Imported Upstream version 5.3.4

author: Yves-Alexis Perez <corsac@debian.org> 2015-11-18 14:49:27 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2015-11-18 14:49:27 +0100
commit: 1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (patch)
tree: 0d59eec2ce2ed332434ae80fc78a44db9ad293c5 /conf
parent: 5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (diff)
download: vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.tar.gz
vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.zip
5 files changed, 42 insertions, 0 deletions
diff --git a/conf/options/charon-logging.conf b/conf/options/charon-logging.conf
index c91421dea..454405985 100644
--- a/conf/options/charon-logging.conf
+++ b/conf/options/charon-logging.conf
@@ -25,6 +25,11 @@ charon {
             # numerical identifier for each IKE_SA.
             # ike_name = no
 
+            # Adds the milliseconds within the current second after the
+            # timestamp (separated by a dot, so time_format should end with %S
+            # or %T).
+            # time_add_ms = no
+
             # Prefix each log entry with a timestamp. The option accepts a
             # format string as passed to strftime(3).
             # time_format =
diff --git a/conf/options/charon-logging.opt b/conf/options/charon-logging.opt
index b437a9cc3..2bbb5dce4 100644
--- a/conf/options/charon-logging.opt
+++ b/conf/options/charon-logging.opt
@@ -28,6 +28,10 @@ charon.filelog.<filename>.time_format
 	Prefix each log entry with a timestamp. The option accepts a format string
 	as passed to **strftime**(3).
 
+charon.filelog.<filename>.time_add_ms = no
+	Adds the milliseconds within the current second after the timestamp
+	(separated by a dot, so _time_format_ should end with %S or %T).
+
 charon.syslog {}
 	Section to define syslog loggers, see LOGGER CONFIGURATION in
 	**strongswan.conf**(5).
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 5f27b08e3..b55d429a7 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -24,6 +24,10 @@ charon {
     # strength.
     # dh_exponent_ansi_x9_42 = yes
 
+    # Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal
+    # missing symbols immediately.
+    # dlopen_use_rtld_now = no
+
     # DNS server assigned to peer via configuration payload (CP).
     # dns1 =
 
@@ -123,6 +127,10 @@ charon {
     # Initiate IKEv2 reauthentication with a make-before-break scheme.
     # make_before_break = no
 
+    # Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about
+    # and track concurrently.
+    # max_ikev1_exchanges = 3
+
     # Maximum packet size accepted by charon.
     # max_packet = 10000
 
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 5d137aee8..816f3250c 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -65,6 +65,10 @@ charon.dh_exponent_ansi_x9_42 = yes
 	Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
 	strength.
 
+charon.dlopen_use_rtld_now = no
+	Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal missing
+	symbols immediately.
+
 charon.dns1
 	DNS server assigned to peer via configuration payload (CP).
 
@@ -204,6 +208,10 @@ charon.load_modular = no
 	plugin list is preserved. Enabled plugins not found in that list are ordered
 	alphabetically before other plugins with the same priority.
 
+charon.max_ikev1_exchanges = 3
+	Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about and
+	track concurrently.
+
 charon.max_packet = 10000
 	Maximum packet size accepted by charon.
 
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index 559efcb4c..7fc421c60 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -102,6 +102,11 @@ Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
 strength.
 
 .TP
+.BR charon.dlopen_use_rtld_now " [no]"
+Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal missing
+symbols immediately.
+
+.TP
 .BR charon.dns1 " []"
 DNS server assigned to peer via configuration payload (CP).
 
@@ -152,6 +157,13 @@ Prefix each log entry with the connection name and a unique numerical identifier
 for each IKE_SA.
 
 .TP
+.BR charon.filelog.<filename>.time_add_ms " [no]"
+Adds the milliseconds within the current second after the timestamp (separated
+by a dot, so
+.RI "" "time_format" ""
+should end with %S or %T).
+
+.TP
 .BR charon.filelog.<filename>.time_format " []"
 Prefix each log entry with a timestamp. The option accepts a format string as
 passed to
@@ -344,6 +356,11 @@ reauthentication, but requires support for overlapping SAs by the peer.
 strongSwan can handle such overlapping SAs since version 5.3.0.
 
 .TP
+.BR charon.max_ikev1_exchanges " [3]"
+Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about and
+track concurrently.
+
+.TP
 .BR charon.max_packet " [10000]"
 Maximum packet size accepted by charon.
author	Yves-Alexis Perez <corsac@debian.org>	2015-11-18 14:49:27 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2015-11-18 14:49:27 +0100
commit	1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (patch)
tree	0d59eec2ce2ed332434ae80fc78a44db9ad293c5 /conf
parent	5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (diff)
download	vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.tar.gz vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.zip