/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2012-06-15 17:18:34 UTC
  • Revision ID: teddy@recompile.se-20120615171834-gzzgknth003j903u
* plugins.d/mandos-client.c (main): Bug fix: Set DEVICE environment
                                    variable correctly for network
                                    hooks.  Also, don't call
                                    run_network_hooks() with NULL
                                    value.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2015-06-29">
 
5
<!ENTITY TIMESTAMP "2012-06-13">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
36
      <year>2012</year>
37
 
      <year>2013</year>
38
 
      <year>2014</year>
39
 
      <year>2015</year>
40
37
      <holder>Teddy Hogeborn</holder>
41
38
      <holder>Björn Påhlsson</holder>
42
39
    </copyright>
221
218
            assumed to separate the address from the port number.
222
219
          </para>
223
220
          <para>
224
 
            Normally, Zeroconf would be used to locate Mandos servers,
225
 
            in which case this option would only be used when testing
226
 
            and debugging.
 
221
            This option is normally only useful for testing and
 
222
            debugging.
227
223
          </para>
228
224
        </listitem>
229
225
      </varlistentry>
230
226
      
231
227
      <varlistentry>
232
228
        <term><option>--interface=<replaceable
233
 
        >NAME</replaceable><arg rep='repeat'>,<replaceable
234
 
        >NAME</replaceable></arg></option></term>
 
229
        >NAME</replaceable></option></term>
235
230
        <term><option>-i
236
 
        <replaceable>NAME</replaceable><arg rep='repeat'>,<replaceable
237
 
        >NAME</replaceable></arg></option></term>
 
231
        <replaceable>NAME</replaceable></option></term>
238
232
        <listitem>
239
233
          <para>
240
234
            Comma separated list of network interfaces that will be
243
237
            use all appropriate interfaces.
244
238
          </para>
245
239
          <para>
246
 
            If the <option>--connect</option> option is used, and
247
 
            exactly one interface name is specified (except
248
 
            <quote><literal>none</literal></quote>), this specifies
249
 
            the interface to use to connect to the address given.
 
240
            If the <option>--connect</option> option is used, this
 
241
            specifies the interface to use to connect to the address
 
242
            given.
250
243
          </para>
251
244
          <para>
252
245
            Note that since this program will normally run in the
261
254
          </para>
262
255
          <para>
263
256
            <replaceable>NAME</replaceable> can be the string
264
 
            <quote><literal>none</literal></quote>; this will make
265
 
            <command>&COMMANDNAME;</command> only bring up interfaces
266
 
            specified <emphasis>before</emphasis> this string.  This
267
 
            is not recommended, and only meant for advanced users.
 
257
            <quote><literal>none</literal></quote>; this will not use
 
258
            any specific interface, and will not bring up an interface
 
259
            on startup.  This is not recommended, and only meant for
 
260
            advanced users.
268
261
          </para>
269
262
        </listitem>
270
263
      </varlistentry>
445
438
  
446
439
  <refsect1 id="environment">
447
440
    <title>ENVIRONMENT</title>
448
 
    <variablelist>
449
 
      <varlistentry>
450
 
        <term><envar>MANDOSPLUGINHELPERDIR</envar></term>
451
 
        <listitem>
452
 
          <para>
453
 
            This environment variable will be assumed to contain the
454
 
            directory containing any helper executables.  The use and
455
 
            nature of these helper executables, if any, is
456
 
            purposefully not documented.
457
 
        </para>
458
 
        </listitem>
459
 
      </varlistentry>
460
 
    </variablelist>
461
441
    <para>
462
 
      This program does not use any other environment variables, not
463
 
      even the ones provided by <citerefentry><refentrytitle
 
442
      This program does not use any environment variables, not even
 
443
      the ones provided by <citerefentry><refentrytitle
464
444
      >cryptsetup</refentrytitle><manvolnum>8</manvolnum>
465
445
    </citerefentry>.
466
446
    </para>
528
508
              It is not necessary to print any non-executable files
529
509
              already in the network hook directory, these will be
530
510
              copied implicitly if they otherwise satisfy the name
531
 
              requirements.
 
511
              requirement.
532
512
            </para>
533
513
          </listitem>
534
514
        </varlistentry>
682
662
    </para>
683
663
    <informalexample>
684
664
      <para>
685
 
        Normal invocation needs no options, if the network interfaces
 
665
        Normal invocation needs no options, if the network interface
686
666
        can be automatically determined:
687
667
      </para>
688
668
      <para>
691
671
    </informalexample>
692
672
    <informalexample>
693
673
      <para>
694
 
        Search for Mandos servers (and connect to them) using one
695
 
        specific interface:
 
674
        Search for Mandos servers (and connect to them) using another
 
675
        interface:
696
676
      </para>
697
677
      <para>
698
678
        <!-- do not wrap this line -->
762
742
    <para>
763
743
      It will also help if the checker program on the server is
764
744
      configured to request something from the client which can not be
765
 
      spoofed by someone else on the network, like SSH server key
766
 
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
767
 
      echo (<quote>ping</quote>) replies.
 
745
      spoofed by someone else on the network, unlike unencrypted
 
746
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
768
747
    </para>
769
748
    <para>
770
749
      <emphasis>Note</emphasis>: This makes it completely insecure to
863
842
              <para>
864
843
                This client uses IPv6 link-local addresses, which are
865
844
                immediately usable since a link-local addresses is
866
 
                automatically assigned to a network interface when it
 
845
                automatically assigned to a network interfaces when it
867
846
                is brought up.
868
847
              </para>
869
848
            </listitem>