BadVPN – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 .TH badvpn-server 8 "21 June 2011"
2 .SH NAME
3 badvpn-server \- chat server for the BadVPN peer-to-peer VPN system
4 .SH SYNOPSIS
5 .B badvpn-server
6 .RS
7 .RB "[" --help "]"
8 .br
9 .RB "[" --version "]"
10 .br
11 .RB "[" --logger " <stdout/syslog>]"
12 .br
13 (logger=syslog?
14 .br
15 .RS
16 .br
17 .RB "[" --syslog-facility " <string>]"
18 .br
19 .RB "[" --syslog-ident " <string>]"
20 .br
21 .RE
22 )
23 .br
24 .RB "[" --loglevel " <0-5/none/error/warning/notice/info/debug>]"
25 .br
26 .RB "[" --channel-loglevel " <channel-name> <0-5/none/error/warning/notice/info/debug>] ..."
27 .br
28 .RB "[" --listen-addr " <addr>] ..."
29 .br
30 .RB "[" --ssl " " --nssdb " <string> " --server-cert-name " <string>]"
31 .br
32 .RB "[" --comm-predicate " <string>]"
33 .br
34 .RB "[" --relay-predicate " <string>]"
35 .br
36 .RB "[" --client-socket-sndbuf " <bytes / 0>]"
37 .br
38 .RE
39 .SH INTRODUCTION
40 .P
41 This page documents the BadVPN server, which is used in a BadVPN VPN network by peers to
42 talk to each other in order to establish data connections. For a general description of
43 BadVPN, see
44 .BR badvpn (7).
45 .SH DESCRIPTION
46 .P
47 The BadVPN server is a chat server used by nodes in the VPN network to talk to each other
48 in order to establish data connections. Once it initializes, the server only terminates
49 if a signal is received.
50 .SH OPTIONS
51 .P
52 The BadVPN server is configured entirely from command line.
53 .TP
54 .BR --help
55 Print version and command line syntax and exit.
56 .TP
57 .BR --version
58 Print version and exit.
59 .TP
60 .BR --logger " <stdout/syslog>"
61 Select where to log messages. Default is stdout. Syslog is not available on Windows.
62 .TP
63 .BR --syslog-facility " <string>"
64 When logging to syslog, set the logging facility. The facility name must be in lower case.
65 .TP
66 .BR --syslog-ident " <string>"
67 When logging to syslog, set the ident.
68 .TP
69 .BR --loglevel " <0-5/none/error/warning/notice/info/debug>"
70 Set the default logging level.
71 .TP
72 .BR --channel-loglevel " <channel-name> <0-5/none/error/warning/notice/info/debug>"
73 Set the logging level for a specific logging channel.
74 .TP
75 .BR --listen-addr " <addr>"
76 Add an address for the server to listen on. See below for address format.
77 .TP
78 .BR --ssl
79 Use TLS. Requires --nssdb and --server-cert-name.
80 .TP
81 .BR --nssdb " <string>"
82 When using TLS, the NSS database to use. Probably something like sql:/some/folder.
83 .TP
84 .BR --server-cert-name " <string>"
85 When using TLS, the name of the certificate to use. The certificate must be readily accessible.
86 .TP
87 .BR --comm-predicate " <string>"
88 Set a predicate to define which pairs of clients are allowed to communicate. The predicate is a
89 logical expression; see below for details. Available functions:
90 .br
91 .BR p1name "(string)"
92 - true if the TLS common name of peer 1 equals the given string. If TLS is not used, the common
93 name is assumed to be an empty string.
94 .br
95 .BR p1addr "(string)"
96 - true if the IP address of peer 1 equals the given string. The string must not be a name.
97 .br
98 .BR p2name "(string)"
99 - true if the TLS common name of peer 2 equals the given string. If TLS is not used, the common
100 name is assumed to be an empty string.
101 .br
102 .BR p2addr "(string)"
103 - true if the IP address of peer 2 equals the given string. The string must not be a name.
104 .br
105 There is no rule as to which is peer 1 and which peer 2. When the server needs to determine
106 whether to allow two peers to communicate, it evaluates the predicate once and in no specific order.
107 .TP
108 .BR --relay-predicate " <string>"
109 Set a predicate to define how peers can relay data through other peers. The predicate is a
110 logical expression; see below for details. If the predicate evaluates to true, peer P can relay data
111 through peer R. Available functions:
112 .br
113 .BR pname "(string)"
114 - true if the TLS common name of peer P peer equals the given string. If TLS is not used, the common
115 name is assumed to be an empty string.
116 .br
117 .BR paddr "(string)"
118 - true if the IP address of peer P equals the given string. The string must not be a name.
119 .br
120 .BR rname "(string)"
121 - true if the TLS common name of peer R peer equals the given string. If TLS is not used, the common
122 name is assumed to be an empty string.
123 .br
124 .BR raddr "(string)"
125 - true if the IP address of peer R equals the given string. The string must not be a name.
126 .br
127 .TP
128 .BR --client-socket-sndbuf " <bytes / 0>"
129 Sets the value of the SO_SNDBUF socket option for client TCP sockets (zero to not set). Lower values
130 will improve fairness when data from multiple peers is being sent to a given peer, but may result in lower
131 bandwidth if the network's bandwidth-delay product to too big.
132 .SH "EXIT CODE"
133 .P
134 If initialization fails, exits with code 1. Otherwise runs until termination is requested and exits with code 1.
135 .SH "ADDRESS FORMAT"
136 .P
137 Addresses have the form ipaddr:port, where ipaddr is either an IPv4 address (name or numeric), or an
138 IPv6 address enclosed in brackets [] (name or numeric again).
139 .SH PREDICATES
140 .P
141 The BadVPN server includes a small predicate language used to define certain policies.
142 Syntax and semantics of the language are described here.
143 .TP
144 .BR true
145 Logical true constant. Evaluates to 1.
146 .TP
147 .BR false
148 Logical false constant. Evaluates to 0.
149 .TP
150 .BR NOT " expression"
151 Logical negation. If the expression evaluates to error, the
152 negation evaluates to error.
153 .TP
154 .RB "expression " OR " expression"
155 Logical disjunction. The second expression is only evaluated
156 if the first expression evaluates to false. If a sub-expression
157 evaluates to error, the disjunction evaluates to error.
158 .TP
159 .RB "expression " AND " expression"
160 Logical conjunction. The second expression is only evaluated
161 if the first expression evaluates to true. If a sub-expression
162 evaluates to error, the conjunction evaluates to error.
163 .TP
164 .RB function "(" "arg" "," " ..." "," " arg" ")"
165 Evaluation of a user-provided function (function is the name of the
166 function, [a-zA-Z0-9_]+).
167 If the function with the given name does not exist, it evaluates to
168 error.
169 Arguments are evaluated from left to right. Each argument can either
170 be a logical expression or a string (characters enclosed in double
171 quotes, without any double quote).
172 If an argument is encountered, but all needed arguments have already
173 been evaluated, the function evaluates to error.
174 If an argument is of wrong type, it is not evaluated and the function
175 evaluates to error.
176 If an argument evaluates to error, the function evaluates to error.
177 If after all arguments have been evaluated, the function needs more
178 arguments, it evaluates to error.
179 Then the handler function is called. If it returns anything other
180 than 1 and 0, the function evaluates to error. Otherwise it evaluates
181 to what the handler function returned.
182 .SH "EXAMPLES"
183 .P
184 For examples of using BadVPN, see
185 .BR badvpn (7).
186 .SH "SEE ALSO"
187 .BR badvpn-client (8),
188 .BR badvpn (7)
189 .SH AUTHORS
190 Ambroz Bizjak <ambrop7@gmail.com>