Annotation of embedaddon/strongswan/conf/plugins/kernel-netlink.conf, revision 1.1.1.1

1.1       misho       1: kernel-netlink {
                      2: 
                      3:     # Buffer size for received Netlink messages.
                      4:     # buflen = <min(PAGE_SIZE, 8192)>
                      5: 
                      6:     # Force maximum Netlink receive buffer on Netlink socket.
                      7:     # force_receive_buffer_size = no
                      8: 
                      9:     # Firewall mark to set on the routing rule that directs traffic to our
                     10:     # routing table.
                     11:     # fwmark =
                     12: 
                     13:     # Interface to be used to find hardware offload feature flag on.
                     14:     # hw_offload_feature_interface = lo
                     15: 
                     16:     # Whether to ignore errors potentially resulting from a retransmission.
                     17:     # ignore_retransmit_errors = no
                     18: 
                     19:     # Whether to load the plugin. Can also be an integer to increase the
                     20:     # priority of this plugin.
                     21:     load = yes
                     22: 
                     23:     # MSS to set on installed routes, 0 to disable.
                     24:     # mss = 0
                     25: 
                     26:     # MTU to set on installed routes, 0 to disable.
                     27:     # mtu = 0
                     28: 
                     29:     # Whether to perform concurrent Netlink ROUTE queries on a single socket.
                     30:     # parallel_route = no
                     31: 
                     32:     # Whether to perform concurrent Netlink XFRM queries on a single socket.
                     33:     # parallel_xfrm = no
                     34: 
                     35:     # Whether to always use XFRM_MSG_UPDPOLICY to install policies.
                     36:     # policy_update = no
                     37: 
                     38:     # Whether to use port or socket based IKE XFRM bypass policies.
                     39:     # port_bypass = no
                     40: 
                     41:     # Whether to process changes in routing rules to trigger roam events.
                     42:     # process_rules = no
                     43: 
                     44:     # Maximum Netlink socket receive buffer in bytes.
                     45:     # receive_buffer_size = 0
                     46: 
                     47:     # Number of Netlink message retransmissions to send on timeout.
                     48:     # retries = 0
                     49: 
                     50:     # Whether to trigger roam events when interfaces, addresses or routes
                     51:     # change.
                     52:     # roam_events = yes
                     53: 
                     54:     # Whether to set protocol and ports in the selector installed on transport
                     55:     # mode IPsec SAs in the kernel.
                     56:     # set_proto_port_transport_sa = no
                     57: 
                     58:     # Netlink message retransmission timeout, 0 to disable retransmissions.
                     59:     # timeout = 0
                     60: 
                     61:     # Lifetime of XFRM acquire state and allocated SPIs in kernel.
                     62:     # xfrm_acq_expires = 165
                     63: 
                     64:     # XFRM policy hashing threshold configuration for IPv4 and IPv6.
                     65:     spdh_thresh {
                     66: 
                     67:         ipv4 {
                     68: 
                     69:             # Local subnet XFRM policy hashing threshold for IPv4.
                     70:             # lbits = 32
                     71: 
                     72:             # Remote subnet XFRM policy hashing threshold for IPv4.
                     73:             # rbits = 32
                     74: 
                     75:         }
                     76: 
                     77:         ipv6 {
                     78: 
                     79:             # Local subnet XFRM policy hashing threshold for IPv6.
                     80:             # lbits = 128
                     81: 
                     82:             # Remote subnet XFRM policy hashing threshold for IPv6.
                     83:             # rbits = 128
                     84: 
                     85:         }
                     86: 
                     87:     }
                     88: 
                     89: }
                     90: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>