forked from cminyard/ser2net
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathser2net.yaml
300 lines (279 loc) · 10.9 KB
/
ser2net.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
%YAML 1.1
---
#
# This is a ser2net configuration file, showing examples of all
# sorts of things. It's all commented out so it's safe to put
# in /etc/ser2net/ser2net.yaml.
#
# This is described in ser2net.yaml(5)
# YAML gives an error on empty files, just add something so the
# error doesn't happen.
define: &confver 1.0
# # You can include other files from here, only at the main level.
# # These must be full yaml files, but are included in context at
# # this point, with all the defines, connection names, etc.
# # This can let you have individual connections in individual
# # files to ease management. globs are accepted.
# include: /etc/ser2net/ser2net/*.yaml
# # Just a basic serial port The con0 is the name of the connection,
# # each connection must be given a unique name. The accepter is the
# # information about how to receive connections, in this case it is
# # on TCP port 2002. The connector is what the connection is hooked
# # to when a connection comes in, in this case serial device /dev/ttyS0
# # with the given serial parameters. local means to ignore modem
# # control lines, and is generally what you want.
# # Tracing is added here, note the \p, see the ser2net.yaml.5 man page
# # for details on special string handling.
# connection: &con00
# accepter: tcp,2012
# connector: serialdev,/dev/ttyS0,9600n81,local
# trace-both: '/var/log/trace-\p'
# # Like the above, but with telnet and rfc2217 enabled. With the
# # gensio library that ser2net uses, protocols stack, so this stacks
# # telnet on top of tcp. It also shows how long complex lines can be broken
# # up, and that by-path serial ports are no problem in yaml.
# connection: &con01
# accepter: telnet(rfc2217),tcp,2013
# connector: serialdev,
# /dev/serial/by-path/platform-3f980000.usb-usb-0:1.2:1.0-port0,
# 9600n81,local
# # Set all baud rates to 115200n81 by default.
# default:
# name: speed
# value: 115200n81
# # Enable CLOCAL by default
# default:
# name: local
# value: true
# class: serialdev
# # Create a secure admin interface on sctp,2000
# admin:
# accepter: mux,certauth,ssl,sctp,2000
# # Define an arbitrary string substitution, we will use this later
# # for a banner.
# define: &banner1 This is a banner for port \N(\p)\r\n
# # Create an LED to flash the ACPI standby light on serial activity.
# led: &led1
# driver: sysfs
# options:
# device: "tpacpi::standby"
# # This creates an arbitrary string we will use inside other strings.
# # The quotes are necessary to keep YAML from interpreting the colons.
# define: &serbase "/dev/serial/by-path/pci-0000:00:1d.0"
# define: &serUSB0 "*(serbase)-usb-0:1.8.2.4:1.0"
# # A connection on
# # /dev/serial/by-path/pci-0000:00:1d.0-usb-0:1.8.2.4:1.0-port0
# # mapped to tcp port 2002 with telnet enabled.
# # Note that it is disabled at startup. You can enable it through
# # the admin interface or by changing enable to "on" and sending a SIGHUP.
# # Note that even though this is disabled, you can still access it through
# # the rotator.
# connection: &con1
# accepter: telnet(rfc2217),tcp,2002
# timeout: 0
# enable: off
# connector: serialdev,*(serUSB0)-port0
# options:
# banner: *banner1
# led-tx: *led1
# led-rx: *led1
# # A connection on
# # /dev/serial/by-path/pci-0000:00:1d.0-usb-0:1.8.2.4:1.0-port1
# # mapped to SCTP port 2003. The baud rate is overridden from the
# # default we set before. It also demonstrates how lines can be
# # continued.
# # You can access SCTP ports with the gensiot command, to connect
# # to this one do:
# # gensiot telnet,sctp,<host>,2003
# connection: &con2
# accepter: telnet(rfc2217),sctp,2003
# timeout: 0
# connector: serialdev,*(serUSB0)-port1,9600e71
# local=false
# options:
# banner: *banner1
# #
# # An IPMI SOL connection. See the OpenIPMI library for details on
# # how to configure this.
# # Note the use of *{} to insert a password from an external file.
# connection: &ipmicon1
# accepter: telnet,tcp,3022
# connector: ipmisol,lan -U admin -P *{pwfile} 192.168.27.37,115200
# # A rotator on TCP port 2020. It will alternate between the
# # two previous connections. The "dummy" gensio accepter is
# # useful in this case if you don't want independent access
# # to each connection. This will only be bound to address
# # 192.168.27.3.
# rotator: &rot1
# accepter: telnet,tcp,192.168.27.3,2020
# connections: [
# *con1,
# *con2
# ]
# # Now lets talk about secure connections. At this stage in the state
# # of computers, all your connections should be at least encrypted, and
# # preferably authenticated.
# #
# # Note that the examples below use SCTP. TCP can be subtituted. They
# # also use the echo gensio, which is useful for testing.
# #
# # For encrypted connections to work, you need to use the ssl gensio
# # over other connections. This requires a certificate and key, which
# # reside in /etc/ser2net/ser2net.crt and /etc/ser2net/ser2net.key by
# # default. You can, of course, change the defaults or override these
# # on the accepter line. Make sure ser2net.key is not readable by
# # anyone but the user running ser2net, or anyone can see your private
# # key. Distribute ser2net.crt to the users so they can authenticate
# # the server. You can get your certificate from a certificate
# # authority for best practice. Or you can create it yourself.
# #
# # To create your own keys, do:
# #
# # gtlssh-keygen --keydir /etc/ser2net --commonname "`hostname`-ser2net" serverkey ser2net
# #
# # which will install them in the right place. Copy ser2net.crt to
# # the accessing system. Restart ser2net. You can then connect with:
# #
# # gensiot telnet,ssl(CA=ser2net.crt),sctp,2004
# #
# # Note that the commonname of the key is important because it
# # make the subject name of the certificate more unique. You can really
# # put anything you want for what you provide to keygen. That will be the
# # subject name of the certificate.
# connection: &con3
# accepter: telnet,ssl,sctp,2004
# connector: echo
# options:
# banner: *banner1
# # Authentication with SSL is not shown, but is described in
# # ser2net.yaml(5). It's fairly inconvenient.
# # Now do an authenticated connection with certauth. You need a host
# # key/certificate pair as in the ssl-only example above. Then you
# # need to create /usr/share/ser2net/auth/<user>. You can create a
# # file named "password" in that directory and put a password there.
# # Make sure it's only readable by ser2net! Or you can create a
# # directory named /usr/share/ser2net/auth/<user>/allowed_certs,
# # put the user's gtlssh certificate there, and run
# # gtlssh-keygen rehash /usr/share/ser2net/auth/<user>/allowed_certs
# # Then you can do:
# # gtlssh --telnet -p 2005 <user>@<hostname>
# # and do a normal gtlssh authentication. See gtlssh(1) for details.
# connection: &con4
# accepter: telnet,mux,certauth(enable-password),ssl,sctp,2005
# connector: echo
# options:
# banner: *banner1
# # If you just want to have encryption and no authentication but you want
# # to use gtlssh for login, you set allow-authfail
# # on certauth, which will run the protocol but ignore any failures, and
# # then you can just log in. It's easy enough to just handle the
# # certificate,though, so that's really preferred.
# connection: &con5
# accepter: telnet,mux,certauth(allow-authfail),ssl,sctp,2006
# connector: echo
# options:
# openstr: hello
# banner: *banner1
# # The following shows how to quote some strings. Notice they are all
# # in single quotes. If you put them in double quotes, yaml will interpret
# # the '\' sequences on it's own, and thus ser2net will not be able to
# # process them. The yaml rules are complex, and the single quotes are
# # not necessar in all the instance below, but it's good practice to use
# # them to avoid confusion. Notice that you can do '' in a single quote
# # string to add one single quote.
# connection: &con6
# accepter: tcp,2007
# connector: echo
# options:
# openstr: 'Hello\x20there'
# closestr: 'Goodbye\nnow'
# banner: '''a Special Banner \d'''
# closeon: 'ctrl-a\001nil\000'
# # An example showing mDNS support. You must add "mdns: true" to enable
# # mDNS on a port to enable it. By default it uses the name for the mDNS
# # name and "_iostream._xxx" for the type, where xxx is either tcp, udp
# # or sctp base on the gensio type. Everything else defaults. Don't
# # set mdns-host or mdns-domain unless you know what you are doing.
# # mdns-txt can be specified multiple times to add multiple strings.
# #
# # mdns-sysattrs on Linux adds USB attributes to the txt data from
# # sysfs. If the serial port is a USB one, it will add the following
# # txt fields:
# # devicetype=serialusb
# # bInterfaceNumber=...
# # interface=...
# # idProduct=...
# # idVendor=...
# # serial=...
# # manufacturer=...
# # product=...
# # These fields are pulled straight from sysfs, see information on that
# # for details on what these mean. Not all the fields may be present
# # depending on the specific USB device. If you set this on a non-USB
# # serial port, it will just add:
# # devicetype=serial
# # This may be extended in the future for other OSes or other device
# # interfaces.
# connection: &rack-3-slot-5
# accepter: tcp,2034
# connector: echo
# options:
# mdns: true
# mdns-interface: -1
# mdns-nettype: unspec
# mdns-name: rack-3-slot-5
# mdns-type: "_iostream._tcp"
# mdns-domain: "local"
# mdns-host: "myhost.local"
# mdns-txt: "server=ser2net"
# mdns-txt: "type=echo"
# mdns-sysattrs: true
# # An example showing all options and their defaults. Note that empty
# # strings are ok for most strings, but not for things that take filesname
# # or are required to be aliases.
# connection: &con7
# accepter: tcp,2008
# connector: echo
# options:
# kickolduser: false
# trace-hexdump: false
# trace-timestamp: false
# trace-read-hexdump: false
# trace-read-timestamp: false
# trace-write-hexdump: false
# trace-write-timestamp: false
# trace-both-hexdump: false
# trace-both-timestamp: false
# trace-read: <trace read file>
# trace-write: <trace write file>
# trace-both: <trace both file>
# led-rx: <led alias>
# led-tx: <led alias>
# telnet-brk-on-sync: false
# chardelay: false
# chardelay-scale: 20
# chardelay-min: 1000
# chardelay-max: 20000
# sendon: ""
# dev-to-net-bufsize: 64
# net-to-dev-bufsize: 64
# max-connections: 1
# authdir: <authentication directory>
# allowed-users: <space separated list of names>
# remaddr: <remote address>
# connback: <remote connector string>
# banner:
# signature:
# openstr:
# closestr:
# closeon:
# connector-retry-time: 10
# accepter-retry-time: 10
# mdns: false
# mdns-interface: -1
# mdns-nettype: unspec
# mdns-name: con7
# mdns-type: "_iostream._tcp"
# mdns-domain: <NULL>
# mdns-host: <NULL>
# mdns-txt: <NULL>