From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 23 Mar 2017 16:29:47 +0000 (+0100)
Subject: conf: Document recommended lower limit for SPIs
X-Git-Tag: 5.5.2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db12675ec45c9c9bfe5b6ae000a38c76bdf6aad5;p=thirdparty%2Fstrongswan.git

conf: Document recommended lower limit for SPIs
---

diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 493d73f16e..4c4311e81b 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -353,6 +353,10 @@ charon.signature_authentication_constraints = yes
 charon.spi_min = 0xc0000000
 	The lower limit for SPIs requested from the kernel for IPsec SAs.
 
+	The lower limit for SPIs requested from the kernel for IPsec SAs. Should not
+	be set lower than 0x00000100 (256), as SPIs between 1 and 255 are reserved
+	by IANA.
+
 charon.spi_max = 0xcfffffff
 	The upper limit for SPIs requested from the kernel for IPsec SAs.