/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-05 18:36:23 UTC
  • mto: This revision was merged to the branch mainline in revision 759.
  • Revision ID: teddy@recompile.se-20150705183623-k7yokhi0wpvs61iw
Add plugin for mandos-client to add and delete local routes.

* Makefile (LIBNL3_CFLAGS, LIBNL3_LIBS): New; add for netlink library.
  (PLUGIN_HELPERS): Add "plugin-helpers/mandos-client-iprouteadddel".
  (plugin-helpers/mandos-client-iprouteadddel): New.
* plugin-helpers/mandos-client-iprouteadddel.c: New.
* plugins.d/mandos_client (add_remove_local_route): Rename
                                                    "remove_arg" to
                                                    "delete_arg".  All
                                                    users changed.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2012-06-17">
 
5
<!ENTITY TIMESTAMP "2015-06-29">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
36
      <year>2012</year>
 
37
      <year>2013</year>
 
38
      <year>2014</year>
 
39
      <year>2015</year>
37
40
      <holder>Teddy Hogeborn</holder>
38
41
      <holder>Björn Påhlsson</holder>
39
42
    </copyright>
218
221
            assumed to separate the address from the port number.
219
222
          </para>
220
223
          <para>
221
 
            This option is normally only useful for testing and
222
 
            debugging.
 
224
            Normally, Zeroconf would be used to locate Mandos servers,
 
225
            in which case this option would only be used when testing
 
226
            and debugging.
223
227
          </para>
224
228
        </listitem>
225
229
      </varlistentry>
258
262
          <para>
259
263
            <replaceable>NAME</replaceable> can be the string
260
264
            <quote><literal>none</literal></quote>; this will make
261
 
            <command>&COMMANDNAME;</command> not bring up
262
 
            <emphasis>any</emphasis> interfaces specified
263
 
            <emphasis>after</emphasis> this string.  This is not
264
 
            recommended, and only meant for advanced users.
 
265
            <command>&COMMANDNAME;</command> only bring up interfaces
 
266
            specified <emphasis>before</emphasis> this string.  This
 
267
            is not recommended, and only meant for advanced users.
265
268
          </para>
266
269
        </listitem>
267
270
      </varlistentry>
442
445
  
443
446
  <refsect1 id="environment">
444
447
    <title>ENVIRONMENT</title>
 
448
    <variablelist>
 
449
      <varlistentry>
 
450
        <term><envar>MANDOSPLUGINHELPERDIR</envar></term>
 
451
        <listitem>
 
452
          <para>
 
453
            This environment variable will be assumed to contain the
 
454
            directory containing any helper executables.  The use and
 
455
            nature of these helper executables, if any, is
 
456
            purposefully not documented.
 
457
        </para>
 
458
        </listitem>
 
459
      </varlistentry>
 
460
    </variablelist>
445
461
    <para>
446
 
      This program does not use any environment variables, not even
447
 
      the ones provided by <citerefentry><refentrytitle
 
462
      This program does not use any other environment variables, not
 
463
      even the ones provided by <citerefentry><refentrytitle
448
464
      >cryptsetup</refentrytitle><manvolnum>8</manvolnum>
449
465
    </citerefentry>.
450
466
    </para>
512
528
              It is not necessary to print any non-executable files
513
529
              already in the network hook directory, these will be
514
530
              copied implicitly if they otherwise satisfy the name
515
 
              requirement.
 
531
              requirements.
516
532
            </para>
517
533
          </listitem>
518
534
        </varlistentry>
666
682
    </para>
667
683
    <informalexample>
668
684
      <para>
669
 
        Normal invocation needs no options, if the network interface
 
685
        Normal invocation needs no options, if the network interfaces
670
686
        can be automatically determined:
671
687
      </para>
672
688
      <para>
675
691
    </informalexample>
676
692
    <informalexample>
677
693
      <para>
678
 
        Search for Mandos servers (and connect to them) using another
679
 
        interface:
 
694
        Search for Mandos servers (and connect to them) using one
 
695
        specific interface:
680
696
      </para>
681
697
      <para>
682
698
        <!-- do not wrap this line -->
746
762
    <para>
747
763
      It will also help if the checker program on the server is
748
764
      configured to request something from the client which can not be
749
 
      spoofed by someone else on the network, unlike unencrypted
750
 
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
 
765
      spoofed by someone else on the network, like SSH server key
 
766
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
 
767
      echo (<quote>ping</quote>) replies.
751
768
    </para>
752
769
    <para>
753
770
      <emphasis>Note</emphasis>: This makes it completely insecure to
846
863
              <para>
847
864
                This client uses IPv6 link-local addresses, which are
848
865
                immediately usable since a link-local addresses is
849
 
                automatically assigned to a network interfaces when it
 
866
                automatically assigned to a network interface when it
850
867
                is brought up.
851
868
              </para>
852
869
            </listitem>