summaryrefslogtreecommitdiff
path: root/conf
diff options
context:
space:
mode:
Diffstat (limited to 'conf')
-rw-r--r--conf/options/charon-logging.conf5
-rw-r--r--conf/options/charon-logging.opt4
-rw-r--r--conf/options/charon.conf8
-rw-r--r--conf/options/charon.opt8
-rw-r--r--conf/strongswan.conf.5.main17
5 files changed, 42 insertions, 0 deletions
diff --git a/conf/options/charon-logging.conf b/conf/options/charon-logging.conf
index c91421dea..454405985 100644
--- a/conf/options/charon-logging.conf
+++ b/conf/options/charon-logging.conf
@@ -25,6 +25,11 @@ charon {
# numerical identifier for each IKE_SA.
# ike_name = no
+ # Adds the milliseconds within the current second after the
+ # timestamp (separated by a dot, so time_format should end with %S
+ # or %T).
+ # time_add_ms = no
+
# Prefix each log entry with a timestamp. The option accepts a
# format string as passed to strftime(3).
# time_format =
diff --git a/conf/options/charon-logging.opt b/conf/options/charon-logging.opt
index b437a9cc3..2bbb5dce4 100644
--- a/conf/options/charon-logging.opt
+++ b/conf/options/charon-logging.opt
@@ -28,6 +28,10 @@ charon.filelog.<filename>.time_format
Prefix each log entry with a timestamp. The option accepts a format string
as passed to **strftime**(3).
+charon.filelog.<filename>.time_add_ms = no
+ Adds the milliseconds within the current second after the timestamp
+ (separated by a dot, so _time_format_ should end with %S or %T).
+
charon.syslog {}
Section to define syslog loggers, see LOGGER CONFIGURATION in
**strongswan.conf**(5).
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 5f27b08e3..b55d429a7 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -24,6 +24,10 @@ charon {
# strength.
# dh_exponent_ansi_x9_42 = yes
+ # Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal
+ # missing symbols immediately.
+ # dlopen_use_rtld_now = no
+
# DNS server assigned to peer via configuration payload (CP).
# dns1 =
@@ -123,6 +127,10 @@ charon {
# Initiate IKEv2 reauthentication with a make-before-break scheme.
# make_before_break = no
+ # Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about
+ # and track concurrently.
+ # max_ikev1_exchanges = 3
+
# Maximum packet size accepted by charon.
# max_packet = 10000
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 5d137aee8..816f3250c 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -65,6 +65,10 @@ charon.dh_exponent_ansi_x9_42 = yes
Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
strength.
+charon.dlopen_use_rtld_now = no
+ Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal missing
+ symbols immediately.
+
charon.dns1
DNS server assigned to peer via configuration payload (CP).
@@ -204,6 +208,10 @@ charon.load_modular = no
plugin list is preserved. Enabled plugins not found in that list are ordered
alphabetically before other plugins with the same priority.
+charon.max_ikev1_exchanges = 3
+ Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about and
+ track concurrently.
+
charon.max_packet = 10000
Maximum packet size accepted by charon.
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index 559efcb4c..7fc421c60 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -102,6 +102,11 @@ Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
strength.
.TP
+.BR charon.dlopen_use_rtld_now " [no]"
+Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal missing
+symbols immediately.
+
+.TP
.BR charon.dns1 " []"
DNS server assigned to peer via configuration payload (CP).
@@ -152,6 +157,13 @@ Prefix each log entry with the connection name and a unique numerical identifier
for each IKE_SA.
.TP
+.BR charon.filelog.<filename>.time_add_ms " [no]"
+Adds the milliseconds within the current second after the timestamp (separated
+by a dot, so
+.RI "" "time_format" ""
+should end with %S or %T).
+
+.TP
.BR charon.filelog.<filename>.time_format " []"
Prefix each log entry with a timestamp. The option accepts a format string as
passed to
@@ -344,6 +356,11 @@ reauthentication, but requires support for overlapping SAs by the peer.
strongSwan can handle such overlapping SAs since version 5.3.0.
.TP
+.BR charon.max_ikev1_exchanges " [3]"
+Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about and
+track concurrently.
+
+.TP
.BR charon.max_packet " [10000]"
Maximum packet size accepted by charon.