X-Git-Url: http://git.sameswireless.fr/l2tpns.git/blobdiff_plain/3057f5e655405b7ba84a559213a1dbaaa3eaaab6..211cb9427c7f78f59928d7f850721e7d0dfbf271:/Docs/manual.html?ds=sidebyside diff --git a/Docs/manual.html b/Docs/manual.html index 13748a9..3d1adf9 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -191,14 +191,6 @@ user, both a primary and a secondary. If either is set to 0.0.0.0, then that one will not be sent. </LI> -<LI><B>save_state</B> (boolean)<BR> -When l2tpns receives a STGTERM it will write out its current -ip_address_pool, session and tunnel tables to disk prior to exiting to -be re-loaded at startup. The validity of this data is obviously quite -short and the intent is to allow an sessions to be retained over a -software upgrade. -</LI> - <LI><B>primary_radius</B> (ip address) <LI><B>secondary_radius</B> (ip address)<BR> Sets the RADIUS servers used for both authentication and accounting. @@ -307,6 +299,13 @@ Keep all pages mapped by the l2tpns process in memory. Maximum number of host unreachable ICMP packets to send per second. </LI> +<LI><B>packet_limit</B> (int><BR> +Maximum number of packets of downstream traffic to be handled each +tenth of a second per session. If zero, no limit is applied (default: +0). Intended as a DoS prevention mechanism and not a general +throttling control (packets are dropped, not queued). +</LI> + <LI><B>cluster_address</B> (ip address)<BR> Multicast cluster address (default: 239.192.13.13). See the section on <A HREF="#Clustering">Clustering</A> for more information. @@ -360,23 +359,25 @@ define the body of the access-list. Standard access-list syntax: Extended access-lists: -<DL> - <DD>{<B>permit</B>|<B>deny</B>} <B>ip</B> +<DIV STYLE="margin-left: 4em; text-indent: -2em"> + <P>{<B>permit</B>|<B>deny</B>} <B>ip</B> {<I>host</I>|<I>source source-wildcard</I>|<B>any</B>} - {<I>host</I>|<I>destination destination-wildcard</I>|<B>any</B>} - <DD>{<B>permit</B>|<B>deny</B>} <B>udp</B> + {<I>host</I>|<I>destination destination-wildcard</I>|<B>any</B>} [<B>fragments</B>] + <P>{<B>permit</B>|<B>deny</B>} <B>udp</B> {<I>host</I>|<I>source source-wildcard</I>|<B>any</B>} [{<B>eq</B>|<B>neq</B>|<B>gt</B>|<B>lt</B>} <I>port</I>|<B>range</B> <I>from</I> <I>to</I>] {<I>host</I>|<I>destination destination-wildcard</I>|<B>any</B>} [{<B>eq</B>|<B>neq</B>|<B>gt</B>|<B>lt</B>} <I>port</I>|<B>range</B> <I>from</I> <I>to</I>] - <DD>{<B>permit</B>|<B>deny</B>} <B>tcp</B> + [<B>fragments</B>] + <P>{<B>permit</B>|<B>deny</B>} <B>tcp</B> {<I>host</I>|<I>source source-wildcard</I>|<B>any</B>} [{<B>eq</B>|<B>neq</B>|<B>gt</B>|<B>lt</B>} <I>port</I>|<B>range</B> <I>from</I> <I>to</I>] {<I>host</I>|<I>destination destination-wildcard</I>|<B>any</B>} [{<B>eq</B>|<B>neq</B>|<B>gt</B>|<B>lt</B>} <I>port</I>|<B>range</B> <I>from</I> <I>to</I>] [{<B>established</B>|{<B>match-any</B>|<B>match-all</B>} - {<B>+</B>|<B>-</B>}{<B>fin</B>|<B>syn</B>|<B>rst</B>|<B>psh</B>|<B>ack</B>|<B>urg</B>} ...] -</DL> + {<B>+</B>|<B>-</B>}{<B>fin</B>|<B>syn</B>|<B>rst</B>|<B>psh</B>|<B>ack</B>|<B>urg</B>} + ...|<B>fragments</B>] +</DIV> <H3 ID="users">users</H3> @@ -683,14 +684,10 @@ killall -HUP l2tpns The signals understood are: <UL> -<LI>SIGHUP - Reload the config from disk and re-open log file<P></LI> -<LI>SIGTERM / SIGINT - Shut down for a restart. This will dump the current -state to disk (if <EM>save_state</EM> is set to true). Upon restart, the -process will read this saved state to resume active sessions.<P> +<LI>SIGHUP - Reload the config from disk and re-open log file</LI> +<LI>SIGTERM / SIGINT - Shut down.</LI> <LI>SIGQUIT - Shut down cleanly. This will send a disconnect message for -every active session and tunnel before shutting down. This is a good idea -when upgrading the code, as no sessions will be left with the remote end -thinking they are open.</LI> +every active session and tunnel before shutting down.</LI> </UL> <H2 ID="Throttling">Throttling</H2>