From d04d8d0fc49ba1498b360fbc6d211c1e09e2afdb Mon Sep 17 00:00:00 2001 From: venaas Date: Tue, 4 Nov 2008 16:10:10 +0000 Subject: updated docs git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@433 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- radsecproxy.conf.5 | 35 +++++++++++++++++++++++++++++------ radsecproxy.conf.5.xml | 48 +++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 70 insertions(+), 13 deletions(-) diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5 index 315ccf2..98f4579 100644 --- a/radsecproxy.conf.5 +++ b/radsecproxy.conf.5 @@ -5,7 +5,7 @@ \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac -.TH "radsecproxy.conf " 5 2008-10-16 "radsecproxy devel 2008-10-16" "" +.TH "radsecproxy.conf " 5 2008-11-05 "radsecproxy devel 2008-11-05" "" .SH NAME radsecproxy.conf \- Radsec proxy configuration file @@ -171,6 +171,21 @@ will use for TLS connections. This can be used to specify source address and/or source port that the proxy will use for DTLS connections. .TP +\*(T +This can be used to change the default TTL attribute. Only change this if +you know what you are doing. The syntax is either a numerical value +denoting the TTL attribute, or two numerical values separated by column +specifying a vendor attribute, i.e. \*(T. +.TP +\*(T +If a TTL attribute is present, the proxy will decrement the value and +discard the message if zero. Normally the proxy does nothing if no TTL +attribute is present. If you use the addTTL option with a value 1-255, +the proxy will when forwarding a message with no TTL attribute, add one +with the specified value. Note that this option can also be specified +for a client/server. It will then override this setting when forwarding +a message to that client/server. +.TP \*(T This can be set to \*(T or \*(T with \*(T being the default. When this is enabled, a request @@ -225,9 +240,10 @@ The allowed options in a client block are \*(T, \*(T, \*(T, \*(T, \*(T, \*(T, -\*(T, \*(T, -\*(T, \*(T and -\*(T. We already discussed the +\*(T, \*(T, +\*(T, \*(T, +\*(T and \*(T. +We already discussed the \*(T option. The value of \*(T must be one of \*(T, \*(T, \*(T or \*(T. The value of \*(T is the @@ -262,6 +278,11 @@ from the same client, with the same authenticator etc. The proxy will then ignore the new request (if it is still processing the previous one), or returned a copy of the previous reply. .PP +The \*(T option is similar to the +\*(T option used in the basic config. See that for +details. Any value configured here overrides the basic one when sending +messages to this client. +.PP The \*(T option is deprecated. Use \*(T instead. .PP @@ -309,7 +330,8 @@ administrator. The allowed options in a server block are \*(T, \*(T, \*(T, \*(T, \*(T, \*(T, -\*(T, \*(T, +\*(T, \*(T, +\*(T, \*(T, \*(T, \*(T, \*(T, \*(T and \*(T. @@ -318,7 +340,8 @@ We already discussed the \*(T option. The \*(T option allows you to specify which port number the server uses. The usage of \*(T, \*(T, \*(T, \*(T, -\*(T, \*(T, +\*(T, \*(T, +\*(T, \*(T and \*(T are just as specified for the \*(T above, except that \*(T (and not \*(T) diff --git a/radsecproxy.conf.5.xml b/radsecproxy.conf.5.xml index 41f29be..3afaf3d 100644 --- a/radsecproxy.conf.5.xml +++ b/radsecproxy.conf.5.xml @@ -2,14 +2,14 @@ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - 2008-10-16 + 2008-11-05 radsecproxy.conf 5 - radsecproxy devel 2008-10-16 + radsecproxy devel 2008-11-05 @@ -256,6 +256,31 @@ will use for DTLS connections. + TTLAttribute + + +This can be used to change the default TTL attribute. Only change this if +you know what you are doing. The syntax is either a numerical value +denoting the TTL attribute, or two numerical values separated by column +specifying a vendor attribute, i.e. vendorid:attribute. + + + + + addTTL + + +If a TTL attribute is present, the proxy will decrement the value and +discard the message if zero. Normally the proxy does nothing if no TTL +attribute is present. If you use the addTTL option with a value 1-255, +the proxy will when forwarding a message with no TTL attribute, add one +with the specified value. Note that this option can also be specified +for a client/server. It will then override this setting when forwarding +a message to that client/server. + + + + loopPrevention @@ -333,9 +358,10 @@ The allowed options in a client block are host, type, secret, tls, certificateNameCheck, matchCertificateAttribute, -duplicateInterval, rewrite, -rewriteIn, rewriteOut and -rewriteAttribute. We already discussed the +duplicateInterval, addTTL, +rewrite, rewriteIn, +rewriteOut and rewriteAttribute. +We already discussed the host option. The value of type must be one of udp, tcp, tls or dtls. The value of secret is the @@ -375,6 +401,12 @@ ignore the new request (if it is still processing the previous one), or returned a copy of the previous reply. +The addTTL option is similar to the +addTTL option used in the basic config. See that for +details. Any value configured here overrides the basic one when sending +messages to this client. + + The rewrite option is deprecated. Use rewriteIn instead. @@ -433,7 +465,8 @@ administrator. The allowed options in a server block are host, port, type, secret, tls, certificateNameCheck, -matchCertificateAttribute, rewrite, +matchCertificateAttribute, addTTL, +rewrite, rewriteIn, rewriteOut, statusServer, retryCount, retryInterval and dynamicLookupCommand. @@ -443,7 +476,8 @@ We already discussed the host option. The port option allows you to specify which port number the server uses. The usage of type, secret, tls, certificateNameCheck, -matchCertificateAttribute, rewrite, +matchCertificateAttribute, addTTL, +rewrite, rewriteIn and rewriteOut are just as specified for the client block above, except that defaultServer (and not defaultClient) -- cgit v1.1