X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/534d264945c6a0c9d1d4d6fe0f124042e75aa900..18969e42a11e11ef8a3ea81eaf0038e8e74e004d:/server/tripe-admin.5.in diff --git a/server/tripe-admin.5.in b/server/tripe-admin.5.in index ba29f123..3e7bd8ef 100644 --- a/server/tripe-admin.5.in +++ b/server/tripe-admin.5.in @@ -571,10 +571,24 @@ responses are the same as for the .B PING command. .SP -.BI "FORCEKX " peer +.BI "FORCEKX \fR[" options "\fR] " peer Requests the server to begin a new key exchange with .I peer -immediately. +immediately. The following options are recognized. +.RS +.\"+opts +.TP +.B "\-quiet" +Don't actually start a new key exchange; just quietly mark any previous +key exchange as stale so that a fresh attempt from the peer will +succeed. This is was introduced for use during testing, but it's also +useful when a remote peer has forgotten about us: it would be +annoying if, once it's learns about us and tries to reinitiate a key +exchange, we ignore it because we think we've already done one recently; +on the other hand, forcing a key exchange before the remote peer has +been reinformed about us is a waste of packets. +.\"-opts +.RE .SP .B "GETCHAL" Requests a challenge. The challenge is returned in an @@ -620,7 +634,18 @@ message is sent to the peer if it's marked as .B "\-ephemeral" \(en see the .B "ADD" -command. +command. The following options are +recognized. +.RS +.\"+opts +.TP +.B "\-quiet" +Suppress any +.B bye +message to an ephemeral peer: just quietly forget about it. This is +used during testing, and is not expected to be generally useful. +.\"-opts +.RE .SP .B "LIST" For each currently-known peer, an @@ -1064,7 +1089,9 @@ string was invalid. of arguments was wrong. .SP .BI "bad-time-spec " token -The +(For commands accepting a +.I time +argument.) The .I token is not a valid time interval specification. Acceptable time specifications are nonnegative integers followed optionally by @@ -1090,6 +1117,12 @@ An unknown watch option was requested. .BR DAEMON .) An error occurred during the attempt to become a daemon, as reported by .IR message . +See +.B WARNINGS +below for the meanings of +.I ecode +and +.IR message . .SP .BI "disabled-address-family " afam (For @@ -1133,6 +1166,8 @@ There is already a peer named .IR peer . .SP .B "ping-send-failed" +(For +.BR EPING .) The attempt to send a ping packet failed, probably due to lack of encryption keys. .SP @@ -1443,7 +1478,7 @@ command or in greeting packets. .SP .B "CHAL impossible-challenge" The server hasn't issued any challenges yet. Quite how anyone else -thought he could make one up is hard to imagine. +thought they could make one up is hard to imagine. .SP .B "CHAL incorrect-tag" Challenge received contained the wrong authentication data. It might be @@ -1506,8 +1541,9 @@ implementation of HMAC for the selected hash function .BI "KEYMGMT " which "-keyring " file " key " tag " unknown-bulk-transform " bulk The key specifies the use of an unknown bulk-crypto transform .IR bulk . -Maybe the key was generated wrongly, or maybe the version of Catacomb -installed is too old. +Maybe the key was generated wrongly, or maybe the version of +.BR tripe (8) +is too old. .SP .BI "KEYMGMT " which "-keyring " file " key " tag " unknown-cipher " cipher The key specifies the use of an unknown symmetric encryption algorithm @@ -1544,7 +1580,9 @@ version of Catacomb installed is too old. The key specifies the use of an unknown serialization format .I ser for hashing group elements. Maybe the key was generated wrongly, or -maybe the version of Catacomb installed is too old. +maybe the version of +.BR tripe (8) +is too old. .SP .BI "KEYMGMT " which "-keyring " file " key " tag " unsuitable-aead-cipher " cipher "no-aad" The key specifies the use of an authenticated encryption scheme @@ -1566,10 +1604,9 @@ use the .B naclbox bulk transform rather than .B aead -for these -(or switch to the IETF +for these, or switch to one of the IETF .IB cipher -poly1305 -schemes instead). +schemes instead. .SP .BI "KEYMGMT " which "-keyring " file " key " tag " unsuitable-aead-cipher " cipher "nonce-too-small" The key specifies the use of an authenticated encryption scheme