diff options
| -rw-r--r-- | radsecproxy.conf.5 | 35 | ||||
| -rw-r--r-- | radsecproxy.conf.5.xml | 48 | 
2 files changed, 70 insertions, 13 deletions
| diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5 index 315ccf2..98f4579 100644 --- a/radsecproxy.conf.5 +++ b/radsecproxy.conf.5 @@ -5,7 +5,7 @@  \\$2 \(la\\$1\(ra\\$3  ..  .if \n(.g .mso www.tmac -.TH "radsecproxy.conf " 5 2008-10-16 "radsecproxy devel 2008-10-16" "" +.TH "radsecproxy.conf " 5 2008-11-05 "radsecproxy devel 2008-11-05" ""  .SH NAME  radsecproxy.conf  \- Radsec proxy configuration file  @@ -171,6 +171,21 @@ will use for TLS connections.  This can be used to specify source address and/or source port that the proxy  will use for DTLS connections.  .TP  +\*(T<TTLAttribute\*(T> +This can be used to change the default TTL attribute. Only change this if +you know what you are doing. The syntax is either a numerical value +denoting the TTL attribute, or two numerical values separated by column +specifying a vendor attribute, i.e. \*(T<vendorid:attribute\*(T>. +.TP  +\*(T<addTTL\*(T> +If a TTL attribute is present, the proxy will decrement the value and +discard the message if zero. Normally the proxy does nothing if no TTL +attribute is present. If you use the addTTL option with a value 1-255, +the proxy will when forwarding a message with no TTL attribute, add one +with the specified value. Note that this option can also be specified +for a client/server. It will then override this setting when forwarding +a message to that client/server. +.TP   \*(T<loopPrevention\*(T>  This can be set to \*(T<on\*(T> or \*(T<off\*(T> with  \*(T<off\*(T> being the default. When this is enabled, a request @@ -225,9 +240,10 @@ The allowed options in a client block are \*(T<host\*(T>,  \*(T<type\*(T>, \*(T<secret\*(T>, \*(T<tls\*(T>,  \*(T<certificateNameCheck\*(T>,  \*(T<matchCertificateAttribute\*(T>, -\*(T<duplicateInterval\*(T>, \*(T<rewrite\*(T>, -\*(T<rewriteIn\*(T>, \*(T<rewriteOut\*(T> and -\*(T<rewriteAttribute\*(T>. We already discussed the +\*(T<duplicateInterval\*(T>, \*(T<addTTL\*(T>, +\*(T<rewrite\*(T>, \*(T<rewriteIn\*(T>, +\*(T<rewriteOut\*(T> and \*(T<rewriteAttribute\*(T>. +We already discussed the  \*(T<host\*(T> option. The value of \*(T<type\*(T> must be  one of \*(T<udp\*(T>, \*(T<tcp\*(T>, \*(T<tls\*(T>  or \*(T<dtls\*(T>. The value of \*(T<secret\*(T> is the @@ -262,6 +278,11 @@ from the same client, with the same authenticator etc. The proxy will then  ignore the new request (if it is still processing the previous one), or  returned a copy of the previous reply.  .PP +The \*(T<addTTL\*(T> option is similar to the +\*(T<addTTL\*(T> option used in the basic config. See that for +details. Any value configured here overrides the basic one when sending +messages to this client. +.PP  The \*(T<rewrite\*(T> option is deprecated. Use  \*(T<rewriteIn\*(T> instead.  .PP @@ -309,7 +330,8 @@ administrator.  The allowed options in a server block are \*(T<host\*(T>,  \*(T<port\*(T>, \*(T<type\*(T>, \*(T<secret\*(T>,  \*(T<tls\*(T>, \*(T<certificateNameCheck\*(T>, -\*(T<matchCertificateAttribute\*(T>, \*(T<rewrite\*(T>, +\*(T<matchCertificateAttribute\*(T>, \*(T<addTTL\*(T>, +\*(T<rewrite\*(T>,  \*(T<rewriteIn\*(T>, \*(T<rewriteOut\*(T>,  \*(T<statusServer\*(T>, \*(T<retryCount\*(T>,  \*(T<retryInterval\*(T> and \*(T<dynamicLookupCommand\*(T>. @@ -318,7 +340,8 @@ We already discussed the \*(T<host\*(T> option. The  \*(T<port\*(T> option allows you to specify which port number the  server uses. The usage of \*(T<type\*(T>, \*(T<secret\*(T>,  \*(T<tls\*(T>, \*(T<certificateNameCheck\*(T>, -\*(T<matchCertificateAttribute\*(T>, \*(T<rewrite\*(T>, +\*(T<matchCertificateAttribute\*(T>, \*(T<addTTL\*(T>, +\*(T<rewrite\*(T>,  \*(T<rewriteIn\*(T> and \*(T<rewriteOut\*(T> are just as  specified for the \*(T<client block\*(T> above, except that  \*(T<defaultServer\*(T> (and not \*(T<defaultClient\*(T>) diff --git a/radsecproxy.conf.5.xml b/radsecproxy.conf.5.xml index 41f29be..3afaf3d 100644 --- a/radsecproxy.conf.5.xml +++ b/radsecproxy.conf.5.xml @@ -2,14 +2,14 @@  "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">  <refentry>    <refentryinfo> -    <date>2008-10-16</date> +    <date>2008-11-05</date>    </refentryinfo>    <refmeta>      <refentrytitle>        <application>radsecproxy.conf</application>      </refentrytitle>      <manvolnum>5</manvolnum> -    <refmiscinfo>radsecproxy devel 2008-10-16</refmiscinfo> +    <refmiscinfo>radsecproxy devel 2008-11-05</refmiscinfo>    </refmeta>    <refnamediv>      <refname> @@ -256,6 +256,31 @@ will use for DTLS connections.          </listitem>        </varlistentry>        <varlistentry> +        <term><literal>TTLAttribute</literal></term> +        <listitem> +	  <para> +This can be used to change the default TTL attribute. Only change this if +you know what you are doing. The syntax is either a numerical value +denoting the TTL attribute, or two numerical values separated by column +specifying a vendor attribute, i.e. <literal>vendorid:attribute</literal>. +	  </para> +        </listitem> +      </varlistentry> +      <varlistentry> +        <term><literal>addTTL</literal></term> +        <listitem> +	  <para> +If a TTL attribute is present, the proxy will decrement the value and +discard the message if zero. Normally the proxy does nothing if no TTL +attribute is present. If you use the addTTL option with a value 1-255, +the proxy will when forwarding a message with no TTL attribute, add one +with the specified value. Note that this option can also be specified +for a client/server. It will then override this setting when forwarding +a message to that client/server. +	  </para> +        </listitem> +      </varlistentry> +      <varlistentry>          <term><literal>loopPrevention</literal></term>          <listitem>  	  <para> @@ -333,9 +358,10 @@ The allowed options in a client block are <literal>host</literal>,  <literal>type</literal>, <literal>secret</literal>, <literal>tls</literal>,  <literal>certificateNameCheck</literal>,  <literal>matchCertificateAttribute</literal>, -<literal>duplicateInterval</literal>, <literal>rewrite</literal>, -<literal>rewriteIn</literal>, <literal>rewriteOut</literal> and -<literal>rewriteAttribute</literal>. We already discussed the +<literal>duplicateInterval</literal>, <literal>addTTL</literal>, +<literal>rewrite</literal>, <literal>rewriteIn</literal>, +<literal>rewriteOut</literal> and <literal>rewriteAttribute</literal>. +We already discussed the  <literal>host</literal> option. The value of <literal>type</literal> must be  one of <literal>udp</literal>, <literal>tcp</literal>, <literal>tls</literal>  or <literal>dtls</literal>. The value of <literal>secret</literal> is the @@ -375,6 +401,12 @@ ignore the new request (if it is still processing the previous one), or  returned a copy of the previous reply.      </para>      <para> +The <literal>addTTL</literal> option is similar to the +<literal>addTTL</literal> option used in the basic config. See that for +details. Any value configured here overrides the basic one when sending +messages to this client. +    </para> +    <para>  The <literal>rewrite</literal> option is deprecated. Use  <literal>rewriteIn</literal> instead.      </para> @@ -433,7 +465,8 @@ administrator.  The allowed options in a server block are <literal>host</literal>,  <literal>port</literal>, <literal>type</literal>, <literal>secret</literal>,  <literal>tls</literal>, <literal>certificateNameCheck</literal>, -<literal>matchCertificateAttribute</literal>, <literal>rewrite</literal>, +<literal>matchCertificateAttribute</literal>, <literal>addTTL</literal>, +<literal>rewrite</literal>,  <literal>rewriteIn</literal>, <literal>rewriteOut</literal>,  <literal>statusServer</literal>, <literal>retryCount</literal>,  <literal>retryInterval</literal> and <literal>dynamicLookupCommand</literal>. @@ -443,7 +476,8 @@ We already discussed the <literal>host</literal> option. The  <literal>port</literal> option allows you to specify which port number the  server uses. The usage of <literal>type</literal>, <literal>secret</literal>,  <literal>tls</literal>, <literal>certificateNameCheck</literal>, -<literal>matchCertificateAttribute</literal>, <literal>rewrite</literal>, +<literal>matchCertificateAttribute</literal>, <literal>addTTL</literal>, +<literal>rewrite</literal>,  <literal>rewriteIn</literal> and <literal>rewriteOut</literal> are just as  specified for the <literal>client block</literal> above, except that  <literal>defaultServer</literal> (and not <literal>defaultClient</literal>) | 
