BadVPN – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | .TH badvpn-server 8 "21 June 2011" |
2 | .SH NAME |
||
3 | badvpn-server \- chat server for the BadVPN peer-to-peer VPN system |
||
4 | .SH SYNOPSIS |
||
5 | .B badvpn-server |
||
6 | .RS |
||
7 | .RB "[" --help "]" |
||
8 | .br |
||
9 | .RB "[" --version "]" |
||
10 | .br |
||
11 | .RB "[" --logger " <stdout/syslog>]" |
||
12 | .br |
||
13 | (logger=syslog? |
||
14 | .br |
||
15 | .RS |
||
16 | .br |
||
17 | .RB "[" --syslog-facility " <string>]" |
||
18 | .br |
||
19 | .RB "[" --syslog-ident " <string>]" |
||
20 | .br |
||
21 | .RE |
||
22 | ) |
||
23 | .br |
||
24 | .RB "[" --loglevel " <0-5/none/error/warning/notice/info/debug>]" |
||
25 | .br |
||
26 | .RB "[" --channel-loglevel " <channel-name> <0-5/none/error/warning/notice/info/debug>] ..." |
||
27 | .br |
||
28 | .RB "[" --listen-addr " <addr>] ..." |
||
29 | .br |
||
30 | .RB "[" --ssl " " --nssdb " <string> " --server-cert-name " <string>]" |
||
31 | .br |
||
32 | .RB "[" --comm-predicate " <string>]" |
||
33 | .br |
||
34 | .RB "[" --relay-predicate " <string>]" |
||
35 | .br |
||
36 | .RB "[" --client-socket-sndbuf " <bytes / 0>]" |
||
37 | .br |
||
38 | .RE |
||
39 | .SH INTRODUCTION |
||
40 | .P |
||
41 | This page documents the BadVPN server, which is used in a BadVPN VPN network by peers to |
||
42 | talk to each other in order to establish data connections. For a general description of |
||
43 | BadVPN, see |
||
44 | .BR badvpn (7). |
||
45 | .SH DESCRIPTION |
||
46 | .P |
||
47 | The BadVPN server is a chat server used by nodes in the VPN network to talk to each other |
||
48 | in order to establish data connections. Once it initializes, the server only terminates |
||
49 | if a signal is received. |
||
50 | .SH OPTIONS |
||
51 | .P |
||
52 | The BadVPN server is configured entirely from command line. |
||
53 | .TP |
||
54 | .BR --help |
||
55 | Print version and command line syntax and exit. |
||
56 | .TP |
||
57 | .BR --version |
||
58 | Print version and exit. |
||
59 | .TP |
||
60 | .BR --logger " <stdout/syslog>" |
||
61 | Select where to log messages. Default is stdout. Syslog is not available on Windows. |
||
62 | .TP |
||
63 | .BR --syslog-facility " <string>" |
||
64 | When logging to syslog, set the logging facility. The facility name must be in lower case. |
||
65 | .TP |
||
66 | .BR --syslog-ident " <string>" |
||
67 | When logging to syslog, set the ident. |
||
68 | .TP |
||
69 | .BR --loglevel " <0-5/none/error/warning/notice/info/debug>" |
||
70 | Set the default logging level. |
||
71 | .TP |
||
72 | .BR --channel-loglevel " <channel-name> <0-5/none/error/warning/notice/info/debug>" |
||
73 | Set the logging level for a specific logging channel. |
||
74 | .TP |
||
75 | .BR --listen-addr " <addr>" |
||
76 | Add an address for the server to listen on. See below for address format. |
||
77 | .TP |
||
78 | .BR --ssl |
||
79 | Use TLS. Requires --nssdb and --server-cert-name. |
||
80 | .TP |
||
81 | .BR --nssdb " <string>" |
||
82 | When using TLS, the NSS database to use. Probably something like sql:/some/folder. |
||
83 | .TP |
||
84 | .BR --server-cert-name " <string>" |
||
85 | When using TLS, the name of the certificate to use. The certificate must be readily accessible. |
||
86 | .TP |
||
87 | .BR --comm-predicate " <string>" |
||
88 | Set a predicate to define which pairs of clients are allowed to communicate. The predicate is a |
||
89 | logical expression; see below for details. Available functions: |
||
90 | .br |
||
91 | .BR p1name "(string)" |
||
92 | - true if the TLS common name of peer 1 equals the given string. If TLS is not used, the common |
||
93 | name is assumed to be an empty string. |
||
94 | .br |
||
95 | .BR p1addr "(string)" |
||
96 | - true if the IP address of peer 1 equals the given string. The string must not be a name. |
||
97 | .br |
||
98 | .BR p2name "(string)" |
||
99 | - true if the TLS common name of peer 2 equals the given string. If TLS is not used, the common |
||
100 | name is assumed to be an empty string. |
||
101 | .br |
||
102 | .BR p2addr "(string)" |
||
103 | - true if the IP address of peer 2 equals the given string. The string must not be a name. |
||
104 | .br |
||
105 | There is no rule as to which is peer 1 and which peer 2. When the server needs to determine |
||
106 | whether to allow two peers to communicate, it evaluates the predicate once and in no specific order. |
||
107 | .TP |
||
108 | .BR --relay-predicate " <string>" |
||
109 | Set a predicate to define how peers can relay data through other peers. The predicate is a |
||
110 | logical expression; see below for details. If the predicate evaluates to true, peer P can relay data |
||
111 | through peer R. Available functions: |
||
112 | .br |
||
113 | .BR pname "(string)" |
||
114 | - true if the TLS common name of peer P peer equals the given string. If TLS is not used, the common |
||
115 | name is assumed to be an empty string. |
||
116 | .br |
||
117 | .BR paddr "(string)" |
||
118 | - true if the IP address of peer P equals the given string. The string must not be a name. |
||
119 | .br |
||
120 | .BR rname "(string)" |
||
121 | - true if the TLS common name of peer R peer equals the given string. If TLS is not used, the common |
||
122 | name is assumed to be an empty string. |
||
123 | .br |
||
124 | .BR raddr "(string)" |
||
125 | - true if the IP address of peer R equals the given string. The string must not be a name. |
||
126 | .br |
||
127 | .TP |
||
128 | .BR --client-socket-sndbuf " <bytes / 0>" |
||
129 | Sets the value of the SO_SNDBUF socket option for client TCP sockets (zero to not set). Lower values |
||
130 | will improve fairness when data from multiple peers is being sent to a given peer, but may result in lower |
||
131 | bandwidth if the network's bandwidth-delay product to too big. |
||
132 | .SH "EXIT CODE" |
||
133 | .P |
||
134 | If initialization fails, exits with code 1. Otherwise runs until termination is requested and exits with code 1. |
||
135 | .SH "ADDRESS FORMAT" |
||
136 | .P |
||
137 | Addresses have the form ipaddr:port, where ipaddr is either an IPv4 address (name or numeric), or an |
||
138 | IPv6 address enclosed in brackets [] (name or numeric again). |
||
139 | .SH PREDICATES |
||
140 | .P |
||
141 | The BadVPN server includes a small predicate language used to define certain policies. |
||
142 | Syntax and semantics of the language are described here. |
||
143 | .TP |
||
144 | .BR true |
||
145 | Logical true constant. Evaluates to 1. |
||
146 | .TP |
||
147 | .BR false |
||
148 | Logical false constant. Evaluates to 0. |
||
149 | .TP |
||
150 | .BR NOT " expression" |
||
151 | Logical negation. If the expression evaluates to error, the |
||
152 | negation evaluates to error. |
||
153 | .TP |
||
154 | .RB "expression " OR " expression" |
||
155 | Logical disjunction. The second expression is only evaluated |
||
156 | if the first expression evaluates to false. If a sub-expression |
||
157 | evaluates to error, the disjunction evaluates to error. |
||
158 | .TP |
||
159 | .RB "expression " AND " expression" |
||
160 | Logical conjunction. The second expression is only evaluated |
||
161 | if the first expression evaluates to true. If a sub-expression |
||
162 | evaluates to error, the conjunction evaluates to error. |
||
163 | .TP |
||
164 | .RB function "(" "arg" "," " ..." "," " arg" ")" |
||
165 | Evaluation of a user-provided function (function is the name of the |
||
166 | function, [a-zA-Z0-9_]+). |
||
167 | If the function with the given name does not exist, it evaluates to |
||
168 | error. |
||
169 | Arguments are evaluated from left to right. Each argument can either |
||
170 | be a logical expression or a string (characters enclosed in double |
||
171 | quotes, without any double quote). |
||
172 | If an argument is encountered, but all needed arguments have already |
||
173 | been evaluated, the function evaluates to error. |
||
174 | If an argument is of wrong type, it is not evaluated and the function |
||
175 | evaluates to error. |
||
176 | If an argument evaluates to error, the function evaluates to error. |
||
177 | If after all arguments have been evaluated, the function needs more |
||
178 | arguments, it evaluates to error. |
||
179 | Then the handler function is called. If it returns anything other |
||
180 | than 1 and 0, the function evaluates to error. Otherwise it evaluates |
||
181 | to what the handler function returned. |
||
182 | .SH "EXAMPLES" |
||
183 | .P |
||
184 | For examples of using BadVPN, see |
||
185 | .BR badvpn (7). |
||
186 | .SH "SEE ALSO" |
||
187 | .BR badvpn-client (8), |
||
188 | .BR badvpn (7) |
||
189 | .SH AUTHORS |
||
190 | Ambroz Bizjak <ambrop7@gmail.com> |