143
148
will wait indefinitely for new servers to appear.
151
The network interface is selected like this: If an interface is
152
specified using the <option>--interface</option> option, that
153
interface is used. Otherwise, <command>&COMMANDNAME;</command>
154
will choose any interface that is up and running and is not a
155
loopback interface, is not a point-to-point interface, is
156
capable of broadcasting and does not have the NOARP flag (see
157
<citerefentry><refentrytitle>netdevice</refentrytitle>
158
<manvolnum>7</manvolnum></citerefentry>). (If the
159
<option>--connect</option> option is used, point-to-point
160
interfaces and non-broadcast interfaces are accepted.) If no
161
acceptable interfaces are found, re-run the check but without
162
the <quote>up and running</quote> requirement, and manually take
163
the selected interface up (and later take it down on program
167
Before a network interface is selected, all <quote>network
168
hooks</quote> are run; see <xref linkend="network-hooks"/>.
146
171
This program is not meant to be run directly; it is really meant
147
172
to run as a plugin of the <application>Mandos</application>
148
173
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
448
<refsect1 id="network-hooks">
449
<title>NETWORK HOOKS</title>
451
If a network interface like a bridge or tunnel is required to
452
find a Mandos server, this requires the interface to be up and
453
running before <command>&COMMANDNAME;</command> starts looking
454
for Mandos servers. This can be accomplished by creating a
455
<quote>network hook</quote> program, and placing it in a special
459
Before the network is used (and again before program exit), any
460
runnable programs found in the network hook directory are run
461
with the argument <quote><literal>start</literal></quote> or
462
<quote><literal>stop</literal></quote>. This should bring up or
463
down, respectively, any network interface which
464
<command>&COMMANDNAME;</command> should use.
466
<refsect2 id="hook-requirements">
467
<title>REQUIREMENTS</title>
469
A network hook must be an executable file, and its name must
470
consist entirely of upper and lower case letters, digits,
471
underscores, and hyphens.
474
A network hook will receive one argument, which can be one of
479
<term><literal>start</literal></term>
482
This should make the network hook create (if necessary)
483
and bring up a network interface.
488
<term><literal>stop</literal></term>
491
This should make the network hook take down a network
492
interface, and delete it if it did not exist previously.
497
<term><literal>files</literal></term>
500
This should make the network hook print, <emphasis>on
501
separate lines</emphasis>, all the files needed for it
502
to run. (These files will be copied into the initial
503
RAM filesystem.) Intended use is for a network hook
504
which is a shell script to print its needed binaries.
507
It is not necessary to print any non-executable files
508
already in the network hook directory, these will be
509
copied implicitly if they otherwise satisfy the name
516
The network hook will be provided with a number of environment
521
<term><envar>MANDOSNETHOOKDIR</envar></term>
524
The network hook directory, specified to
525
<command>&COMMANDNAME;</command> by the
526
<option>--network-hook-dir</option> option. Note: this
527
should <emphasis>always</emphasis> be used by the
528
network hook to refer to itself or any files it may
534
<term><envar>DEVICE</envar></term>
537
The network interface, as specified to
538
<command>&COMMANDNAME;</command> by the
539
<option>--interface</option> option. If this is not the
540
interface a hook will bring up, there is no reason for a
546
<term><envar>MODE</envar></term>
549
This will be the same as the first argument;
550
i.e. <quote><literal>start</literal></quote>,
551
<quote><literal>stop</literal></quote>, or
552
<quote><literal>files</literal></quote>.
557
<term><envar>VERBOSITY</envar></term>
560
This will be the <quote><literal>1</literal></quote> if
561
the <option>--debug</option> option is passed to
562
<command>&COMMANDNAME;</command>, otherwise
563
<quote><literal>0</literal></quote>.
568
<term><envar>DELAY</envar></term>
571
This will be the same as the <option>--delay</option>
572
option passed to <command>&COMMANDNAME;</command>.
578
A hook may not read from standard input, and should be
579
restrictive in printing to standard output or standard error
580
unless <varname>VERBOSITY</varname> is
581
<quote><literal>1</literal></quote>.
408
586
<refsect1 id="files">
409
587
<title>FILES</title>