Update documentation.

[tinc] / doc / tincd.8

diff --git a/doc/tincd.8 b/doc/tincd.8
index 648c5de..23d692b 100644 (file)
--- a/doc/tincd.8
+++ b/doc/tincd.8
@@ -1,145 +1,177 @@
-.TH TINCD 8 "June 2000" "tinc version 1.0pre3" "FSF"
-.SH NAME
-tinc \- tinc VPN daemon
-.SH SYNOPSIS
-.B tincd
-[\fIoption\fR]...
-.SH DESCRIPTION
-.PP
-
-This is the daemon of tinc, a secure virtual private
-network (VPN) project. When started, tincd will read
-it's configuration file to determine what virtual subnets
-it has to serve and to what other tinc daemons it should connect.
-It will connect to the ethertap or tun/tap device and set up a socket
-for incomming connections.
-If that succeeds, it will detach from the controlling terminal and
-continue in the background, accepting and setting up connections to other
-tinc daemons that are part of the virtual private network.
-
-.SH OPTIONS
-.TP
-\fB\-c\fR, \fB\-\-config\fR=\fIDIR\fR
-Read configuration options from DIR.
-.TP
-\fB\-D\fR, \fB\-\-no\-detach\fR
-Don't fork and detach. This will also disable the automatic
-restart mechanism for fatal errors.
-.TP
-\fB\-d\fR
-Increase debug level (see below).
-.TP
-\fB\-k\fR, \fB\-\-kill\fR
-Attempt to kill a running tincd and exit.
-.TP
-\fB\-n\fR, \fB\-\-net\fR=\fINETNAME\fR
-Connect to net NETNAME.
-.TP
-\fB\-K\fR, \fB\-\-generate-key\fR[=\fIBITS]\fR
-Generate public/private RSA keypair and exit. If BITS is omitted,
-the default length will be 1024 bits.
-.TP
-\fB\-\-help\fR
+.Dd 2002-03-25
+.Dt TINCD 8
+.\" Manual page created by:
+.\" Ivo Timmermans <ivo@o2w.nl>
+.\" Guus Sliepen <guus@sliepen.eu.org>
+.Sh NAME
+.Nm tincd
+.Nd tinc VPN daemon
+.Sh SYNOPSIS
+.Nm
+.Op Fl cdDkKn
+.Op Fl -bypass-security
+.Op Fl -config Ns = Ns Ar DIR
+.Op Fl -debug Ns = Ns Ar LEVEL
+.Op Fl -generate-keys Ns Op = Ns Ar BITS
+.Op Fl -help
+.Op Fl -kill Ns = Ns Ar SIGNAL
+.Op Fl -net Ns = Ns Ar NETNAME
+.Op Fl -no-detach
+.Op Fl -version
+.Sh DESCRIPTION
+This is the daemon of tinc, a secure virtual private network (VPN) project.
+When started,
+.Nm
+will read it's configuration file to determine what virtual subnets it has to serve
+and to what other tinc daemons it should connect.
+It will connect to the ethertap or tun/tap device
+and set up a socket for incoming connections.
+Optionally a script will be executed to further configure the virtual device.
+If that succeeds,
+it will detach from the controlling terminal and continue in the background,
+accepting and setting up connections to other tinc daemons
+that are part of the virtual private network.
+.Sh OPTIONS
+.Bl -tag -width indent
+.It Fl -bypass-security
+Disables encryption and authentication.
+Only useful for debugging.
+.It Fl c, -config Ns = Ns Ar DIR
+Read configuration options from
+.Ar DIR .
+.It Fl d, -debug Ns Op = Ns Ar LEVEL
+Increase debug level or set it to
+.Ar LEVEL
+(see below).
+.It Fl K, -generate-keys Ns Op = Ns Ar BITS
+Generate public/private RSA keypair and exit.
+If
+.Ar BITS
+is omitted, the default length will be 1024 bits.
+.It Fl -help

 Display short list of options.
 Display short list of options.

-.TP
-\fB\-\-version\fR
+.It Fl k, -kill Ns Op = Ns Ar SIGNAL
+Attempt to kill a running
+.Nm
+(optionally with the specified
+.Ar SIGNAL
+instead of SIGTERM) and exit.
+.It Fl n, -net Ns = Ns Ar NETNAME
+Connect to net
+.Ar NETNAME .
+.It Fl D, -no-detach
+Don't fork and detach.
+This will also disable the automatic restart mechanism for fatal errors.
+.It Fl L, -mlock
+Lock tinc into main memory.
+This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
+.It Fl -version

 Output version information and exit.
 Output version information and exit.

-.PP
-.SH "SIGNALS"
-.TP
-\fBHUP\fR
+.El
+.Sh SIGNALS
+.Bl -tag -width indent
+.It ALRM
+Forces
+.Nm
+to try to connect to all uplinks immediately.
+Usually
+.Nm
+attempts to do this itself,
+but increases the time it waits between the attempts each time it failed,
+and if
+.Nm
+didn't succeed to connect to an uplink the first time after it started,
+it defaults to the maximum time of 15 minutes.
+.It HUP

 Closes all connections, rereads the configuration file and restarts the daemon.
 Closes all connections, rereads the configuration file and restarts the daemon.

-.TP
-\fBINT\fR
-Closes all connections and quits.
-.TP
-\fBUSR1\fR
+.It INT
+Temporarily increases debug level to 5.
+Send this signal again to revert to the original level.
+.It USR1

 Dumps the connection list to syslog.
 Dumps the connection list to syslog.

-.TP
-\fBUSR2\fR
-Dumps the subnet list to syslog.
-.TP
-\fBALRM\fR
-Forces tincd to try to connect to an uplink immediately. Usually tincd attempts
-to do this itself, but increases the time it waits between the attempts each time
-it failed, and if tincd didn't succeed to connect to an uplink the first time after
-it started, it defaults to the maximum time of 15 minutes.
-.PP
-.SH "DEBUG LEVELS"
-The tinc daemon can send a lot of messages to the syslog. The more \fB\-d\fR options are
-given to tincd, the more messages it will log. Each level inherits all messages of the
-previous level:
-.TP
-\fIno debug options\fR
-This will log a message indicating tincd has started along with a version number.
+.It USR2
+Dumps virtual network device statistics, all known nodes, edges and subnets to syslog.
+.It WINCH
+Purges all information remembered about unreachable nodes.
+.El
+.Sh DEBUG LEVELS
+The tinc daemon can send a lot of messages to the syslog.
+The higher the debug level,
+the more messages it will log.
+Each level inherits all messages of the previous level:
+.Bl -tag -width indent
+.It 0
+This will log a message indicating
+.Nm
+has started along with a version number.

 It will also any serious error.
 It will also any serious error.

-.TP
-\fB\-d\fR
+.It 1

 This will log all connections that are made with other tinc daemons.
 This will log all connections that are made with other tinc daemons.

-.TP
-\fB\-dd\fR
+.It 2

 This will log status and error messages from other tinc daemons.
 This will log status and error messages from other tinc daemons.

-.TP
-\fB\-ddd\fR
+.It 3

 This will log all requests that are exchanged with other tinc daemons. These include
 authentication, key exchange and connection list updates.
 This will log all requests that are exchanged with other tinc daemons. These include
 authentication, key exchange and connection list updates.

-.TP
-\fB\-dddd\fR
+.It 4

 This will log a copy of everything received on the meta socket.
 This will log a copy of everything received on the meta socket.

-.TP
-\fB\-ddddd\fR
+.It 5

 This will log all network traffic over the virtual private network.
 This will log all network traffic over the virtual private network.

-.PP
-.SH "FILES"
-.TP
-\fI/etc/tinc/<NETNAME>/tinc.conf\fR
-The configuration file for tincd. This should also contain the private RSA key.
-.TP
-\fI/etc/tinc/<NETNAME>/hosts/*\fR
+.El
+.Sh FILES
+.Bl -tag -width indent
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf
+The configuration file for
+.Nm .
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up
+Script which is executed as soon as the virtual network device has been allocated.
+Purpose is to further configure that device.
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down
+Script which is executed when
+.Nm
+exits.
+Purpose is to cleanly shut down the virtual network device before it will be deallocated.
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/*

 The directory containing the host configuration files
 The directory containing the host configuration files

-used to authenticate other tinc daemons. They contain
-the public RSA keys of other hosts.
-.PP
-.SH "BUGS"
-Maintaining a connection list on each tinc daemon that can connect and disconnect at any
-moment, and making sure that all connections satisfy the tree property isn't easy. Although
-we have done a lot to make sure tinc is sturdy and foolproof, it might happen that
-some connection lists get corrupted.
-.PP
-\fBThe cryptography in tinc is not well tested yet. Use it at your own risk!\fR
-.PP
+used to authenticate other tinc daemons.
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -up
+Script which is executed as soon as host
+.Ar NAME
+becomes reachable.
+.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -down
+Script which is executed as soon as host
+.Ar NAME
+becomes unreachable.
+.It Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid
+The PID of the currently running
+.Nm
+is stored in this file.
+.El
+.Sh BUGS
+The
+.Va BindToInterface
+option may not work correctly.
+.Pp
+.Sy The cryptography in tinc is not well tested yet. Use it at your own risk!
+.Pp

 If you find any bugs, report them to tinc@nl.linux.org.
 If you find any bugs, report them to tinc@nl.linux.org.

-.PP
-.SH "TODO"
-A lot, especially security auditting.
-.PP 
-.SH "SEE ALSO"
-\fBtinc.conf\fR(5)
-.TP
-\fBhttp://tinc.nl.linux.org/\fR
-.TP
-\fBhttp://www.cabal.org/\fR
-.PP
-The full documentation for
-.B tinc
-is maintained as a Texinfo manual.  If the
-.B info
-and
-.B tinc
-programs are properly installed at your site, the command
-.IP
-.B info tinc
-.PP
+.Sh TODO
+A lot, especially security auditing.
+.Sh SEE ALSO
+.Xr tinc.conf 5 ,
+.Pa http://tinc.nl.linux.org/ ,
+.Pa http://www.cabal.org/ .
+.Pp
+The full documentation for tinc is maintained as a Texinfo manual.
+If the info and tinc programs are properly installed at your site,
+the command
+.Ic info tinc

 should give you access to the complete manual.
 should give you access to the complete manual.

-.PP
-tinc comes with ABSOLUTELY NO WARRANTY.  This is free software,
-and you are welcome to redistribute it under certain conditions;
+.Pp
+tinc comes with ABSOLUTELY NO WARRANTY.
+This is free software, and you are welcome to redistribute it under certain conditions;

 see the file COPYING for details.
 see the file COPYING for details.

-.SH "AUTHORS"
-.na
-.nf
-Ivo Timmermans <itimmermans@bigfoot.com>
-Guus Sliepen <guus@sliepen.warande.net>
-
+.Sh AUTHORS
+.An "Ivo Timmermans" Aq ivo@o2w.nl
+.An "Guus Sliepen" Aq guus@sliepen.eu.org
+.Pp

 And thanks to many others for their contributions to tinc!
 And thanks to many others for their contributions to tinc!

-.PP