From: Guus Sliepen Date: Sat, 1 Jul 2000 14:32:24 +0000 (+0000) Subject: - Updated PROTOCOL (a bit) X-Git-Tag: release-1.0pre3~154 X-Git-Url: https://git.librecmc.org/?p=oweals%2Ftinc.git;a=commitdiff_plain;h=09f4ec190119298187cec09dd5049af8fd8bad94 - Updated PROTOCOL (a bit) - Included a real tincd.8 describing the options, signals, debug levels and files used by tincd. --- diff --git a/doc/Makefile.am b/doc/Makefile.am index 09707ed..d0bdb3a 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -2,10 +2,10 @@ info_TEXINFOS = tinc.texi -dyn_MANS = tincd.8 +dyn_MANS = man_aux = $(dyn_MANS:.8=.x) -man_MANS = tinc.conf.5 genauth.8 $(dyn_MANS) +man_MANS = tincd.8 tinc.conf.5 genauth.8 $(dyn_MANS) PERL = @PERL@ HELP2MAN = help2man diff --git a/doc/PROTOCOL b/doc/PROTOCOL index 81de215..6b8f9fa 100644 --- a/doc/PROTOCOL +++ b/doc/PROTOCOL @@ -11,7 +11,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: PROTOCOL,v 1.1.2.1 2000/06/30 22:38:58 guus Exp $ + $Id: PROTOCOL,v 1.1.2.2 2000/07/01 14:32:24 guus Exp $ 1. Protocols used in tinc @@ -29,7 +29,7 @@ The protocols for those interfaces will not be described in this document. 2. Packet protocol ------------------ -This is described in net.h. +See net.h for now. 3. Meta protocol ---------------- @@ -58,34 +58,34 @@ may be sent. The following diagram shows how authentication is done: Client Server ---------------------------------------------------------------- -Connects to server - Accepts connection - Sends BASIC_INFO -Verifies BASIC_INFO +Connects to server: + Accepts connection. + Sends BASIC_INFO: +Verifies BASIC_INFO. If server is already in connection list, abort. -Else sends his own BASIC_INFO - Verifies BASIC_INFO +Else sends his own BASIC_INFO: + Verifies BASIC_INFO. If client is alread in connection list, remove old entry. - Sends PASSPHRASE + Sends PASSPHRASE: Receives and stores PASSPHRASE. -Sends his own PASSPHRASE +Sends his own PASSPHRASE: Receives and stores PASSPHRASE. - Sends PUBLIC_KEY + Sends PUBLIC_KEY: Verifies PUBLIC key and stored PASSPHRASE. If wrong, abort. -Else sends his own PUBLIC_KEY +Else sends his own PUBLIC_KEY: Verifies PUBLIC key and stored PASSPHRASE. If wrong, abort. Else activates connection and sends ACK and ADD_HOSTs for all - known hosts + known hosts. Receives ACK and activates connection. Sends ADD_HOSTs for all known -hosts +hosts. ---------------------------------------------------------------- The client must never make a connection to a server that is already in it's diff --git a/doc/tincd.8 b/doc/tincd.8 new file mode 100644 index 0000000..d38f6d4 --- /dev/null +++ b/doc/tincd.8 @@ -0,0 +1,131 @@ +.TH TINCD 8 "June 2000" "tinc version 1.0pre3" "FSF" +.SH NAME +tinc \- tinc VPN daemon +.SH SYNOPSIS +.B tincd +[\fIoption\fR]... +.SH DESCRIPTION +.PP + +This is the daemon of tinc, a secure virtual private +network (VPN) project. When started, tincd will read +it's configuration file to determine what virtual subnet +it has to serve and to what other tinc daemons it should connect. +It will connect to the ethertap device and set up a socket for incomming +connections. +If that succeeds, it will detach from the controlling terminal and +continue in the background, accepting and setting up connections to other +tinc daemons that are part of the virtual private network. + +.SH OPTIONS +.TP +\fB\-c\fR, \fB\-\-config\fR=\fIFILE\fR +Read configuration options from FILE. +.TP +\fB\-D\fR, \fB\-\-no\-detach\fR +Don't fork and detach. +.TP +\fB\-d\fR +Increase debug level. +.TP +\fB\-k\fR, \fB\-\-kill\fR +Attempt to kill a running tincd and exit. +.TP +\fB\-n\fR, \fB\-\-net\fR=\fINETNAME\fR +Connect to net NETNAME. +.TP +\fB\-t\fR, \fB\-\-timeout\fR=\fITIMEOUT\fR +Seconds to wait before giving a timeout. +.TP +\fB\-\-help\fR +Display this help and exit. +.TP +\fB\-\-version\fR +Output version information and exit. +.PP +.SH "SIGNALS" +.TP +\fBHUP\fR +Closes all connections, rereads the configuration file and restarts the daemon. +.TP +\fBINT\fR +Closes all connections and quits. +.TP +\fBUSR1\fR +Dumps the connection list to syslog. +.TP +\fBUSR2\fR +Invalidates the current cryptographic key and generates a new one. +.TP +\fBALRM\fR +Forces tincd to try to connect to an uplink immediately. Usually tincd attempts +to do this itself, but increases the time it waits between the attempts each time +it failed, and if tincd didn't succeed to connect to an uplink the first time after +it started, it defaults to the maximum time of 15 minutes. +.PP +.SH "DEBUG LEVELS" +The tinc daemon can send a lot of messages to the syslog. The more \fB\-d\fR options are +given to tincd, the more messages it will log. Each level inherits all messages of the +previous level: +.TP +\fIno debug options\fR +This will log a message indicating tincd has started along with a version number. +It will also any serious error. +.TP +\fB\-d\fR +This will log all connections that are made with other tinc daemons. +.TP +\fB\-d \-d\fR +This will log all requests that are exchanged with other tinc daemons. These include +authentication, key exchange and connection list updates. +.TP +\fB\-d \-d \-d\fR +This will log a copy of everything received on the meta socket. +.TP +\fB\-d \-d \-d \-d\fR +This will log all packets that are sent over the virtual private network. +.PP +.SH "FILES" +.TP +\fI/etc/tinc//tinc.conf\fR +The configuration file for tincd. +.TP +\fI/etc/tinc//passphrases/*\fR +The directory containing the secret passphrases +used to authenticate other tinc daemons. +.PP +.SH "BUGS" +Maintaining a connection list on each tinc daemon that can connect and disconnect at any +moment, and making sure that all connections satisfy the tree property isn't easy. Although +we have done a lot to make sure tinc is sturdy and foolproof, it might happen that +some connection lists get corrupted. +.PP +If you find any bugs, report them to tinc@nl.linux.org. +.PP +.SH "TODO" +A lot. If something you would like to see is not implemented, just ask; we most certainly will. +.PP +.SH "SEE ALSO" +\fBtinc.conf\fR(5), \fBgenauth\fR(8) +.TP +\fBhttp://tinc.nl.linux.org/\fR +.TP +\fBhttp://www.cabal.org/\fR +.PP +The full documentation for +.B tinc +is maintained as a Texinfo manual. If the +.B info +and +.B tinc +programs are properly installed at your site, the command +.IP +.B info tinc +.PP +should give you access to the complete manual. +.PP +tinc comes with ABSOLUTELY NO WARRANTY. This is free software, +and you are welcome to redistribute it under certain conditions; +see the file COPYING for details. +.PP +This product includes software developed by Eric Young (eay@mincom.oz.au) diff --git a/doc/tincd.x b/doc/tincd.x deleted file mode 100644 index c834d8e..0000000 --- a/doc/tincd.x +++ /dev/null @@ -1,22 +0,0 @@ -[DESCRIPTION] -." Add any additional description here - -This is the daemon part of tinc. tinc is a secure virtual private -network (VPN) project. - -.SH OPTIONS - - -[FILES] -.TP -\fI/etc/tinc\fR -The top directory for configuration files. -.PP - -[SEE ALSO] -\fBtincd.conf\fR(5), \fBgenauth\fR(8) -.TP -\fBhttp://tinc.nl.linux.org/\fR -.TP -\fBhttp://www.cabal.org/\fR -