Merge branch 'number-formats'

Document the accepted number formats in swanctl.conf/strongswan.conf and clarify some details for specific options. Closes strongswan/strongswan#1329
2025-10-04 00:00:14 -04:00 · 2022-11-10 16:53:50 +01:00 · 2022-11-10 16:53:50 +01:00 · 4dd3d0e57b
commit 4dd3d0e57b
parent af71f14ba3 c1c85b0fd1
5 changed files with 38 additions and 16 deletions
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@ -392,7 +392,7 @@ charon.retransmit_jitter = 0
 charon.retransmit_limit = 0
 	Upper limit in seconds for calculated retransmission timeout (0 to disable).
-charon.retry_initiate_interval = 0
+charon.retry_initiate_interval = 0s
 	Interval in seconds to use when retrying to initiate an IKE_SA (e.g. if DNS
 	resolution failed), 0 to disable retries.
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@ -5,7 +5,7 @@ charon.plugins.eap-radius.accounting_close_on_timeout = yes
 	Close the IKE_SA if there is a timeout during interim RADIUS accounting
 	updates.
-charon.plugins.eap-radius.accounting_interval = 0
+charon.plugins.eap-radius.accounting_interval = 0s
 	Interval in seconds for interim RADIUS accounting updates, if not specified
 	by the RADIUS server in the Access-Accept message.
--- a/conf/strongswan.conf.5.head.in
+++ b/conf/strongswan.conf.5.head.in
@ -59,6 +59,27 @@ An example file in this format might look like this:
 .PP
 Indentation is optional, you may use tabs or spaces.
 .SH NUMBER FORMATS
 Options that define an integer value can be specified as decimal (the default)
 or hexadecimal ("0x" prefix, upper- or lowercase letters are accepted).
 Locale-dependent strings (e.g. the thousands separator of the current locale)
 may also be accepted in locales other than "C".
 .PP
 Options that define a floating-point value can be specified as decimal (the
 default) or hexadecimal ("0x" prefix, upper- or lowercase letters are accepted).
 The radix character (decimal separator) in either case is locale-dependent,
 usually ".".
 .SH TIME FORMATS
 Unless stated otherwise, options that define a time are specified in seconds.
 The "s", "m", "h" and "d" suffixes may be used to automatically convert values
 given in seconds, minutes, hours or days (for instance, instead of configuring
 a rekey time of 4 hours as "14400" seconds, "4h" may be used).
 .PP
 There are some global options that don't accept these suffixes as they are
 configured as integer values in seconds or milliseconds, or even as
 floating-point numbers (e.g. the retransmission timeout). Options that accept
 the suffixes have a corresponding default value.
 .SH REFERENCING OTHER SECTIONS
 It is possible to inherit settings and sections from another section. This
--- a/src/swanctl/swanctl.conf.5.head.in
+++ b/src/swanctl/swanctl.conf.5.head.in
@ -6,20 +6,11 @@ swanctl.conf is the configuration file used by the
 .BR swanctl (8)
 tool to load configurations and credentials into the strongSwan IKE daemon.
-For a description of the basic file syntax, including how to reference sections
+For a description of the basic file syntax, including numer/time formats, or how
-or split the configuration in multiple files by including other files, refer to
+to reference sections or split the configuration in multiple files by including
 other files, refer to
 .BR strongswan.conf (5).
 .SH TIME FORMATS
 For all options that define a time, the time is specified in seconds. The
 .RI "" "s" ","
 .RI "" "m" ","
 .RI "" "h" ""
 and
 .RI "" "d" ""
 suffixes explicitly define the units for seconds, minutes, hours and days,
 respectively.
 .SH SETTINGS
 The following settings can be used to configure connections, credentials and
 pools.
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@ -301,12 +301,22 @@ connections.<conn>.if_id_in = 0
 	XFRM interface ID set on inbound policies/SA, can be overridden by child
 	config, see there for details.
 	The special value _%unique_ allocates a unique interface ID per IKE_SA,
 	which is inherited by all its CHILD_SAs (unless overriden there), beyond
 	that the value _%unique-dir_ assigns a different unique interface ID for
 	each direction (in/out).
 connections.<conn>.if_id_out = 0
 	Default outbound XFRM interface ID for children.
 	XFRM interface ID set on outbound policies/SA, can be overridden by child
 	config, see there for details.
 	The special value _%unique_ allocates a unique interface ID per IKE_SA,
 	which is inherited by all its CHILD_SAs (unless overriden there), beyond
 	that the value _%unique-dir_ assigns a different unique interface ID for
 	each direction (in/out).
 connections.<conn>.mediation = no
 	Whether this connection is a mediation connection.
@ -992,7 +1002,7 @@ connections.<conn>.children.<child>.set_mark_out = 0/0x00000000
 	requires at least Linux 4.19.
 connections.<conn>.children.<child>.if_id_in = 0
-	Inbound XFRM interface ID.
+	Inbound XFRM interface ID (32-bit unsigned integer).
 	XFRM interface ID set on inbound policies/SA. This allows installing
 	duplicate policies/SAs and associates them with an interface with the same
@ -1001,7 +1011,7 @@ connections.<conn>.children.<child>.if_id_in = 0
 	interface ID for each CHILD_SA direction (in/out).
 connections.<conn>.children.<child>.if_id_out = 0
-	Outbound XFRM interface ID.
+	Outbound XFRM interface ID (32-bit unsigned integer).
 	XFRM interface ID set on outbound policies/SA. This allows installing
 	duplicate policies/SAs and associates them with an interface with the same