# configuration possibilities and may not actually give any sensible
# configuration. For real life example see the examples/ directory.
#
+# Most of the settings in this file are optional. If some setting is
+# mandatory it is mentioned separately. If some setting is omitted it means
+# that its builtin default value will be used. Boolean values, that is
+# setting something on or off, is done by setting either "true" or "false"
+# value, respectively.
+#
+# The ServerInfo section is mandatory section. Other sections are optional.
+# However, if General section is defined it must be defined before the
+# ConnectionParams sections. On the other hand, the ConnectionParams section
+# must be defined before Client, ServerConnection or RouterConnection
+# sections. Other sections can be in free order.
+#
#
# Include global algorithms from the "silcalgs.conf" file. This file
#require_reverse_lookup = true;
# Maximum number of incoming connections allowed to this server.
- # If more attempt to connet they will be refused.
+ # If more attempt to connect they will be refused.
connections_max = 1000;
# Maximum number of incoming connections allowed per single host.
# refused. This can be overridden with ConnectionParams.
#connections_max_per_host = 10;
+ # Required version of the remote. If these are specified then the
+ # remote must be of at least this version, or newer. If older then
+ # the connection will not be allowed.
+ #
+ # version_protocol - SILC protocol version ("major.minor")
+ # version_software - software version ("major.minor")
+ # version_software_vendor - vendor specific version extension
+ #
+ # The version_software_vendor may be for example a string or a build
+ # number of the software. The string can be a regex string to match
+ # more widely. Usually the vendor version checking is not necessary
+ # and can be omitted. These can be overridden with ConnectionParams.
+ #version_protocol = "1.1";
+ #version_software = "1.3";
+ #version_software_vendor = "SomeVendor";
+
# Default keepalive frequency (seconds). This can be overridden
# with ConnectionParams.
keepalive_secs = 300;
# Key exchange protocol rekey interval (seconds). How often to
# regenerate the session key with the remote. Initiator will perform
- # the rekey and this setting affects only when connecting as intiator.
+ # the rekey and this setting affects only when connecting as initiator.
# This can be overridden with ConnectionParams.
#key_exchange_rekey = 3600;
#conn_auth_timeout = 60;
# Channel key rekey interval (seconds). How often channel key is
- # regenerated. Note that channel key regenerated also always when
+ # regenerated. Note that channel key is regenerated also always when
# someone joins or leaves the channel.
#channel_rekey_secs = 3600;
+ # SILC session detachment disabling and limiting. By default clients
+ # can detach their sessions from server. If you set detach_disabled
+ # to true the DETACH command cannot be used by clients. If you
+ # want to limit for how long the server keeps detached sessions you
+ # can set the time (minutes) in detach_timeout. After that timeout
+ # the detached session is closed if it is not resumed. By default
+ # sessions are persistent as long as server is running.
+ #detach_disabled = true;
+ #detach_timeout = 1440;
};
#
# There are only four defined channels allowed for defining (see below).
# The log channels have an importance value, and most important channels
# are redirected on the less important ones, thus setting a valid logging
-# file for "infologfile" will ensure logging for all channels, while setting
-# logging file for "errorlogfile" will ensure logging for channels "error"
-# and "fatal"
+# file for "Info" will ensure logging for all channels, while setting
+# logging file for "Errors" will ensure logging for channels "Errors"
+# and "Fatals"
#
Logging {
- #
# If QuickLogs is true, then the logging files will be updated
# real-time. This causes a bit more CPU and HDD activity, but
- # reduces memory usage. (if unsure say true).
+ # reduces memory usage. By default it is false and log files are
+ # written with FlushDelay timeout.
#
- QuickLogs = false;
+ #QuickLogs = true;
- #
- # (Only if QuickLogs is false)
- # FlushDelay tells log files update delay in case you have chosen
- # buffering output.
+ # FlushDelay tells log files update delay (seconds) in case you
+ # have chosen buffering output. This setting has effect only if
+ # the QuickLogs is false.
#
FlushDelay = 180;
+ # Informational messages
Info {
File = "@LOGSDIR@/silcd.log";
Size = "50k";
};
+
+ # Warning messages
Warnings {
File = "@LOGSDIR@/silcd_warnings.log";
Size = "50k";
};
+
+ # Error messages
Errors {
File = "@LOGSDIR@/silcd_errors.log";
Size = "50k";
};
+
+ # Fatal messages
Fatals {
File = "@LOGSDIR@/silcd_fatals.log";
Size = "50k";
# connections it is recommended that this value is set to one (1).
connections_max_per_host = 10;
+ # Required version of the remote. If these are specified then the
+ # remote must be of at least this version, or newer. If older then
+ # the connection will not be allowed.
+ #
+ # version_protocol - SILC protocol version
+ # version_software - software version
+ # version_software_vendor - vendor specific version extension
+ #
+ # The version_software_vendor may be for example a string or a build
+ # number of the software. The string can be a regex string to match
+ # more widely. Usually the vendor version checking is not necessary
+ # and can be omitted.
+ #version_protocol = "1.1";
+ #version_software = "1.3";
+ #version_software_vendor = "SomeVendor";
+
# Keepalive frequency (seconds).
keepalive_secs = 300;
#
# Configured client connections.
#
-# The "host" defines the incoming IP address or hostname of the client.
+# The "Host" defines the incoming IP address or hostname of the client.
# If it is omitted all hosts will match this client connection. The
-# "param" is optional and can be used to set specific connection parameters
+# "Params" is optional and can be used to set specific connection parameters
# for this connection.
#
-# The authentication data is specified by Passphrase and/or Publickey.
+# The authentication data is specified by Passphrase and/or PublicKey.
# If both are provided then both password and public key based authentication
# is allowed. If the Publickey is used it includes the file path to the
# public key file. If none of them is provided then authentication is not
-# required.
+# required. The PublicKey can be set multiple times to set multiple
+# public keys for one connection.
#
# Next example connection will match to all incoming client connections,
-# and no authentication is required
+# and no authentication is required.
#
Client {
#Host = "10.1.*";
#Passphrase = "secret";
- #PublicKey = "/path/to/the/public.key";
+ #PublicKey = "/path/to/the/user_my.key";
+ #PublicKey = "/path/to/the/user_221.key";
+ #PublicKey = "/path/to/the/user_313.key";
Params = "normal";
};
# The fields "Host", "User", and "Nick", are optional but you are encouraged
# in using them to better identify your admins.
#
-# The authentication data is specified by Passphrase and/or Publickey.
+# The authentication data is specified by Passphrase and/or PublicKey.
# If both are provided then both password and public key based authentication
-# is allowed. If the Publickey is used it includes the file path to the
+# is allowed. If the PublicKey is used it includes the file path to the
# public key file. If none of them is provided then authentication is not
# required.
#
User = "priikone";
Nick = "pekka";
Passphrase = "verysecret";
- # Publickey = "/path/to/the/public.key";
+ # PublicKey = "/path/to/the/public.key";
};
#
# Thus, if this server is not router do not configure this section. If
# your server is router, this must be configured.
#
-# The authentication data is specified by Passphrase and/or Publickey.
+# The authentication data is specified by Passphrase and/or PublicKey.
# If both are provided then both password and public key based authentication
-# is allowed. If the Publickey is used it includes the file path to the
+# is allowed. If the PublicKey is used it includes the file path to the
# public key file. If none of them is provided then authentication is not
# required.
#
ServerConnection {
Host = "10.2.1.7";
Passphrase = "verysecret";
- #Publickey = "/path/to/the/public.key";
- VersionID = 1;
+ #PublicKey = "/path/to/the/public.key";
Params = "normal";
Backup = false;
};
# For normal servers only one entry maybe configured to this section. It
# must be the router this server will be connected to. For router servers,
# this section includes all configured router connections. The first
-# configured connection is the primary route.
+# configured connection is the primary route. The Host specifies the
+# remote hostname or IP address. The Port specifies the remote port to
+# connect when Initiator is true. When Initiator is false the Port
+# specifies the local port (listener port).
#
-# The authentication data is specified by Passphrase and/or Publickey.
+# The authentication data is specified by Passphrase and/or PublicKey.
# If both are provided then both password and public key based authentication
-# is allowed. If the Publickey is used it includes the file path to the
+# is allowed. If the PublicKey is used it includes the file path to the
# public key file. If none of them is provided then authentication is not
# required.
#
# option to the IP address of the router that the backup router will
# replace if it becomes unavailable. Set also the router's port to the
# "BackupPort" option. For normal connection leave both commented. If this
-# backup router is in our cell then set the "LocalBackup" option to true.
+# backup router is in our cell then set the "BackupLocal" option to true.
# If the backup router is in other cell then set it to false.
#
RouterConnection {
Host = "10.2.1.100";
Port = 706;
Passphrase = "verysecret";
- #Publickey = "/path/to/the/public.key";
- VersionID = 1;
+ #PublicKey = "/path/to/the/public.key";
Params = "normal";
Initiator = true;
#BackupHost = "10.2.1.6";
#BackupPort = 706;
- #LocalBackup = true;
+ #BackupLocal = true;
};
#
#
# These connections are denied to connect to our server.
#
-# The "Reason" field is mandatory, while the "Host" and "Port" fields can be
-# omitted to match everything.
+# The "Reason" field is mandatory, while the "Host" field can be omitted to
+# match everything.
#
#Deny {
# Host = "10.2.1.99";
-# Port = 706;
# Reason = "Go away spammer";
#};
#Deny {