Mark Wooding [Tue, 26 Sep 2017 10:35:07 +0000 (11:35 +0100)]
contrib/README: Add missing descriptions of things added over the years.
Mark Wooding [Tue, 26 Sep 2017 10:34:42 +0000 (11:34 +0100)]
contrib/README: Fix typo.
Mark Wooding [Tue, 26 Sep 2017 10:24:05 +0000 (11:24 +0100)]
contrib/: Add copyright notices to contributed scripts.
Mark Wooding [Fri, 15 Sep 2017 10:36:10 +0000 (11:36 +0100)]
Upgrade licence to GPLv3+.
Also, sneaky fixes:
* Fix Debian copyright files for `pkstream' and `pathmtu', which I'd
failed to notice before.
* Fix blank line in `uslip/tripe-uslip.1.in'.
Mark Wooding [Thu, 14 Jun 2018 09:31:02 +0000 (10:31 +0100)]
configure.ac: Abolish use of `libtool'.
It's not needed now that we're using Lua for the Wireshark dissector.
Mark Wooding [Tue, 22 Aug 2017 00:51:18 +0000 (01:51 +0100)]
debian/control: Only require Wireshark things for binary-indep build.
Mark Wooding [Wed, 16 Aug 2017 04:03:58 +0000 (05:03 +0100)]
debian/: Use `dh_python2' for packaging.
Mark Wooding [Wed, 16 Aug 2017 04:03:05 +0000 (05:03 +0100)]
debian/copyright, .mailmap: Convert to machine-readable format.
Mark Wooding [Wed, 16 Aug 2017 04:47:18 +0000 (05:47 +0100)]
debian/: Redo the multiarch support for Debhelper 9.
Mark Wooding [Wed, 16 Aug 2017 04:05:51 +0000 (05:05 +0100)]
Revert "debian/: Update for Debhelper 10."
This reverts commit
273e441860916146b0069e977c5ee9b58de0ba74.
Mark Wooding [Mon, 10 Jul 2017 10:31:05 +0000 (11:31 +0100)]
debian/: Update for Debhelper 10.
Possibly controversially: I've forced the libdir back to `/usr/lib',
without an architecture-specific subdirectory. This makes it easy for
architecture-independent packages to drop things into appropriate
subdirectories, while still /permitting/ architecture-dependent services
and similar.
Relatedly, though, move the `pkg-config' dropping into `/usr/share' by
default.
Mark Wooding [Mon, 10 Jul 2017 10:12:11 +0000 (11:12 +0100)]
wireshark/: Replace ancient dissector with a new one written in Lua.
This is mostly a good thing.
+ It work with both Wireshark 1.11 and 2. The old C code would have
to choose between the two, and I couldn't easily tell how shiny a
version of Wireshark I'd be pinning my colours to.
+ It actually dissects the TrIPE protocol as it currently is,
including all of the group element encodings and bulk crypto
transforms.
+ It'll be relatively easy to /keep/ the new dissector up-to-date
relative to protocol changes.
- It won't run as quickly -- but Lua has a reputation for being quite
quick, and I'm not expecting to stress it very much.
In theory, I'd be able to put this in an architecture-independent
package, which would greatly shorten cross-build times. Alas, the
plugin directory encodes the architecture name, so it'll have to be
built separately for each architecture anyway.
Lots of changes:
* Eliminate the old `packet-tripe.c' dissector. Add the new one. Get
the build system to install it in the right place.
* Include a (rather shoddy) script for running `tripe' and capturing
the conversation with `tshark', so I can test the dissector against
it; and some small example captures. This might even turn into a
proper test at some point, but for now it's just something I can do
by hand.
* Hack the `configure' script not to need all of the C compile-time
machinery for building Wireshark plugins.
Mark Wooding [Mon, 10 Jul 2017 09:32:23 +0000 (10:32 +0100)]
configure.ac: Hack probed Wireshark plugin dir in case of corruption.
Somehow the Debian package (at least) of Wireshark ships with a
`pkg-config' dropping which contains a broken `libdir' -- and, hence,
`plugindir'. This has happened before, and it's therefore not unlikely
to happen again. Defend ourselves against this mess by spotting the
bungled value (which is distinctively and obviously wrong) and fixing
it.
Mark Wooding [Mon, 10 Jul 2017 08:53:51 +0000 (09:53 +0100)]
configure.ac: Check probed Wireshark plugin directory exists.
If we've found a plugin directory by probing, then check that the thing
actually exists. It turns out that the `pkg-config' dropping is not as
accurate as one might naïvely hope.
Mark Wooding [Mon, 10 Jul 2017 08:48:12 +0000 (09:48 +0100)]
debian/control: Remove the Ethereal->Wireshark transition machinery.
How old is this stuff?
Mark Wooding [Sun, 9 Jul 2017 18:38:31 +0000 (19:38 +0100)]
vars.am: Tweak `silent-rules' machinery.
Since Automake 1.11, the advice for setting up custom silent-rules
recipes has changed, so use the new machinery.
Also, I'm no longer mainly working on wheezy, and Automake has made the
operation field two spaces wider while I wasn't looking, so make the
output line up properly.
This means that tripe now requires Automake 1.11.2 or later to build from
the Git tree.
Mark Wooding [Sun, 9 Jul 2017 18:34:57 +0000 (19:34 +0100)]
pathmtu/pathmtu.c: Don't explicitly set `_BSD_SOURCE'.
I have a bit set that this was necessary for some reason, but it doesn't
seem to be based on a brief inspection of wheezy's <features.h>, and
stretch's version warns that `_BSD_SOURCE' is now deprecated, because
nothing is allowed to remain stable.
Mark Wooding [Sun, 9 Jul 2017 18:31:58 +0000 (19:31 +0100)]
server/dh.c: Set the correct scalar size when loading XDH keys.
This was left hardcoded as 32 bytes, which means that X448 could never
work. (The `x448_stsc' function always fails because the buffer size
doesn't match its expectation.)
Mark Wooding [Sun, 9 Jul 2017 18:31:37 +0000 (19:31 +0100)]
server/keyexch.c: Fix indentation.
Mark Wooding [Tue, 23 May 2017 10:19:55 +0000 (11:19 +0100)]
peerdb/peers.in.5.in: Finish the example configuration fragment.
Mark Wooding [Tue, 23 May 2017 10:13:59 +0000 (11:13 +0100)]
contrib/tripe-ipif.in: Use the new-ish `bulk-overhead' to calculate MTU.
Mark Wooding [Mon, 22 May 2017 09:59:26 +0000 (10:59 +0100)]
keys/tripe-keys.master: Include a nontrivial `sig-fresh' example.
Mark Wooding [Mon, 22 May 2017 08:27:55 +0000 (09:27 +0100)]
keys/tripe-keys.8.in: Mention the `pathmtu' utility.
I don't even have `tracepath' installed here.
Mark Wooding [Mon, 22 May 2017 08:26:33 +0000 (09:26 +0100)]
keys/tripe-keys.in: Follow redirects when fetching updates.
This supports servers which want to try to use HTTPS. Of course, the
better answer is just to use `https://...' URIs.
Mark Wooding [Mon, 22 May 2017 08:25:57 +0000 (09:25 +0100)]
keys/tripe-keys.master: Use correct option for selecting key-exchange curve.
Always been wrong.
Mark Wooding [Thu, 11 May 2017 09:42:15 +0000 (10:42 +0100)]
Release 1.0.0pre19.
Mark Wooding [Thu, 11 May 2017 09:42:15 +0000 (10:42 +0100)]
server/bulkcrypto.c, server/tripe.8.in: Handle MAC names containing `/'.
Everything is fine (though unnecessarily ugly) if we take the final `/'
as delimiting the tag length, rather than the initial one. So do that.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/, keys/: Support Bernstein's X25519 and Hamburg's X448 algorithms.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/, keys/: Add bulk crypto transform based on NaCl `crypto_secretbox'.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/, keys/: Alternative serialization formats for hashing.
The old format was variable length, which leaks the length of the value
to local adversaries. Provide a switch to use the better
constant-length encoding for hashing.
Make this the default when setting up new key distribution centres.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/keymgmt.c: Detect if a private keys records a wrong public key.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/: Replace the Diffie--Hellman group abstraction.
Downside: this basically involves duplicating Catacomb's `group'
implementation.
Upside: I've been able to improve a few things. Most notably, this new
abstraction covers scalars as well as group elements, which extends the
possibilities. Because the new abstraction takes over responsibility
for tracing and reporting, I've been able to make group-specific
improvements.
More subtly, I've also introduced an additional group-element encoding
format. Previously, there was the `buffer format' (a sequence of
length-prefixed items) and the `raw format' (a binary blob with a known
length, used in encrypted messages). But there's an additional source
of length leakage for secret values, which is in hashing: so I've
introduced a new `hash format', which currently works the same as
`buffer' for compatibility's sake, but could later be switched -- say,
by a key attribute -- to work like `raw'.
I've also passed the key file and object through to the DH operations,
so that they can pick up additional attributes from the key. Nothing
takes advantage of this yet, though.
Mark Wooding [Wed, 19 Apr 2017 19:41:18 +0000 (20:41 +0100)]
server/: Make bulk crypto transforms responsible for algorithm selection.
Move all of the logic around processing symmetric algorithm selections
into the `bulkcrypto' transforms. There are now three associated object
types:
* an algorithm selection, which ends up attached to a peer key;
* an encryption context, which actually performs the bulk transform on
packets; and
* a challenge context, which can issue and verify challenge tags.
The important improvement here is that now we can add new bulk crypto
transforms which are parametrized in different ways.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/bulkcrypto.c: Abstract out MAC-failure tracing.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/admin.c: Export `a_info'.
We shall have need of this soon.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/: Rename `bulkcrypto' structure to `bulkops'.
We shall want a structure to collect up a bulk transform's state later.
No functional change. Basically
sed -i s/bulkcrypto/bulkops/g server/*.[ch]
and some reformatting.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/tripe.h: Don't say `struct bulkcrypto' where we don't have to.
Mark Wooding [Mon, 17 Apr 2017 23:39:24 +0000 (00:39 +0100)]
keys/tripe-keys.in: Add an option to control the bulk transform.
The default is `iiv', because we don't have the compatibility
constraints that the main server has.
Also, fix the `mtu' command, which has been wrong about the `iiv'
overhead for a while.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
keys/: Support the EdDSA signature schemes from catcrypt(1).
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
keys/tripe-keys.conf.5.in, server/tripe.8.in: Contemplate more group types.
Rather than listing the group types in prose as if there will never be
any more, list them out one by one.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/tripe.8.in: Fix formatting mistake.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/tests.at: Preserve output in `server communication' tests.
The test runs with multiple sets of party keys, and used to delete the
party directories before each run, leaving only the output from the
last. Instead, rename the party directories when we're done.
(I'd just create the directories with the right names in advance, but
the script uses the directory names as parts of shell variable names,
and I don't want to make the directory names ugly to allow that.)
Mark Wooding [Mon, 17 Apr 2017 23:39:24 +0000 (00:39 +0100)]
keys/tripe-keys.in, keys/tripe-keys.conf.5.in: Allow setting attributes.
Add `master-attrs' and `kx-attrs' options to allow setting arbitrary
attributes on keys.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
keys/tripe-keys.in: Provide `kx-genalg' and `kx-param-genalg' options.
Not all `tripe' key exchange groups G necessarily have `key'
key-generation algorithms named `G' and `G-param' corresponding to them;
it's just a coincidence that they do at the moment.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
keys/tripe-keys.conf.5.in: Inhibit page breaks in tables.
Unfortunately I have to guess at the length of the tables and associated
text, but it seems to work OK.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
keys/tripe-keys.conf.5.in: Document correct default cipher.
The default changed in 2009.
Mark Wooding [Mon, 17 Apr 2017 23:39:24 +0000 (00:39 +0100)]
uslip/uslip.c: Shut the server down on `SIGTERM'.
The tripe(8) server sends `SIGTERM' to its SLIP tunnel helpers when it
shuts down interfaces. This causes us to leave behind dead Unix-domain
sockets, which is bad. Catch `SIGTERM' so that we can clean up
properly -- and so that we can let clients pick up any remaining packets
we might still have queued.
Mark Wooding [Mon, 17 Apr 2017 23:39:24 +0000 (00:39 +0100)]
uslip/uslip.c: Abstract out the server's EOF-on-stdin behaviour.
Mark Wooding [Mon, 17 Apr 2017 23:39:24 +0000 (00:39 +0100)]
uslip/uslip.c: Make `make_pkqnode' be const-correct.
Mark Wooding [Mon, 17 Apr 2017 23:39:24 +0000 (00:39 +0100)]
uslip/uslip.c: Consistently name ignored closure pointers `hunoz'.
Mark Wooding [Mon, 17 Apr 2017 23:39:24 +0000 (00:39 +0100)]
uslip/uslip.c: Be consistent about `VERB_NOUN' function naming.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/keymgmt.c: Add missing comma causing poor error formatting.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/keymgmt.c: Don't leak `kdata' objects.
Mark Wooding [Wed, 19 Apr 2017 20:02:24 +0000 (21:02 +0100)]
server/keyexch.c: Don't copy group elements when registering a challenge.
Instead, just remember that ownership has been transferred. For `c', we
don't use the original variable any more, so we can just mark it null;
but `r' gets reused, so allocate a fresh place for it.
This is the only use of `G_COPY' in the program.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/keyexch.c: Fix error handling around `mpmask' and `mpunmask'.
The return value from `mpmask' wasn't being used, and callers expected a
broken buffer on failure, so that's the official story now.
The return value from `mpunmask' was advertised properly, but not
checked, so fix that.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/keyexch.c: Check that all of the algorithms match when setting up.
For some reason, we used only to check that the actual groups matched
and ignored the bulk crypto options. Check everything now.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/keyexch.c: Pass correct peer pointer when reporting group mismatch.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
common/util.c, server/admin.c: Ensure null-termination of result strings.
`dstr_putc' has a sharp edge here. Apparently I wasn't careful enough.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
server/keymgmt.c: Fix typo.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
Makefile.am: Some reformatting.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
vars.am: Some reformatting.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
configure.ac, debian/: Overhaul Wireshark plugin build machinery.
* Depend on the a newish version of Wireshark because I couldn't find
out where the API changes happened.
* It seems that Wireshark actually does provide a `pkg-config'
dropping now, so I can use it rather than complaining about how it's
not there.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
keys/tripe-keys.in: Remove unrecognized files from `base-dir'.
In a sensible system, these turn out to be mostly signature files made
by old versions of the master key which don't exist any more.
You might want to think about making `upload-hook' delete the
corresponding files at the file server.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
keys/tripe-keys.8.in: `tripe-keys upload' can really upload things.
Mention the `upload-hook' configuration knob rather than the comment
about how it can't be done.
Mark Wooding [Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)]
wireshark/packet-tripe.c: Catch up with Wireshark API changes.
* Apparently `check_col' is now just dead, and its functionality
included in the various `col_set_mumble' functions.
* It seems that `dissector_add' has turned into `dissector_add_uint',
and a number of other functions, for different field types, have
been added.
This isn't well tested.
Mark Wooding [Sat, 4 Jun 2016 15:39:48 +0000 (16:39 +0100)]
Use new Catacomb `rand_quick' to gather entropy from other fast sources.
This requires a very shiny Catcomb. I can make the dependency softer if
necessary.
Mark Wooding [Sat, 4 Jun 2016 15:31:10 +0000 (16:31 +0100)]
server/: Rename `TIMER' to `QUICKRAND'.
The purpose of the `TIMER' is to feed the entropy a small quantity of
entropy on a regular basis. Encoding the implementation in the name was
an error which this commit fixes.
Mark Wooding [Sat, 14 May 2016 10:08:35 +0000 (11:08 +0100)]
server/tripe.8.in: Fix misformatting.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
Release 1.0.0pre18.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
debian/control: Fix the dependencies.
* Fix up the Build-Depends. The Python requirements for the
architecture-independent packages are quite heavy, so split out
Build-Depends-Indep.
* Add detailed version information to the various build and runtime
dependencies.
* Observe that `tripe-keys' depends on curl(1) to run, so we need it
at build time for testing, and the `tripe-keys' package needs it at
runtime.
Mark Wooding [Fri, 19 Feb 2016 19:51:19 +0000 (19:51 +0000)]
debian/source/format: Apparently you're meant to have one of these now.
Mark Wooding [Sat, 20 Feb 2016 17:17:51 +0000 (17:17 +0000)]
configure.ac, Makefile.am: More subsetting based on module availability.
Also check the mLib and CDB modules.
Mark Wooding [Sun, 24 Apr 2016 22:30:30 +0000 (23:30 +0100)]
tripe-service.7: Move manual page to server/.
The stuff in svc/ isn't always built, but the manpage should always
exist because it describes general conventions.
Mark Wooding [Fri, 19 Feb 2016 22:31:20 +0000 (22:31 +0000)]
server/admin.c (a_vformat): Fix uses of `va_arg' to dereference `ap'.
This is the missing half of the earlier patch; without it, we get
instant crashes on i386 (but, oddly, no warnings anywhere).
Mark Wooding [Fri, 19 Feb 2016 21:42:57 +0000 (21:42 +0000)]
server/admin.c: Pass captured `va_list' consistently by reference.
On amd64, they're secretly arrays, and once one's decayed into a
pointer to a strange thing, there's no getting it back again.
Mark Wooding [Fri, 19 Feb 2016 21:41:04 +0000 (21:41 +0000)]
Portability: Use `socklen_t' throughout, if available.
Silly amd64 people, not using `size_t'.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (AWAIT_KXDONE): Ignore warnings and trace.
If the waiting loop receive a message it doesn't understand, it bails
and the rest of the test continues, usually before the peers have
actually completed their key exchange.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (AWAIT_KXDONE): Ignore the correct server messages.
The old code told arranged for both peers to ignore complains about
unexpected packets from the /first/ peer, with the predictable result
that the first peer complains about unexpected packets from the second
and the test fails spuriously.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (server retry): Use the new `WITH_STRACE' macro.
Now we don't necessarily need strace(1) installed at build time.
It's now the responsibility of `WITH_STRACE' to clear away the strace(1)
process if there is one. There's now too much process hierarchy in
between the wait and the child for us to wait on the proxy process
itself. It doesn't really matter much, fortunately.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at: Make the strace options better.
* `-ff' to split the traces for different processes out into separate
files. This is mostly good because it removes the confusing
interleaving of blocking system calls issued from concurrently
running processes.
* `-tt' to print high-resolution timestamps on each line, for
correlating the traces now they've been separated.
* `-v' to print out full dumps of environments and other such things.
* `-s1024' to print the whole of longish strings.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (TRIPE): Set command-line trace options from environment.
If you set `TRIPE_TEST_TRACEOPTS' then tracing is turned on with the
appropriate options. The obvious value is `A'.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (WITH_TRIPEX): Strip early tracing from the stderr file.
So we end up with a `...full' version.
Mark Wooding [Fri, 19 Feb 2016 21:49:33 +0000 (21:49 +0000)]
server/tests.at (WITH_STRACE): Factor out the strace(1) machinery.
There's very little noticeable difference in the behaviour: the (usually
empty) directory created for strace(1) to scribble its corefile has a
different name. The new macro takes care of running the caller's
command in the correct directory, so the (only, currently) call site
doesn't need to worry about that any more.
Mark Wooding [Mon, 1 Jun 2015 17:17:44 +0000 (18:17 +0100)]
priv/helper.c (lose): Tag as NORETURN.
Mark Wooding [Wed, 27 May 2015 18:43:07 +0000 (19:43 +0100)]
server/keyexch.c: Always quote the peer name in `KXSTART' notifications.
I missed the separate notification which is issued when a corked
exchange is uncorked.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
Release 1.0.0pre17.1.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
server/tests.at (AWAIT_KXDONE): More warning suppressions.
Slow hosts (e.g., Scratchbox, under emulation) can trigger warnings in
both directions, and also `unexpected-challenge', depending on how far
the key exchange has progressed by the time the other end gets the
`FORCEKX' command.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
server/tests.at (AWAIT_KXDONE): Deliver POP to the correct place.
In fact, BNAME and BDIR are always the same in the current test script
-- the silly games are always played with ANAME and ADIR -- but that's
just luck.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
Release 1.0.0pre17.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
client/tripectl.c: New option `-W' to set `WATCH' list.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
build, debian: Add a suffix to the main TrIPE-specific manpages.
This keeps the service documentation, in particular, out of the general
namespace where things might conflict with it.
The general-purpose utilities `pkstream' and `pathmtu' are not affected
by this change.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
svc/connect.in (cmd_kick): Call the right function.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
contrib/sshsvc.conf: Include configuration file for `sshsvc-mkauthkeys'.
Mark Wooding [Fri, 24 Apr 2015 09:11:23 +0000 (10:11 +0100)]
contrib/knock.in: Can now be called from an ordinary shell.
The script can now pick up information from environment variables rather
than the forced command, which makes the `tripe' user much more sane.
This also fits a little better with `sshsvc-mkauthkeys'.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
peerdb/peers.in, svc/connect.8.in: Tweak dead-peer-detection parameters.
They're now different between dynamic and passive peers. The manual
explains why they're set the way they are and provides some vaguely
useful commentary.
Also rearrange the other parameters a bit, now that we have multiple
inheritance.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
peerdb/tripe-newpeers.in, peerdb/peers.in.5.in: Multiple inheritance.
Allow a section to `@inherit' from more than one other section. All
traversals of the inheritance dag which find a value must report the
same one. Cycles are diagnosed when they're encountered, but not
otherwise.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
peerdb/tripe-newpeers.in: Sort the output so that testing is easier.
Mark Wooding [Sat, 2 May 2015 16:05:20 +0000 (17:05 +0100)]
svc/conntrack.8.in: Fix the manpage heading!
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
peerdb/peers.in.5.in: The magic is spelled `@inherit', not `@inherits'.
Mark Wooding [Sat, 14 Mar 2015 19:37:30 +0000 (19:37 +0000)]
Release 1.0.0pre16.2.