diff options
Diffstat (limited to 'conf')
-rw-r--r-- | conf/options/charon-logging.conf | 5 | ||||
-rw-r--r-- | conf/options/charon-logging.opt | 4 | ||||
-rw-r--r-- | conf/options/charon.conf | 8 | ||||
-rw-r--r-- | conf/options/charon.opt | 8 | ||||
-rw-r--r-- | conf/strongswan.conf.5.main | 17 |
5 files changed, 42 insertions, 0 deletions
diff --git a/conf/options/charon-logging.conf b/conf/options/charon-logging.conf index c91421dea..454405985 100644 --- a/conf/options/charon-logging.conf +++ b/conf/options/charon-logging.conf @@ -25,6 +25,11 @@ charon { # numerical identifier for each IKE_SA. # ike_name = no + # Adds the milliseconds within the current second after the + # timestamp (separated by a dot, so time_format should end with %S + # or %T). + # time_add_ms = no + # Prefix each log entry with a timestamp. The option accepts a # format string as passed to strftime(3). # time_format = diff --git a/conf/options/charon-logging.opt b/conf/options/charon-logging.opt index b437a9cc3..2bbb5dce4 100644 --- a/conf/options/charon-logging.opt +++ b/conf/options/charon-logging.opt @@ -28,6 +28,10 @@ charon.filelog.<filename>.time_format Prefix each log entry with a timestamp. The option accepts a format string as passed to **strftime**(3). +charon.filelog.<filename>.time_add_ms = no + Adds the milliseconds within the current second after the timestamp + (separated by a dot, so _time_format_ should end with %S or %T). + charon.syslog {} Section to define syslog loggers, see LOGGER CONFIGURATION in **strongswan.conf**(5). diff --git a/conf/options/charon.conf b/conf/options/charon.conf index 5f27b08e3..b55d429a7 100644 --- a/conf/options/charon.conf +++ b/conf/options/charon.conf @@ -24,6 +24,10 @@ charon { # strength. # dh_exponent_ansi_x9_42 = yes + # Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal + # missing symbols immediately. + # dlopen_use_rtld_now = no + # DNS server assigned to peer via configuration payload (CP). # dns1 = @@ -123,6 +127,10 @@ charon { # Initiate IKEv2 reauthentication with a make-before-break scheme. # make_before_break = no + # Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about + # and track concurrently. + # max_ikev1_exchanges = 3 + # Maximum packet size accepted by charon. # max_packet = 10000 diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 5d137aee8..816f3250c 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -65,6 +65,10 @@ charon.dh_exponent_ansi_x9_42 = yes Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic strength. +charon.dlopen_use_rtld_now = no + Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal missing + symbols immediately. + charon.dns1 DNS server assigned to peer via configuration payload (CP). @@ -204,6 +208,10 @@ charon.load_modular = no plugin list is preserved. Enabled plugins not found in that list are ordered alphabetically before other plugins with the same priority. +charon.max_ikev1_exchanges = 3 + Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about and + track concurrently. + charon.max_packet = 10000 Maximum packet size accepted by charon. diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main index 559efcb4c..7fc421c60 100644 --- a/conf/strongswan.conf.5.main +++ b/conf/strongswan.conf.5.main @@ -102,6 +102,11 @@ Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic strength. .TP +.BR charon.dlopen_use_rtld_now " [no]" +Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal missing +symbols immediately. + +.TP .BR charon.dns1 " []" DNS server assigned to peer via configuration payload (CP). @@ -152,6 +157,13 @@ Prefix each log entry with the connection name and a unique numerical identifier for each IKE_SA. .TP +.BR charon.filelog.<filename>.time_add_ms " [no]" +Adds the milliseconds within the current second after the timestamp (separated +by a dot, so +.RI "" "time_format" "" +should end with %S or %T). + +.TP .BR charon.filelog.<filename>.time_format " []" Prefix each log entry with a timestamp. The option accepts a format string as passed to @@ -344,6 +356,11 @@ reauthentication, but requires support for overlapping SAs by the peer. strongSwan can handle such overlapping SAs since version 5.3.0. .TP +.BR charon.max_ikev1_exchanges " [3]" +Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about and +track concurrently. + +.TP .BR charon.max_packet " [10000]" Maximum packet size accepted by charon. |