From: Tobias Brunner Date: Mon, 29 Apr 2019 15:37:30 +0000 (+0200) Subject: swanctl: Move documentation of if_id_in/out after all mark-related options X-Git-Tag: 5.8.0rc1~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b31bff125c26b6fbac284d8891facded50a48ff0;p=thirdparty%2Fstrongswan.git swanctl: Move documentation of if_id_in/out after all mark-related options Also fix a typo. --- diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 6765e9d411..3cda11cddd 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -305,7 +305,7 @@ connections..if_id_out = 0 Default outbound XFRM interface ID for children. XFRM interface ID set on outbound policies/SA, can be overridden by child - cofnig, see there for details. + config, see there for details. connections..mediation = no Whether this connection is a mediation connection. @@ -943,26 +943,6 @@ connections..children..mark_out = 0/0x00000000 An additional mask may be appended to the mark, separated by _/_. The default mask if omitted is 0xffffffff. -connections..children..if_id_in = 0 - Inbound XFRM interface ID. - - XFRM interface ID set on inbound policies/SA. This allows installing - duplicate policies/SAs and associates them with an interface with the same - ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA - instance, beyond that the value _%unique-dir_ assigns a different unique - interface ID for each CHILD_SA direction (in/out). - -connections..children..if_id_out = 0 - Outbound XFRM interface ID. - - XFRM interface ID set on outbound policies/SA. This allows installing - duplicate policies/SAs and associates them with an interface with the same - ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA - instance, beyond that the value _%unique-dir_ assigns a different unique - interface ID for each CHILD_SA direction (in/out). - - The daemon will not install routes for CHILD_SAs that have this option set. - connections..children..set_mark_in = 0/0x00000000 Netfilter mark applied to packets after the inbound IPsec SA processed them. @@ -994,6 +974,26 @@ connections..children..set_mark_out = 0/0x00000000 Setting marks in XFRM output is supported since Linux 4.14. Setting a mask requires at least Linux 4.19. +connections..children..if_id_in = 0 + Inbound XFRM interface ID. + + XFRM interface ID set on inbound policies/SA. This allows installing + duplicate policies/SAs and associates them with an interface with the same + ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA + instance, beyond that the value _%unique-dir_ assigns a different unique + interface ID for each CHILD_SA direction (in/out). + +connections..children..if_id_out = 0 + Outbound XFRM interface ID. + + XFRM interface ID set on outbound policies/SA. This allows installing + duplicate policies/SAs and associates them with an interface with the same + ID. The special value _%unique_ sets a unique interface ID on each CHILD_SA + instance, beyond that the value _%unique-dir_ assigns a different unique + interface ID for each CHILD_SA direction (in/out). + + The daemon will not install routes for CHILD_SAs that have this option set. + connections..children..tfc_padding = 0 Traffic Flow Confidentiality padding.