X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.conf.5.xml;h=bfc701e72abb4ce6a6ccbdd6625300ac308f2779;hb=a35931ff6bf382ace123d2649e1a660c522a640c;hp=406f2bf4dec82a931385bf4b3b9569510a213c62;hpb=1080f966ba0fa083696b22f5d8095de49ce9730a;p=libradsec.git

diff --git a/radsecproxy.conf.5.xml b/radsecproxy.conf.5.xml
index 406f2bf..bfc701e 100644
--- a/radsecproxy.conf.5.xml
+++ b/radsecproxy.conf.5.xml
@@ -98,7 +98,7 @@ blocktype name {
     <para>
       There is one special option that can be used both as a basic
       option and inside all blocks. That is the option
-      <literal>include</literal> where the value specifies files to be
+      <literal>Include</literal> where the value specifies files to be
       included. The value can be a single file, or it can use normal
       shell globbing to specify multiple files, e.g.:
       <blockquote>
@@ -110,7 +110,7 @@ blocktype name {
       the order they are specified, when reaching the end of a file,
       the next file is read. When reaching the end of the last
       included file, the proxy returns to read the next line following
-      the <literal>include</literal> option. Included files may again
+      the <literal>Include</literal> option. Included files may again
       include other files.
     </para>
   </refsect1>
@@ -126,7 +126,7 @@ blocktype name {
     </para>
     <variablelist>
       <varlistentry>
-        <term><literal>logLevel</literal></term>
+        <term><literal>LogLevel</literal></term>
         <listitem>
 	  <para>
 	    This option specifies the debug level. It must be set to
@@ -138,7 +138,7 @@ blocktype name {
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>logDestination</literal></term>
+        <term><literal>LogDestination</literal></term>
         <listitem>
 	  <para>
 	    This specifies where the log messages should go. By
@@ -168,8 +168,64 @@ blocktype name {
 	  </para>
         </listitem>
       </varlistentry>
+
       <varlistentry>
-        <term><literal>listenUDP</literal></term>
+        <term><literal>FTicksReporting</literal></term>
+        <listitem>
+	  <para>
+	    The FTicksReporting option is used to enable F-Ticks
+	    logging and can be set to <literal>None</literal>,
+	    <literal>Basic</literal> or <literal>Full</literal>.  Its
+	    default value is <literal>None</literal>.
+
+	    See <literal>radsecproxy.conf-example</literal> for
+	    details.  Note that radsecproxy has to be configured with
+	    support for F-Ticks (<literal>--enable-fticks</literal>)
+	    for this option to have any effect.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><literal>FTicksMAC</literal></term>
+        <listitem>
+	  <para>
+	    The FTicksMAC option can be used to control if and how
+	    Calling-Station-Id is being logged.  It can be set to one
+	    of <literal>Static</literal>, <literal>Original</literal>,
+	    <literal>VendorHashed</literal>,
+	    <literal>VendorKeyHashed</literal>,
+	    <literal>FullyHashed</literal> or
+	    <literal>FullyKeyHashed</literal>.
+
+	    Its default value is <static>Static</static>.
+
+	    See <literal>radsecproxy.conf-example</literal> for
+	    details.  Note that radsecproxy has to be configured with
+	    support for F-Ticks (<literal>--enable-fticks</literal>)
+	    for this option to have any effect.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><literal>FTicksKey</literal></term>
+        <listitem>
+	  <para>
+	    The FTicksKey option is used to specify the key to use
+	    when producing HMAC's as an effect of specifying
+	    VendorKeyHashed or FullyKeyHashed for the FTicksMAC
+	    option.
+
+	    Note that radsecproxy has to be configured with support
+	    for F-Ticks (<literal>--enable-fticks</literal>) for this
+	    option to have any effect.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><literal>ListenUDP</literal></term>
         <listitem>
 	  <para>
 	    Normally the proxy will listen to the standard RADIUS UDP
@@ -194,10 +250,10 @@ blocktype name {
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>listenTCP</literal></term>
+        <term><literal>ListenTCP</literal></term>
         <listitem>
 	  <para>
-	    This option is similar to the <literal>listenUDP</literal>
+	    This option is similar to the <literal>ListenUDP</literal>
 	    option, except that it is used for receiving connections
 	    from TCP clients. The default port number is
 	    <literal>1812</literal>.
@@ -205,22 +261,22 @@ blocktype name {
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>listenTLS</literal></term>
+        <term><literal>ListenTLS</literal></term>
         <listitem>
 	  <para>
-	    This is similar to the <literal>listenUDP</literal>
+	    This is similar to the <literal>ListenUDP</literal>
 	    option, except that it is used for receiving connections
 	    from TLS clients. The default port number is
 	    <literal>2083</literal>. Note that this option was
-	    previously called <literal>listenTCP</literal>.
+	    previously called <literal>ListenTCP</literal>.
 	  </para>
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>listenDTLS</literal></term>
+        <term><literal>ListenDTLS</literal></term>
         <listitem>
 	  <para>
-	    This is similar to the <literal>listenUDP</literal>
+	    This is similar to the <literal>ListenUDP</literal>
 	    option, except that it is used for receiving connections
 	    from DTLS clients. The default port number is
 	    <literal>2083</literal>.
@@ -228,7 +284,7 @@ blocktype name {
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>sourceUDP</literal></term>
+        <term><literal>SourceUDP</literal></term>
         <listitem>
 	  <para>
 	    This can be used to specify source address and/or source
@@ -238,7 +294,7 @@ blocktype name {
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>sourceTCP</literal></term>
+        <term><literal>SourceTCP</literal></term>
         <listitem>
 	  <para>
 	    This can be used to specify source address and/or source
@@ -247,7 +303,7 @@ blocktype name {
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>sourceTLS</literal></term>
+        <term><literal>SourceTLS</literal></term>
         <listitem>
 	  <para>
 	    This can be used to specify source address and/or source
@@ -256,7 +312,7 @@ blocktype name {
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>sourceDTLS</literal></term>
+        <term><literal>SourceDTLS</literal></term>
         <listitem>
 	  <para>
 	    This can be used to specify source address and/or source
@@ -278,13 +334,13 @@ blocktype name {
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>addTTL</literal></term>
+        <term><literal>AddTTL</literal></term>
         <listitem>
 	  <para>
 	    If a TTL attribute is present, the proxy will decrement
 	    the value and discard the message if zero. Normally the
 	    proxy does nothing if no TTL attribute is present. If you
-	    use the addTTL option with a value 1-255, the proxy will
+	    use the AddTTL option with a value 1-255, the proxy will
 	    when forwarding a message with no TTL attribute, add one
 	    with the specified value. Note that this option can also
 	    be specified for a client/server. It will then override
@@ -294,7 +350,7 @@ blocktype name {
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>loopPrevention</literal></term>
+        <term><literal>LoopPrevention</literal></term>
         <listitem>
 	  <para>
 	    This can be set to <literal>on</literal> or
@@ -310,7 +366,7 @@ blocktype name {
         </listitem>
       </varlistentry>
       <varlistentry>
-        <term><literal>include</literal></term>
+        <term><literal>Include</literal></term>
         <listitem>
 	  <para>
 	    This is not a normal configuration option; it can be
@@ -386,9 +442,9 @@ blocktype name {
       <literal>secret</literal>, <literal>tls</literal>,
       <literal>certificateNameCheck</literal>,
       <literal>matchCertificateAttribute</literal>,
-      <literal>duplicateInterval</literal>, <literal>addTTL</literal>,
-      <literal>rewrite</literal>, <literal>rewriteIn</literal>,
-      <literal>rewriteOut</literal> and
+      <literal>duplicateInterval</literal>, <literal>AddTTL</literal>,
+      <literal>fticksVISCOUNTRY</literal>, <literal>rewrite</literal>,
+      <literal>rewriteIn</literal>, <literal>rewriteOut</literal>, and
       <literal>rewriteAttribute</literal>.
 
       We already discussed the <literal>host</literal> option. The
@@ -438,12 +494,17 @@ blocktype name {
       one), or returned a copy of the previous reply.
     </para>
     <para>
-      The <literal>addTTL</literal> option is similar to the
-      <literal>addTTL</literal> option used in the basic config. See
+      The <literal>AddTTL</literal> option is similar to the
+      <literal>AddTTL</literal> option used in the basic config. See
       that for details. Any value configured here overrides the basic
       one when sending messages to this client.
     </para>
     <para>
+      The <literal>fticksVISCOUNTRY</literal> option configures
+      clients eligible to F-Ticks logging as defined by the
+      <literal>FTicksReporting</literal> basic option.
+    </para>
+    <para>
       The <literal>rewrite</literal> option is deprecated. Use
       <literal>rewriteIn</literal> instead.
     </para>
@@ -525,12 +586,12 @@ blocktype name {
       <literal>type</literal>, <literal>secret</literal>,
       <literal>tls</literal>, <literal>certificateNameCheck</literal>,
       <literal>matchCertificateAttribute</literal>,
-      <literal>addTTL</literal>, <literal>rewrite</literal>,
+      <literal>AddTTL</literal>, <literal>rewrite</literal>,
       <literal>rewriteIn</literal>, <literal>rewriteOut</literal>,
       <literal>statusServer</literal>, <literal>retryCount</literal>,
       <literal>retryInterval</literal>,
       <literal>dynamicLookupCommand</literal> and
-      <literal>loopPrevention</literal>.
+      <literal>LoopPrevention</literal>.
     </para>
     <para>
       We already discussed the <literal>host</literal> option. The
@@ -539,7 +600,7 @@ blocktype name {
       <literal>secret</literal>, <literal>tls</literal>,
       <literal>certificateNameCheck</literal>,
       <literal>matchCertificateAttribute</literal>,
-      <literal>addTTL</literal>, <literal>rewrite</literal>,
+      <literal>AddTTL</literal>, <literal>rewrite</literal>,
       <literal>rewriteIn</literal> and <literal>rewriteOut</literal>
       are just as specified for the <literal>client block</literal>
       above, except that <literal>defaultServer</literal> (and not
@@ -570,7 +631,7 @@ blocktype name {
       documented separately/later.
     </para>
     <para>
-      Using the <literal>loopPrevention</literal> option here
+      Using the <literal>LoopPrevention</literal> option here
       overrides any basic setting of this option.  See section
       <literal>BASIC OPTIONS</literal> for details on this option.
     </para>