-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtofurkey.8
85 lines (83 loc) · 2.98 KB
/
tofurkey.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
.TH tofurkey 8 "Mar 2024" "v1.3.2"
.SH NAME
tofurkey \- Distributed sync for Linux TCP Fastopen key rotations
.SH SYNOPSIS
.SY tofurkey
.RB [ \-vno ]
.RB [ \-i\~\c
.IR seconds ]
.RB [ \-a\~\c
.IR /run/tofurkey.autokey ]
.RB [ \-k\~\c
.IR /path/to/main/secret ]
.YS
.SH DESCRIPTION
\fBtofurkey\fR is a simple daemon which manages the timely,
synchronized, deterministic rotation of TCP Fastopen (TFO) keys across a
cluster of Linux machines. Keys are set via the Linux 5.10+ procfs
interface for dual keys in \fI/proc/sys/net/ipv4/tcp_fastopen_key\fR .
In order to synchronize across a cluster, it requires as input a
long-term main secret key file which is shared across the cluster (by
you and/or your configuration/secret management system), set via the
\fB\-k\fR argument, which points at a secret file with at least 32 bytes
of high-entropy random data to use as a main key.
If this is not supplied, a random secret will be auto-generated and
persisted to the (reboot-volatile) rundir by default, which will allow
for local TFO key rotation without any synchronization or reboot
persistence. A warning will be issued to stderr at startup in this
case, as it's not expected to be a common operating mode in production.
.SH OPTIONS
.TP
\fB\-k\fR
Path to long-term main secret file generated and distributed to a
cluster by the administrator. This file must exist and have at least 32
bytes of secret high-entropy binary data, and will be re-read every
time TFO keys are generated. Mutually exclusive with \-a. If this option
is not provided, then the \-a autokey mode is the default.
.TP
\fB\-a\fR
Custom pathname to persist an auto-generated key, defaults to
\fI/run/tofurkey.autokey\fR. This file will be created if it's missing
and persisted across runs, but perhaps not across reboots at the
default path, and obviously affords no possibility of distributed
sync across a cluster. Mutually exclusive with \-k.
.TP
\fB\-i\fR
Interval seconds for key rotation, default is 86400, allowed range is
10 \- 604800, must be even. Daemon wakes up to rotate keys at every
half-interval of unix time to manage validity overlaps.
Intervals \fBmust\fR match across a cluster to get the same keys!
.TP
\fB\-v\fR
Verbose output to stderr
.TP
\fB\-n\fR
Dry-run mode - Data is not actually written to procfs, but everything
else still happens
.TP
\fB\-o\fR
One-shot mode - it will calculate the current keys and set them once
and then exit. Normal mode is to remain running and rotate keys on
timer intervals forever.
.SH TESTING OPTIONS
These options are for software testing and shouldn't be necessary in
normal use! They're not shown in the normal CLI usage output.
.SY tofurkey
.RB [ ... ]
.RB [ \-V ]
.RB [ \-T\~\c
.IR n ]
.RB [ \-P\~\c
.IR /proc/sys/net/ipv4/tcp_fastopen_key ]
.YS
.TP
\fB\-V\fR
Print TFO keys, implies \-v, leaks short term secrets to stderr!
.TP
\fB\-T\fR
Set a fake unix time value, implies \-o, range 1e6 - 1e13
.TP
\fB\-P\fR
Override default procfs output path for setting keys
.SH MORE INFO
https://github.com/blblack/tofurkey