1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
|
Configuration settings
======================
Exceptional settings
--------------------
* `server`
Specifies `<servername>`.
Is looked up in `[SERVER]` and `[COMMON]` only.
If not specified there, it is `SERVER`.
Used by server to select the appropriate parts of the
rest of the configuration. Ignored by the client.
* `secret`
Looked up in the usual way, but used by client and server to
determine which possible peerings to try to set up, and which to
ignore.
We define the sets of putative clients and servers, as follows:
all those, for which there is any section (even an empty one)
whose name is based on `<client>` or `<servername>` (as applicable).
(`LIMIT` sections do not count.)
The server queue packets for, and accept requests from, each
putative client for which the config search yields a secret.
Each client will create a local interface, and try to communicate
with the server, for each possible pair (putative server,
putative client) for which the config search yields a secret.
The value is a string, fed directly into HMAC.
* `ipif`
Command to run to create and communicate with local network
interface. Passed to sh -c. Must speak SLIP on stdin/stdout.
(For compatibility with older hippotat, `%(var)s` is supported too
but this is deprecated since the extra `s` is confusing.)
On server: applies to all clients; not looked up in client-specific sections.
On client: may be different for different servers.
[string; `userv root ipif %{local},%{peer},%{mtu},slip '%{rnets}'`]
### `ipif` interpolations:
The following interpolations aare substituted in the value for `ipif`:
| Input | `%{local}` | `%{peer}` | `%{rnets}` | `%{ifname}` |
| -------------- | ----------- | ---------- | ----------- | -------------- |
| **on server** | `vaddr` | `vrelay` | `vnetwork` | `ifname_server` |
| **on client** | `client` | `vaddr` | `vroutes` | `ifname_client` |
**Always:** `%{mtu}`, and `%%` to indicate a literal `%`.
Capped settings
---------------
Values in `[<server> LIMIT]` and `[LIMIT]` are a cap (maximum) on
those from the other sections (including `COMMON`). If a larger
value is obtained, it is (silently) reduced to the limit value.
* `max_batch_down`
Size limit for response payloads.
On client, incoming response bodies are limited to this (plus
a fixed constant metadata overhead).
Server uses minimum of client's and server's configured values
(old servers just use server's value).
[`65536` (bytes); `LIMIT`: `262144`]
* `max_batch_up`
Size limit for request upbound payloads. On client, used directly,
with `LIMIT` applied.
On server, only `LIMIT` is relevant, and must be at least the
client's configured value (checked).
[`4000` (bytes); `LIMIT`: `262144`]
* `max_queue_time`
Discard packets after they have been queued this long
waiting for http.
On server: setting applies to downward packets.
On client: setting applies to upward packets.
[`10` (s); `LIMIT`: `121`]
* `http_timeout`
On server: return with empty payload any http request oustanding
for this long.
On client: give up on any http request outstanding for
for this long plus `http_timeout_grace`.
Warning messages about link problems, printed by the client,
are rate limited to no more than one per effective timeout.
Client's effective timeout must be at least server's (checked).
[`30` (s); `LIMIT`: `121`]
* `target_requests_outstanding`
On client: try to keep this many requests outstanding, to
allow for downbound data transfer.
On server: whenever number of outstanding requests for
a client exceeds this, returns oldest with empty payload.
Must match between client and server (checked).
[`3`; `LIMIT`: `10`]
Ordinary settings, used by both, not client-specific
----------------------------------------------------
On the server these are forbidden in the client-specific config
sections.
* `addrs`
Public IP (v4 or v6) address(es) of the server; space-separated.
On server: mandatory; used for bind.
On client: used only to construct default `url`.
No default.
* `vnetwork`
Private network range. Must contain all
`<client>`s. Must contain `vaddr` and `vrelay`, and is used
to compute their defaults. [CIDR syntax (`<prefix>/<length>`);
`172.24.230.192/28`]
* `vaddr`
Address of server's virtual interface.
[default: first host entry in `vnetwork`, so `172.24.230.193`]
* `vrelay`
Virtual point-to-point address used for tunnel routing
(does not appear in packets).
[default: first host entry in `vnetwork` other than `vaddr`,
so `172.24.230.194`]
* `port`
Public port number of the server.
On server: used for bind.
On client: used only to construct default url.
[`80`]
Do not set this to `443` -
the server will speak plain unencrypted HTTP on the port you specify,
which would be wrong for `443`.
While the client has integrated TLS support, the server does not.
To use hippotat with TLS:
- Set up a TLS reverse proxy (such as apache or nginx),
probably with a certificate from Let's Encrypt.
- Configure `port` and `addrs` to the internal address and port
(to which the reverse proxy forwards the requests).
- Configure `url` to the public URL of the reverse proxy.
* `mtu`
Of virtual interface.
Must match exactly at each end (checked).
[`1500` (bytes)]
Ordinary settings, used by server only
--------------------------------------
* `max_clock_skew`
Permissible clock skew between client and server.
Hippotat will not work if clock skew is more than this.
Conversely: when moving client from one public network to
another, the first network can deny service to the client for
this period after the client leaves the first network.
[`300` (s)]
* `ifname_server`
Virtual interface name on the server. [`shippo%d`]
NB: any `%d` is interpolated (by the kernel).
Ordinary settings, used by client only
--------------------------------------
* `http_timeout_grace`
See `http_timeout`. [`5` (s)]
* `max_requests_outstanding`
Client will hold off sending more requests than this to
server even if it has data to send. [`6`]
* `success_report_interval`
If nonzero, report success periodically. Otherwise just
report it when we first have success. [`3600` (s)]
* `http_retry`
If a request fails, wait this long before considering it
"finished" - to limit rate of futile requests (and also
to limit rate of moaning on stderr). [`5` s]
* `url`
Public url of server.
[`http://<first-entry-in-addrs>:<port>/`]
* `vroutes`
Additional virtual addresses to be found at the server
end, space-separated. Routes to those will be created on
the client. `vrelay` is included implicitly.
[CIDR syntax, space separated; default: none]
* `ifname_client`
Virtual interface name on the client. [`hippo%d`]
NB: any `%d` is interpolated (by the kernel).
|
