From d04d8d0fc49ba1498b360fbc6d211c1e09e2afdb Mon Sep 17 00:00:00 2001 From: venaas Date: Tue, 4 Nov 2008 16:10:10 +0000 Subject: updated docs git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@433 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- radsecproxy.conf.5.xml | 48 +++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 7 deletions(-) (limited to 'radsecproxy.conf.5.xml') diff --git a/radsecproxy.conf.5.xml b/radsecproxy.conf.5.xml index 41f29be..3afaf3d 100644 --- a/radsecproxy.conf.5.xml +++ b/radsecproxy.conf.5.xml @@ -2,14 +2,14 @@ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> - 2008-10-16 + 2008-11-05 radsecproxy.conf 5 - radsecproxy devel 2008-10-16 + radsecproxy devel 2008-11-05 @@ -255,6 +255,31 @@ will use for DTLS connections. + + TTLAttribute + + +This can be used to change the default TTL attribute. Only change this if +you know what you are doing. The syntax is either a numerical value +denoting the TTL attribute, or two numerical values separated by column +specifying a vendor attribute, i.e. vendorid:attribute. + + + + + addTTL + + +If a TTL attribute is present, the proxy will decrement the value and +discard the message if zero. Normally the proxy does nothing if no TTL +attribute is present. If you use the addTTL option with a value 1-255, +the proxy will when forwarding a message with no TTL attribute, add one +with the specified value. Note that this option can also be specified +for a client/server. It will then override this setting when forwarding +a message to that client/server. + + + loopPrevention @@ -333,9 +358,10 @@ The allowed options in a client block are host, type, secret, tls, certificateNameCheck, matchCertificateAttribute, -duplicateInterval, rewrite, -rewriteIn, rewriteOut and -rewriteAttribute. We already discussed the +duplicateInterval, addTTL, +rewrite, rewriteIn, +rewriteOut and rewriteAttribute. +We already discussed the host option. The value of type must be one of udp, tcp, tls or dtls. The value of secret is the @@ -375,6 +401,12 @@ ignore the new request (if it is still processing the previous one), or returned a copy of the previous reply. +The addTTL option is similar to the +addTTL option used in the basic config. See that for +details. Any value configured here overrides the basic one when sending +messages to this client. + + The rewrite option is deprecated. Use rewriteIn instead. @@ -433,7 +465,8 @@ administrator. The allowed options in a server block are host, port, type, secret, tls, certificateNameCheck, -matchCertificateAttribute, rewrite, +matchCertificateAttribute, addTTL, +rewrite, rewriteIn, rewriteOut, statusServer, retryCount, retryInterval and dynamicLookupCommand. @@ -443,7 +476,8 @@ We already discussed the host option. The port option allows you to specify which port number the server uses. The usage of type, secret, tls, certificateNameCheck, -matchCertificateAttribute, rewrite, +matchCertificateAttribute, addTTL, +rewrite, rewriteIn and rewriteOut are just as specified for the client block above, except that defaultServer (and not defaultClient) -- cgit v1.2.3