more docs ephemera

2018-09-18 01:27:11 -04:00
parent a29f56e8c3
commit f0070524c1
8 changed files with 176 additions and 129 deletions
--- a/16
+++ b/16
@ -115,8 +115,22 @@ gendoc:
 	./bin/$(samcatd) -h  2>> USAGE.md; true
 	@echo '```' >> USAGE.md
 	@echo "" >> USAGE.md
+	make key-management
 	make example-config

+key-management:
+	@echo "managing $(samcatd) save-encryption keys" >> USAGE.md
+	@echo "=====================================" >> USAGE.md
+	@echo "" >> USAGE.md
+	@echo "In order to keep from saving the .i2pkeys files in plaintext format, samcatd" >> USAGE.md
+	@echo "can optionally generate a key and encrypt the .i2pkeys files securely. Of" >> USAGE.md
+	@echo "course, to fully benefit from this arrangement, you need to move those keys" >> USAGE.md
+	@echo "away from the machine where the tunnel keys(the .i2pkeys file) are located," >> USAGE.md
+	@echo "or protect them in some other way(sandboxing, etc). If you want to use" >> USAGE.md
+	@echo "encrypted .i2pkeys files, you can specify a key file to use with the -cr" >> USAGE.md
+	@echo "option on the terminal or with keyfile option in the .ini file." >> USAGE.md
+	@echo "" >> USAGE.md
+
 example-config:
 	@echo "example config - valid for both ephsite and samcat" >> USAGE.md
 	@echo "==================================================" >> USAGE.md
@ -130,7 +144,7 @@ example-config:
 	@echo "does not start tunnels based on unlabeled options unless passed the" >> USAGE.md
 	@echo "-s flag.)" >> USAGE.md
 	@echo "" >> USAGE.md
-	@echo '```' >> USAGE.md
+	@echo '``` ini' >> USAGE.md
 	cat etc/sam-forwarder/tunnels.ini >> USAGE.md
 	@echo '```' >> USAGE.md
 	@echo "" >> USAGE.md
--- a/README.md
+++ b/README.md
@ -31,10 +31,11 @@ I need to document it better.
 [Besides fixing up the comments, this should help for now.](USAGE.md). I also
 need to control output verbosity better.

-It doesn't encrypt the .i2pkeys file, so if someone can steal them, then they
-can use them to construct tunnels to impersonate you. Experimental support for
-encrypted saves has been added. The idea is that only the person with the key
-will be able to decrypt and start the tunnels.
+It doesn't encrypt the .i2pkeys file by default, so if someone can steal them,
+then they can use them to construct tunnels to impersonate you. Experimental
+support for encrypted saves has been added. The idea is that only the person
+with the key will be able to decrypt and start the tunnels. It is up to the user
+to determine how to go about managing these keys.

 TCP is working very well. HTTP mode also exists, which just adds the X-I2P-DEST
 headers in. It does this both ways, for applying the dest headers inbound to
--- a/README.md.asc
+++ b/README.md.asc
@ -34,10 +34,11 @@ I need to document it better.
 [Besides fixing up the comments, this should help for now.](USAGE.md). I also
 need to control output verbosity better.

-It doesn't encrypt the .i2pkeys file, so if someone can steal them, then they
-can use them to construct tunnels to impersonate you. Experimental support for
-encrypted saves has been added. The idea is that only the person with the key
-will be able to decrypt and start the tunnels.
+It doesn't encrypt the .i2pkeys file by default, so if someone can steal them,
+then they can use them to construct tunnels to impersonate you. Experimental
+support for encrypted saves has been added. The idea is that only the person
+with the key will be able to decrypt and start the tunnels. It is up to the user
+to determine how to go about managing these keys.

 TCP is working very well. HTTP mode also exists, which just adds the X-I2P-DEST
 headers in. It does this both ways, for applying the dest headers inbound to
@ -80,12 +81,12 @@ I'm eventually going to make the manager implement net.Conn. This won't be
 exposed in the default application probably though, but rather as a library.
 -----BEGIN PGP SIGNATURE-----

-iQEzBAEBCAAdFiEEcNIGBzi++AUjrK/311wDs5teFOEFAlugh5AACgkQ11wDs5te
-FOG3yQf7BfPSZ7iYj7PUBK7jmjHtmZp6TeEYgI98dzcXUZctMcg+EYzVMBo+q7Yc
-jAbuNQa953DKjvYtQ0PMWbDXH1qFoazHf7EYX4TJJfWdU9uJJ8H/0HJqBt6fVgeN
-CDSqq+d0+QokwN75IOmRIHwfu5NWJYQUOyUkAQEGCBQgvYXPWq9mu4IWRL9hHOXy
-C+TgyOBUx5C7BAclP/M32kXnEoooVdgfQOCI/rcUhjG2piMJsg4lh2dg7fXv8udf
-Fvsy1GODl1ppDQViZmNQ9R2Bqr3QoCvCPXST1Uo0iyA1tJei2Z5djdk7xRj3VxRl
-seAfY156PYsqXznXNdITWovBsSNbGg==
-=Yh59
+iQEzBAEBCAAdFiEEcNIGBzi++AUjrK/311wDs5teFOEFAlugjKwACgkQ11wDs5te
+FOGd5Af+NZy4MdskE2HkvS0q8pSZ77K8VvuBkUMS7dWiANSkQAV84Oc+Juba9hna
+WpL68J4S4vleS5EtEa3ilxaSNJGNAMheAHjiSLOcVRlPsf9/cu8SU3scpC+nFH7
+wR4rrLIp1z36orO3qGEPPeSe9Dwpgs/v0TaSMvjKD6oQdkP/WM1suCik1nnIMCPI
+S173GFF3XkVFf3N/qItveg/OxhoWcIklR0kvS5M5ZpAh5CqdjGLK0moW8l3OHgpC
+MlefloZPsY68zQmA0HSc7N4ulzjI3/Hd2OaUdI8TtM8cOx+xallxxS+9YIwXwfOf
+iihxHV/kml/GuREwCcxBZ2Ihm8P75Q==
+=+8CJ
 -----END PGP SIGNATURE-----
--- a/USAGE.md
+++ b/USAGE.md
@ -161,6 +161,17 @@ Usage of ./bin/samcatd:
    	Allow zero-hop, non-anonymous tunnels out(true or false)
 ```

+managing samcatd save-encryption keys
+=====================================
+
+In order to keep from saving the .i2pkeys files in plaintext format, samcatd
+can optionally generate a key and encrypt the .i2pkeys files securely. Of
+course, to fully benefit from this arrangement, you need to move those keys
+away from the machine where the tunnel keys(the .i2pkeys file) are located,
+or protect them in some other way(sandboxing, etc). If you want to use
+encrypted .i2pkeys files, you can specify a key file to use with the -cr
+option on the terminal or with keyfile option in the .ini file.
+
 example config - valid for both ephsite and samcat
 ==================================================
 Options are still being added, pretty much as fast as I can put them
@ -173,7 +184,7 @@ unlabeled)
 does not start tunnels based on unlabeled options unless passed the
 -s flag.)

-```
+``` ini

 ## Defaults, these are only invoked with the -start option or if labeled tunnels
 ## are not present(samcatd instructions)
@ -195,6 +206,7 @@ i2cp.reduceIdleTime = 3000000
 i2cp.reduceQuantity = 2
 i2cp.enableWhiteList = false
 i2cp.enableBlackList = false
+keyfile = "/usr/share/samcatd/samcatd"

 [sam-forwarder]
 type = server
--- a/docs/USAGE.md
+++ b/docs/USAGE.md
@ -161,6 +161,17 @@ Usage of ./bin/samcatd:
    	Allow zero-hop, non-anonymous tunnels out(true or false)
 ```

+managing samcatd save-encryption keys
+=====================================
+
+In order to keep from saving the .i2pkeys files in plaintext format, samcatd
+can optionally generate a key and encrypt the .i2pkeys files securely. Of
+course, to fully benefit from this arrangement, you need to move those keys
+away from the machine where the tunnel keys(the .i2pkeys file) are located,
+or protect them in some other way(sandboxing, etc). If you want to use
+encrypted .i2pkeys files, you can specify a key file to use with the -cr
+option on the terminal or with keyfile option in the .ini file.
+
 example config - valid for both ephsite and samcat
 ==================================================
 Options are still being added, pretty much as fast as I can put them
@ -173,7 +184,7 @@ unlabeled)
 does not start tunnels based on unlabeled options unless passed the
 -s flag.)

-```
+``` ini

 ## Defaults, these are only invoked with the -start option or if labeled tunnels
 ## are not present(samcatd instructions)
@ -195,6 +206,7 @@ i2cp.reduceIdleTime = 3000000
 i2cp.reduceQuantity = 2
 i2cp.enableWhiteList = false
 i2cp.enableBlackList = false
+keyfile = "/usr/share/samcatd/samcatd"

 [sam-forwarder]
 type = server
--- a/docs/index.html
+++ b/docs/index.html
@ -140,68 +140,71 @@ Usage of ./bin/samcatd:
        Allow zero-hop, non-anonymous tunnels in(true or false)
  -zo
        Allow zero-hop, non-anonymous tunnels out(true or false)</code></pre>
+<h1 id="managing-samcatd-save-encryption-keys">managing samcatd save-encryption keys</h1>
+<p>In order to keep from saving the .i2pkeys files in plaintext format, samcatd can optionally generate a key and encrypt the .i2pkeys files securely. Of course, to fully benefit from this arrangement, you need to move those keys away from the machine where the tunnel keys(the .i2pkeys file) are located, or protect them in some other way(sandboxing, etc). If you want to use encrypted .i2pkeys files, you can specify a key file to use with the -cr option on the terminal or with keyfile option in the .ini file.</p>
 <h1 id="example-config---valid-for-both-ephsite-and-samcat">example config - valid for both ephsite and samcat</h1>
 <p>Options are still being added, pretty much as fast as I can put them in. For up-to-the-minute options, see <a href="config/CHECKLIST.md">the checklist</a></p>
 <p>(<strong>ephsite</strong> will only use top-level options, but they can be labeled or unlabeled)</p>
 <p>(<strong>samcatd</strong> treats the first set of options it sees as the default, and does not start tunnels based on unlabeled options unless passed the -s flag.)</p>
-<pre><code>
-## Defaults, these are only invoked with the -start option or if labeled tunnels
-## are not present(samcatd instructions)
+<div class="sourceCode"><pre class="sourceCode ini"><code class="sourceCode ini">
+<span class="co">## Defaults, these are only invoked with the -start option or if labeled tunnels</span>
+<span class="co">## are not present(samcatd instructions)</span>

-inbound.length = 3
-outbound.length = 6
-inbound.lengthVariance = 0
-outbound.lengthVariance = 0
-inbound.backupQuantity = 3
-outbound.backupQuantity = 3
-inbound.quantity = 5
-outbound.quantity = 5
-inbound.allowZeroHop = false
-outbound.allowZeroHop = false
-i2cp.encryptLeaseSet = false
-gzip = true
-i2cp.reduceOnIdle = true
-i2cp.reduceIdleTime = 3000000
-i2cp.reduceQuantity = 2
-i2cp.enableWhiteList = false
-i2cp.enableBlackList = false
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">inbound.lengthVariance </span><span class="ot">=</span><span class="st"> </span><span class="dv">0</span>
+<span class="dt">outbound.lengthVariance </span><span class="ot">=</span><span class="st"> </span><span class="dv">0</span>
+<span class="dt">inbound.backupQuantity </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">outbound.backupQuantity </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">inbound.quantity </span><span class="ot">=</span><span class="st"> </span><span class="dv">5</span>
+<span class="dt">outbound.quantity </span><span class="ot">=</span><span class="st"> </span><span class="dv">5</span>
+<span class="dt">inbound.allowZeroHop </span><span class="ot">=</span><span class="st"> </span><span class="kw">false</span>
+<span class="dt">outbound.allowZeroHop </span><span class="ot">=</span><span class="st"> </span><span class="kw">false</span>
+<span class="dt">i2cp.encryptLeaseSet </span><span class="ot">=</span><span class="st"> </span><span class="kw">false</span>
+<span class="dt">gzip </span><span class="ot">=</span><span class="st"> </span><span class="kw">true</span>
+<span class="dt">i2cp.reduceOnIdle </span><span class="ot">=</span><span class="st"> </span><span class="kw">true</span>
+<span class="dt">i2cp.reduceIdleTime </span><span class="ot">=</span><span class="st"> </span><span class="dv">3000000</span>
+<span class="dt">i2cp.reduceQuantity </span><span class="ot">=</span><span class="st"> </span><span class="dv">2</span>
+<span class="dt">i2cp.enableWhiteList </span><span class="ot">=</span><span class="st"> </span><span class="kw">false</span>
+<span class="dt">i2cp.enableBlackList </span><span class="ot">=</span><span class="st"> </span><span class="kw">false</span>
+<span class="dt">keyfile </span><span class="ot">=</span><span class="st"> &quot;/usr/share/samcatd/samcatd&quot;</span>

-[sam-forwarder]
-type = server
-host = 127.0.0.1
-port = 8081
-inbound.length = 3
-outbound.length = 6
-keys = forwarder
+<span class="kw">[sam-forwarder]</span>
+<span class="dt">type </span><span class="ot">=</span><span class="st"> server</span>
+<span class="dt">host </span><span class="ot">=</span><span class="st"> </span><span class="fl">127.0.0.1</span>
+<span class="dt">port </span><span class="ot">=</span><span class="st"> </span><span class="dv">8081</span>
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">keys </span><span class="ot">=</span><span class="st"> forwarder</span>

-[sam-forwarder-two]
-type = client
-host = 127.0.0.1
-port = 8082
-inbound.length = 6
-outbound.length = 3
-keys = forwarder-two
+<span class="kw">[sam-forwarder-two]</span>
+<span class="dt">type </span><span class="ot">=</span><span class="st"> client</span>
+<span class="dt">host </span><span class="ot">=</span><span class="st"> </span><span class="fl">127.0.0.1</span>
+<span class="dt">port </span><span class="ot">=</span><span class="st"> </span><span class="dv">8082</span>
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">keys </span><span class="ot">=</span><span class="st"> forwarder-two</span>

-[sam-forwarder-three]
-type = udpclient
-host = 127.0.0.1
-port = 8083
-inbound.length = 3
-outbound.length = 6
-keys = forwarder-three
+<span class="kw">[sam-forwarder-three]</span>
+<span class="dt">type </span><span class="ot">=</span><span class="st"> udpclient</span>
+<span class="dt">host </span><span class="ot">=</span><span class="st"> </span><span class="fl">127.0.0.1</span>
+<span class="dt">port </span><span class="ot">=</span><span class="st"> </span><span class="dv">8083</span>
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">keys </span><span class="ot">=</span><span class="st"> forwarder-three</span>

-[sam-forwarder-four]
-type = udpserver
-host = 127.0.0.1
-port = 8084
-inbound.length = 6
-outbound.length = 3
-keys = forwarder-four
+<span class="kw">[sam-forwarder-four]</span>
+<span class="dt">type </span><span class="ot">=</span><span class="st"> udpserver</span>
+<span class="dt">host </span><span class="ot">=</span><span class="st"> </span><span class="fl">127.0.0.1</span>
+<span class="dt">port </span><span class="ot">=</span><span class="st"> </span><span class="dv">8084</span>
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">keys </span><span class="ot">=</span><span class="st"> forwarder-four</span>

-[sam-forwarder-five]
-type = http
-host = 127.0.0.1
-port = 8085
-inbound.length = 3
-outbound.length = 6
-keys = forwarder-five</code></pre>
+<span class="kw">[sam-forwarder-five]</span>
+<span class="dt">type </span><span class="ot">=</span><span class="st"> http</span>
+<span class="dt">host </span><span class="ot">=</span><span class="st"> </span><span class="fl">127.0.0.1</span>
+<span class="dt">port </span><span class="ot">=</span><span class="st"> </span><span class="dv">8085</span>
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">keys </span><span class="ot">=</span><span class="st"> forwarder-five</span></code></pre></div>
--- a/etc/sam-forwarder/tunnels.ini
+++ b/etc/sam-forwarder/tunnels.ini
@ -19,6 +19,7 @@ i2cp.reduceIdleTime = 3000000
 i2cp.reduceQuantity = 2
 i2cp.enableWhiteList = false
 i2cp.enableBlackList = false
+keyfile = "/usr/share/samcatd/samcatd"

 [sam-forwarder]
 type = server
--- a/example/www/index.html
+++ b/example/www/index.html
@ -140,68 +140,71 @@ Usage of ./bin/samcatd:
        Allow zero-hop, non-anonymous tunnels in(true or false)
  -zo
        Allow zero-hop, non-anonymous tunnels out(true or false)</code></pre>
+<h1 id="managing-samcatd-save-encryption-keys">managing samcatd save-encryption keys</h1>
+<p>In order to keep from saving the .i2pkeys files in plaintext format, samcatd can optionally generate a key and encrypt the .i2pkeys files securely. Of course, to fully benefit from this arrangement, you need to move those keys away from the machine where the tunnel keys(the .i2pkeys file) are located, or protect them in some other way(sandboxing, etc). If you want to use encrypted .i2pkeys files, you can specify a key file to use with the -cr option on the terminal or with keyfile option in the .ini file.</p>
 <h1 id="example-config---valid-for-both-ephsite-and-samcat">example config - valid for both ephsite and samcat</h1>
 <p>Options are still being added, pretty much as fast as I can put them in. For up-to-the-minute options, see <a href="config/CHECKLIST.md">the checklist</a></p>
 <p>(<strong>ephsite</strong> will only use top-level options, but they can be labeled or unlabeled)</p>
 <p>(<strong>samcatd</strong> treats the first set of options it sees as the default, and does not start tunnels based on unlabeled options unless passed the -s flag.)</p>
-<pre><code>
-## Defaults, these are only invoked with the -start option or if labeled tunnels
-## are not present(samcatd instructions)
+<div class="sourceCode"><pre class="sourceCode ini"><code class="sourceCode ini">
+<span class="co">## Defaults, these are only invoked with the -start option or if labeled tunnels</span>
+<span class="co">## are not present(samcatd instructions)</span>

-inbound.length = 3
-outbound.length = 6
-inbound.lengthVariance = 0
-outbound.lengthVariance = 0
-inbound.backupQuantity = 3
-outbound.backupQuantity = 3
-inbound.quantity = 5
-outbound.quantity = 5
-inbound.allowZeroHop = false
-outbound.allowZeroHop = false
-i2cp.encryptLeaseSet = false
-gzip = true
-i2cp.reduceOnIdle = true
-i2cp.reduceIdleTime = 3000000
-i2cp.reduceQuantity = 2
-i2cp.enableWhiteList = false
-i2cp.enableBlackList = false
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">inbound.lengthVariance </span><span class="ot">=</span><span class="st"> </span><span class="dv">0</span>
+<span class="dt">outbound.lengthVariance </span><span class="ot">=</span><span class="st"> </span><span class="dv">0</span>
+<span class="dt">inbound.backupQuantity </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">outbound.backupQuantity </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">inbound.quantity </span><span class="ot">=</span><span class="st"> </span><span class="dv">5</span>
+<span class="dt">outbound.quantity </span><span class="ot">=</span><span class="st"> </span><span class="dv">5</span>
+<span class="dt">inbound.allowZeroHop </span><span class="ot">=</span><span class="st"> </span><span class="kw">false</span>
+<span class="dt">outbound.allowZeroHop </span><span class="ot">=</span><span class="st"> </span><span class="kw">false</span>
+<span class="dt">i2cp.encryptLeaseSet </span><span class="ot">=</span><span class="st"> </span><span class="kw">false</span>
+<span class="dt">gzip </span><span class="ot">=</span><span class="st"> </span><span class="kw">true</span>
+<span class="dt">i2cp.reduceOnIdle </span><span class="ot">=</span><span class="st"> </span><span class="kw">true</span>
+<span class="dt">i2cp.reduceIdleTime </span><span class="ot">=</span><span class="st"> </span><span class="dv">3000000</span>
+<span class="dt">i2cp.reduceQuantity </span><span class="ot">=</span><span class="st"> </span><span class="dv">2</span>
+<span class="dt">i2cp.enableWhiteList </span><span class="ot">=</span><span class="st"> </span><span class="kw">false</span>
+<span class="dt">i2cp.enableBlackList </span><span class="ot">=</span><span class="st"> </span><span class="kw">false</span>
+<span class="dt">keyfile </span><span class="ot">=</span><span class="st"> &quot;/usr/share/samcatd/samcatd&quot;</span>

-[sam-forwarder]
-type = server
-host = 127.0.0.1
-port = 8081
-inbound.length = 3
-outbound.length = 6
-keys = forwarder
+<span class="kw">[sam-forwarder]</span>
+<span class="dt">type </span><span class="ot">=</span><span class="st"> server</span>
+<span class="dt">host </span><span class="ot">=</span><span class="st"> </span><span class="fl">127.0.0.1</span>
+<span class="dt">port </span><span class="ot">=</span><span class="st"> </span><span class="dv">8081</span>
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">keys </span><span class="ot">=</span><span class="st"> forwarder</span>

-[sam-forwarder-two]
-type = client
-host = 127.0.0.1
-port = 8082
-inbound.length = 6
-outbound.length = 3
-keys = forwarder-two
+<span class="kw">[sam-forwarder-two]</span>
+<span class="dt">type </span><span class="ot">=</span><span class="st"> client</span>
+<span class="dt">host </span><span class="ot">=</span><span class="st"> </span><span class="fl">127.0.0.1</span>
+<span class="dt">port </span><span class="ot">=</span><span class="st"> </span><span class="dv">8082</span>
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">keys </span><span class="ot">=</span><span class="st"> forwarder-two</span>

-[sam-forwarder-three]
-type = udpclient
-host = 127.0.0.1
-port = 8083
-inbound.length = 3
-outbound.length = 6
-keys = forwarder-three
+<span class="kw">[sam-forwarder-three]</span>
+<span class="dt">type </span><span class="ot">=</span><span class="st"> udpclient</span>
+<span class="dt">host </span><span class="ot">=</span><span class="st"> </span><span class="fl">127.0.0.1</span>
+<span class="dt">port </span><span class="ot">=</span><span class="st"> </span><span class="dv">8083</span>
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">keys </span><span class="ot">=</span><span class="st"> forwarder-three</span>

-[sam-forwarder-four]
-type = udpserver
-host = 127.0.0.1
-port = 8084
-inbound.length = 6
-outbound.length = 3
-keys = forwarder-four
+<span class="kw">[sam-forwarder-four]</span>
+<span class="dt">type </span><span class="ot">=</span><span class="st"> udpserver</span>
+<span class="dt">host </span><span class="ot">=</span><span class="st"> </span><span class="fl">127.0.0.1</span>
+<span class="dt">port </span><span class="ot">=</span><span class="st"> </span><span class="dv">8084</span>
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">keys </span><span class="ot">=</span><span class="st"> forwarder-four</span>

-[sam-forwarder-five]
-type = http
-host = 127.0.0.1
-port = 8085
-inbound.length = 3
-outbound.length = 6
-keys = forwarder-five</code></pre>
+<span class="kw">[sam-forwarder-five]</span>
+<span class="dt">type </span><span class="ot">=</span><span class="st"> http</span>
+<span class="dt">host </span><span class="ot">=</span><span class="st"> </span><span class="fl">127.0.0.1</span>
+<span class="dt">port </span><span class="ot">=</span><span class="st"> </span><span class="dv">8085</span>
+<span class="dt">inbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">3</span>
+<span class="dt">outbound.length </span><span class="ot">=</span><span class="st"> </span><span class="dv">6</span>
+<span class="dt">keys </span><span class="ot">=</span><span class="st"> forwarder-five</span></code></pre></div>