From: Martin Willi <martin@revosec.ch>
Date: Tue, 17 Jun 2014 14:48:25 +0000 (+0200)
Subject: swanctl: Document replay_window option
X-Git-Tag: 5.2.0rc1~49^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b7725f3b0167645b8b35b7fe5f2b26f86e47e33;p=thirdparty%2Fstrongswan.git

swanctl: Document replay_window option
---

diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index 73907b6ce1..40265d0f96 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -629,6 +629,13 @@ connections.<conn>.children.<child>.tfc_padding = 0
 	The default value of 0 disables TFC padding, the special value _mtu_ adds
 	TFC padding to create a packet size equal to the Path Maximum Transfer Unit.
 
+connections.<conn>.children.<child>.replay_window = 32
+	IPsec replay window to configure for this CHILD_SA.
+
+	IPsec replay window to configure for this CHILD_SA. Larger values than the
+	default of 32 are supported using the Netlink backend only, a value of 0
+	disables IPsec replay protection.
+
 connections.<conn>.children.<child>.start_action = none
 	Action to perform after loading the configuration (_none_, _trap_, _start_).