sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity
strongswan/conf/plugins/kernel-netlink.opt
Tobias Brunner 197de6e66b kernel-netlink: Use PAGE_SIZE as default size for the netlink receive buffer 
The kernel uses NLMSG_GOODSIZE as default buffer size, which defaults to
the PAGE_SIZE if it is lower than 8192 or to that value otherwise.

In some cases (e.g. for dump messages) the kernel might use up to 16k
for messages, which might require increasing this value.
2015-08-04 14:15:19 +02:00

69 lines
2.8 KiB
Plaintext
Raw Blame History

charon.plugins.kernel-netlink.buflen = <min(PAGE_SIZE, 8192)>
Buffer size for received Netlink messages.
charon.plugins.kernel-netlink.fwmark =
Firewall mark to set on the routing rule that directs traffic to our routing
table.
Firewall mark to set on the routing rule that directs traffic to our routing
table. The format is [!]mark[/mask], where the optional exclamation mark
inverts the meaning (i.e. the rule only applies to packets that don't match
the mark).
charon.plugins.kernel-netlink.mss = 0
MSS to set on installed routes, 0 to disable.
charon.plugins.kernel-netlink.mtu = 0
MTU to set on installed routes, 0 to disable.
charon.plugins.kernel-netlink.parallel_route = no
Whether to perform concurrent Netlink ROUTE queries on a single socket.
Whether to perform concurrent Netlink ROUTE queries on a single socket.
While parallel queries can improve throughput, it has more overhead. On
vanilla Linux, DUMP queries fail with EBUSY and must be retried, further
decreasing performance.
charon.plugins.kernel-netlink.parallel_xfrm = no
Whether to perform concurrent Netlink XFRM queries on a single socket.
charon.plugins.kernel-netlink.policy_update = no
Whether to always use XFRM_MSG_UPDPOLICY to install policies.
charon.plugins.kernel-netlink.port_bypass = no
Whether to use port or socket based IKE XFRM bypass policies.
Whether to use port or socket based IKE XFRM bypass policies.
IKE bypass policies are used to exempt IKE traffic from XFRM processing.
The default socket based policies are directly tied to the IKE UDP sockets,
port based policies use global XFRM bypass policies for the used IKE UDP
ports.
charon.plugins.kernel-netlink.roam_events = yes
Whether to trigger roam events when interfaces, addresses or routes change.
charon.plugins.kernel-netlink.set_proto_port_transport_sa = no
Whether to set protocol and ports in the selector installed on transport
mode IPsec SAs in the kernel.
Whether to set protocol and ports in the selector installed on transport
mode IPsec SAs in the kernel. While doing so enforces policies for inbound
traffic, it also prevents the use of a single IPsec SA by more than one
traffic selector.
charon.plugins.kernel-netlink.retries = 0
Number of Netlink message retransmissions to send on timeout.
charon.plugins.kernel-netlink.timeout = 0
Netlink message retransmission timeout, 0 to disable retransmissions.
charon.plugins.kernel-netlink.ignore_retransmit_errors = no
Whether to ignore errors potentially resulting from a retransmission.
charon.plugins.kernel-netlink.xfrm_acq_expires = 165
Lifetime of XFRM acquire state in kernel.
Lifetime of XFRM acquire state in kernel. The value gets written to
/proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM
acquire messages sent.
Reference in New Issue View Git Blame Copy Permalink