X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/80a1137431b5f1e52b1edd192a498669325d6ec2..4a3882945f605704ede113a9fe98cd19a92363a7:/server/tripe-admin.5.in diff --git a/server/tripe-admin.5.in b/server/tripe-admin.5.in index 81dd570d..f066ae6d 100644 --- a/server/tripe-admin.5.in +++ b/server/tripe-admin.5.in @@ -361,6 +361,21 @@ Run the command in the background, using the given Don't send an immediate challenge to the peer; instead, wait until it sends us something before responding. .TP +.B "\-ephemeral" +The association with the peer is not intended to persist indefinitely. +If a peer marked as ephemeral is killed, or the +.BR tripe (8) +daemon is shut down, send a +.B bye +packet to the peer so that it forgets about us; if a peer marked as +ephemeral sends us a +.B bye +packet then it is killed (but in this case no further +.B bye +packet is sent). Peers not marked as ephemeral exhibit neither of these +behaviours; each peer must have the other marked as ephemeral for the +association to be fully torn down if either end kills the other. +.TP .BI "\-keepalive " time Send a no-op packet if we've not sent a packet to the peer in the last .I time @@ -382,6 +397,26 @@ Use the public key to authenticate the peer. The default is to use the key tagged .IR peer . .TP +.BI "\-knock \fR[" prefix .\fR] tag +Send the string +.RI [ prefix\fB. ] tag +in +.B token-rq +and +.B knock +messages to the peer during key-exchange. The string as a whole should +name the local machine to the peer, and +.I tag +should name its public key. When such messages are received from a +currently unknown peer, +.BR tripe (8) +emits a +.B KNOCK +notification stating the peer's (claimed) name and address. The server +will already have verified that the sender is using the peer's private +key by this point. This option implies +.BR \-ephemeral . +.TP .B "\-mobile" The peer is a mobile device, and is likely to change address rapidly. If a packet arrives from an unknown address, the server's usual response @@ -390,7 +425,8 @@ peers, however, it will attempt to decrypt the packet using their keys, and if one succeeds, the server will update its idea of the peer's address and emit an .B NEWADDR -notification. +notification. This option implies +.BR \-ephemeral . .TP .BI "\-priv " tag Use the private key @@ -605,6 +641,16 @@ The tunnel driver used for this peer. The keepalive interval, in seconds, or zero if no keepalives are to be sent. .TP +.B knock +If present, the string sent to the peer to set up the association; see +the +.B \-knock +option to +.BR ADD , +and the +.B KNOCK +notification. +.TP .B key The (short) key tag being used for the peer, as passed to the .B ADD @@ -643,6 +689,14 @@ or .B nil depending on whether or not (respectively) the peer is expected to change its address unpredictably. +.TP +.B ephemeral +Either +.B t +or +.B nil +depending on whether the association with the peer is expected to be +temporary or persistent (respectively). .RE .SP .BI "PING \fR[" options "\fR] " peer @@ -1223,6 +1277,12 @@ The peer .I peer has been killed. .SP +.BI "KNOCK " peer " " address +The currently unknown +.I peer +is attempting to connect from +.IR address . +.SP .BI "KXDONE " peer Key exchange with .I peer @@ -1439,6 +1499,11 @@ A key named .I tag couldn't be found in the keyring. .SP +.BI "KEYMGMT " which "-keyring " file " unknown-key-id 0x" keyid +A key with the given +.I keyid +(in hex) was requested but not found. +.SP .BI "KEYMGMT " which "-keyring " file " line " line " " message The contents of the keyring file are invalid. There may well be a bug in the @@ -1460,8 +1525,11 @@ is one of the tokens .BR challenge , .BR reply , .BR switch-rq , -or .BR switch-ok . +.BR token-rq , +.BR token , +or +.BR knock . .SP .BI "KX " peer " algorithms-mismatch local-private-key " privtag " peer-public-key " pubtag The algorithms specified in the peer's public key @@ -1576,6 +1644,10 @@ An error occurred trying to read an incoming packet. An error occurred attempting to send a network packet. We lost that one. .SP +.BI "PEER " address\fR... " socket-write-error " ecode " " message +An error occurred attempting to send a network packet. We lost that +one. +.SP .BI "PEER " peer " unexpected-encrypted-ping 0x" id The peer sent an encrypted ping response whose id doesn't match any outstanding ping. Maybe it was delayed for longer than the server was