Mercurial > hg > freeDiameter
view doc/acl_wl.conf.sample @ 1540:407e0a889c7e
SCTP ConnectPeer: sctp_bindx() to local endpoints
When connecting to an SCTP peer using sctp_connectx() with local
addresses configured with ListenOn, bind to the ListenOn addresses
using sctp_bindx() so that the SCTP INIT only contains the
configured local addresses, matching what is advertised in the CER,
and disable SCTP_AUTO_ASCONF.
If no local addresses are configured with ListenOn, the previous
behaviour of sctp_connectx() and enable SCTP_AUTO_ASCONF is used.
author | Luke Mewburn <luke@mewburn.net> |
---|---|
date | Fri, 01 May 2020 18:20:33 +1000 |
parents | 0dff6a604b0a |
children |
line wrap: on
line source
# Configuration file for the peer whitelist extension. # # This extension is meant to allow connection from remote peers, without actively # maintaining this connection ourselves (as it would be the case by declaring the # peer in a ConnectPeer directive). # # This extension supports configuration reload at runtime. Send # signal SIGUSR1 to the process to cause the process to reload its # config. # # The format of this file is very simple. It contains a list of peer names # separated by spaces or newlines. # # The peer name must be a fqdn. We allow also a special "*" character as the # first label of the fqdn, to allow all fqdn with the same domain name. # Example: *.example.net will allow host1.example.net and host2.example.net # # At the beginning of a line, the following flags are allowed (case sensitive) -- either or both can appear: # ALLOW_OLD_TLS : we accept unprotected CER/CEA exchange with Inband-Security-Id = TLS # ALLOW_IPSEC : we accept implicitly protected connection with with peer (Inband-Security-Id = IPSec) # It is specified for example as: # ALLOW_IPSEC vpn.example.net vpn2.example.net *.vpn.example.net # These flag take effect from their position, until the end of the line.