " " message
+The server failed to create a UDP socket for the
+.IR address-family .
+.SP
+.BI "PEER \- udp-socket " address-family " read-local-address-failed " ecode " " message
+The server failed to discover the local address for one of its own UDP
+sockets.
+.SP
+.BI "PEER \- udp-socket " address-family " set-buffers-failed " ecode " " message
+The server failed to configure appropriate buffer sizes on a UDP socket.
+.SP
+.BI "PEER \- udp-socket INET6 set-v6only-failed " ecode " " message
+The server failed to configure an IPv6 socket not to try to collect IPv4
+traffic too.
+.SP
 .BI "PEER " peer " unexpected-encrypted-ping 0x" id
 The peer sent an encrypted ping response whose id doesn't match any
 outstanding ping.  Maybe it was delayed for longer than the server was
@@ -1652,6 +1792,10 @@ The server failed to send a message to the helper process.
 The helper process sent back a positive response, but didn't include the
 requested tunnel descriptor.
 .SP
+.BI "PRIVSEP socketpair-create-failed " ecode " " message
+The server couldn't create the socketpair it's supposed to use to
+communicate with the helper process.
+.SP
 .BI "PRIVSEP unknown-response-code"
 The helper process sent back an incomprehensible reply.  It's probably
 very confused and may crash.
@@ -1678,6 +1822,9 @@ A client of the administration interface issued a
 .B QUIT
 command.
 .SP
+.BI "SERVER daemon-error " ecode " " message
+The server failed to become a daemon during initialization.
+.SP
 .BI "SERVER quit foreground-eof"
 The server is running in foreground mode (the
 .B \-F
@@ -1733,6 +1880,11 @@ Writing from the tunnel device failed.
 The SLIP driver encountered a escaped byte it wasn't expecting to see.
 The erroneous packet will be ignored.
 .SP
+.BI "TUN \- slip bad-interface-list"
+The interface list, in the
+.B TRIPE_SLIPIF
+environment variable, is malformed.
+.SP
 .BI "TUN " ifname " slip eof"
 The SLIP driver encountered end-of-file on its input descriptor.
 Pending data is discarded, and no attempt is made to read any more data