Mercurial > hg > freeDiameter
comparison doc/freediameter.conf.sample @ 1400:1409e693fa0f
Document IncomingQueueLimit, OutgoingQueueLimit, and LocalQueueLimit
author | Thomas Klausner <tk@giga.or.at> |
---|---|
date | Tue, 03 Dec 2019 18:18:59 +0100 |
parents | 239ba25870d8 |
children |
comparison
equal
deleted
inserted
replaced
1399:eff5bb332b5a | 1400:1409e693fa0f |
---|---|
3 # Most of the options can be omitted, as they default to reasonable values. | 3 # Most of the options can be omitted, as they default to reasonable values. |
4 # Only TLS-related options must be configured properly in usual setups. | 4 # Only TLS-related options must be configured properly in usual setups. |
5 | 5 |
6 # It is possible to use "include" keyword to import additional files | 6 # It is possible to use "include" keyword to import additional files |
7 # e.g.: include "/etc/freeDiameter.d/*.conf" | 7 # e.g.: include "/etc/freeDiameter.d/*.conf" |
8 # This is exactly equivalent as copy & paste the content of the included file(s) | 8 # This is exactly equivalent as copy & paste the content of the included file(s) |
9 # where the "include" keyword is found. | 9 # where the "include" keyword is found. |
10 | 10 |
11 | 11 |
12 ############################################################## | 12 ############################################################## |
13 ## Peer identity and realm | 13 ## Peer identity and realm |
14 | 14 |
15 # The Diameter Identity of this daemon. | 15 # The Diameter Identity of this daemon. |
16 # This must be a valid FQDN that resolves to the local host. | 16 # This must be a valid FQDN that resolves to the local host. |
17 # Default: hostname's FQDN | 17 # Default: hostname's FQDN |
18 #Identity = "aaa.koganei.freediameter.net"; | 18 #Identity = "aaa.koganei.freediameter.net"; |
32 # See TLS_old_method for more information about TLS flavours. | 32 # See TLS_old_method for more information about TLS flavours. |
33 # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. | 33 # Note: we use TLS/SCTP instead of DTLS/SCTP at the moment. This will change in future version of freeDiameter. |
34 # Default: 5868. Use 0 to disable. | 34 # Default: 5868. Use 0 to disable. |
35 #SecPort = 5868; | 35 #SecPort = 5868; |
36 | 36 |
37 # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed | 37 # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed |
38 # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the | 38 # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the |
39 # CER/CEA exchange on a dedicated secure port. | 39 # CER/CEA exchange on a dedicated secure port. |
40 # This parameter only affects outgoing connections. | 40 # This parameter only affects outgoing connections. |
41 # The setting can be also defined per-peer (see Peers configuration section). | 41 # The setting can be also defined per-peer (see Peers configuration section). |
42 # Default: use RFC6733 method with separate port for TLS. | 42 # Default: use RFC6733 method with separate port for TLS. |
43 #TLS_old_method; | 43 #TLS_old_method; |
44 | 44 |
45 # Disable use of TCP protocol (only listen and connect over SCTP) | 45 # Disable use of TCP protocol (only listen and connect over SCTP) |
124 # Default : GNUTLS default behavior | 124 # Default : GNUTLS default behavior |
125 #TLS_CA = "<file.PEM>"; | 125 #TLS_CA = "<file.PEM>"; |
126 | 126 |
127 # Certificate Revocation List file | 127 # Certificate Revocation List file |
128 # The information about revoked certificates. | 128 # The information about revoked certificates. |
129 # The file contains a list of trusted CRLs in PEM format. They should have been verified before. | 129 # The file contains a list of trusted CRLs in PEM format. They should have been verified before. |
130 # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) | 130 # (This parameter is passed to gnutls_certificate_set_x509_crl_file function) |
131 # Note: openssl CRL format might have interoperability issue with GNUTLS format. | 131 # Note: openssl CRL format might have interoperability issue with GNUTLS format. |
132 # Default : GNUTLS default behavior | 132 # Default : GNUTLS default behavior |
133 #TLS_CRL = "<file.PEM>"; | 133 #TLS_CRL = "<file.PEM>"; |
134 | 134 |
135 # GNU TLS Priority string | 135 # GNU TLS Priority string |
136 # This string allows to configure the behavior of GNUTLS key exchanges | 136 # This string allows to configure the behavior of GNUTLS key exchanges |
137 # algorithms. See gnutls_priority_init function documentation for information. | 137 # algorithms. See gnutls_priority_init function documentation for information. |
138 # You should also refer to the Diameter required TLS support here: | 138 # You should also refer to the Diameter required TLS support here: |
139 # http://tools.ietf.org/html/rfc6733#section-13.1 | 139 # http://tools.ietf.org/html/rfc6733#section-13.1 |
140 # Default : "NORMAL" | 140 # Default : "NORMAL" |
141 # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; | 141 # Example: TLS_Prio = "NONE:+VERS-TLS1.1:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL"; |
142 #TLS_Prio = "NORMAL"; | 142 #TLS_Prio = "NORMAL"; |
143 | 143 |
144 # Diffie-Hellman parameters size | 144 # Diffie-Hellman parameters size |
145 # Set the number of bits for generated DH parameters | 145 # Set the number of bits for generated DH parameters |
146 # Valid value should be 768, 1024, 2048, 3072 or 4096. | 146 # Valid value should be 768, 1024, 2048, 3072 or 4096. |
147 # (This parameter is passed to gnutls_dh_params_generate2 function, | 147 # (This parameter is passed to gnutls_dh_params_generate2 function, |
148 # it usually should match RSA key size) | 148 # it usually should match RSA key size) |
149 # Default : 1024 | 149 # Default : 1024 |
150 #TLS_DH_Bits = 1024; | 150 #TLS_DH_Bits = 1024; |
151 | 151 |
152 # Alternatively, you can specify a file to load the PKCS#3 encoded | 152 # Alternatively, you can specify a file to load the PKCS#3 encoded |
153 # DH parameters directly from. This accelerates the daemon start | 153 # DH parameters directly from. This accelerates the daemon start |
154 # but is slightly less secure. If this file is provided, the | 154 # but is slightly less secure. If this file is provided, the |
155 # TLS_DH_Bits parameters has no effect. | 155 # TLS_DH_Bits parameters has no effect. |
156 # Default : no default. | 156 # Default : no default. |
157 #TLS_DH_File = "<file.PEM>"; | 157 #TLS_DH_File = "<file.PEM>"; |
158 | 158 |
176 ############################################################## | 176 ############################################################## |
177 ## Applications configuration | 177 ## Applications configuration |
178 | 178 |
179 # Disable the relaying of Diameter messages? | 179 # Disable the relaying of Diameter messages? |
180 # For messages not handled locally, the default behavior is to forward the | 180 # For messages not handled locally, the default behavior is to forward the |
181 # message to another peer if any is available, according to the routing | 181 # message to another peer if any is available, according to the routing |
182 # algorithms. In addition the "0xffffff" application is advertised in CER/CEA | 182 # algorithms. In addition the "0xffffff" application is advertised in CER/CEA |
183 # exchanges. | 183 # exchanges. |
184 # Default: Relaying is enabled. | 184 # Default: Relaying is enabled. |
185 #NoRelay; | 185 #NoRelay; |
186 | 186 |
187 # Number of server threads that can handle incoming messages at the same time. | 187 # Number of server threads that can handle incoming messages at the same time. |
193 #RoutingInThreads = 1; | 193 #RoutingInThreads = 1; |
194 | 194 |
195 # Number of server threads that can handle outgoing message routing at the same time. | 195 # Number of server threads that can handle outgoing message routing at the same time. |
196 # Default: 1 | 196 # Default: 1 |
197 #RoutingOutThreads= 1; | 197 #RoutingOutThreads= 1; |
198 | |
199 # Maximum size of the incoming queue (messages queued after accepting | |
200 # them from the network) before blocking | |
201 # Default: 20 | |
202 #IncomingQueueLimit = 20; | |
203 | |
204 # Maximum size of the outgoing queue (messages queued for sending to | |
205 # the network) before blocking | |
206 # Default: 30 | |
207 #OutgoingQueueLimit = 30; | |
208 | |
209 # Maximum size of the local queue (messages queued for local handling) | |
210 # before blocking | |
211 # Default: 25 | |
212 #LocalQueueLimit = 25; | |
198 | 213 |
199 # Other applications are configured by loaded extensions. | 214 # Other applications are configured by loaded extensions. |
200 | 215 |
201 ############################################################## | 216 ############################################################## |
202 ## Extensions configuration | 217 ## Extensions configuration |
203 | 218 |
204 # The freeDiameter framework merely provides support for | 219 # The freeDiameter framework merely provides support for |
205 # Diameter Base Protocol. The specific application behaviors, | 220 # Diameter Base Protocol. The specific application behaviors, |
206 # as well as advanced functions, are provided | 221 # as well as advanced functions, are provided |
207 # by loadable extensions (plug-ins). | 222 # by loadable extensions (plug-ins). |
208 # These extensions may in addition receive the name of a | 223 # These extensions may in addition receive the name of a |
209 # configuration file, the format of which is extension-specific. | 224 # configuration file, the format of which is extension-specific. |
210 # | 225 # |
211 # Format: | 226 # Format: |
212 #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; | 227 #LoadExtension = "/path/to/extension" [ : "/optional/configuration/file" ] ; |
213 # | 228 # |
242 ############################################################## | 257 ############################################################## |
243 ## Peers configuration | 258 ## Peers configuration |
244 | 259 |
245 # The local server listens for incoming connections. By default, | 260 # The local server listens for incoming connections. By default, |
246 # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). | 261 # all unknown connecting peers are rejected. Extensions can override this behavior (e.g., acl_wl). |
247 # | 262 # |
248 # In addition to incoming connections, the local peer can | 263 # In addition to incoming connections, the local peer can |
249 # be configured to establish and maintain connections to some | 264 # be configured to establish and maintain connections to some |
250 # Diameter nodes and allow connections from these nodes. | 265 # Diameter nodes and allow connections from these nodes. |
251 # This is achieved with the ConnectPeer directive described below. | 266 # This is achieved with the ConnectPeer directive described below. |
252 # | 267 # |
253 # Note that the configured Diameter Identity MUST match | 268 # Note that the configured Diameter Identity MUST match |
254 # the information received inside CEA, or the connection will be aborted. | 269 # the information received inside CEA, or the connection will be aborted. |
275 | 290 |
276 # If Route-Record AVPs should be added in Answers. | 291 # If Route-Record AVPs should be added in Answers. |
277 # Possible values: Always, Never | 292 # Possible values: Always, Never |
278 # Default: Always | 293 # Default: Always |
279 #RouteRecordInAnswers = Never; | 294 #RouteRecordInAnswers = Never; |
295 |