diff options
author | Tobias Brunner <tobias@strongswan.org> | 2011-07-21 16:26:30 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2011-07-21 16:26:30 +0200 |
commit | 107ea60f5cb79f13d4d0849fdc967cd7e773a3dc (patch) | |
tree | 4b7cbc9a2a15ea3e049d8b15e2b7e39e91ebcb7f | |
parent | 4f3ca916c50b0e0cddc170cc80012c71497f368c (diff) | |
download | strongswan-107ea60f5cb79f13d4d0849fdc967cd7e773a3dc.tar.bz2 strongswan-107ea60f5cb79f13d4d0849fdc967cd7e773a3dc.tar.xz |
Added NEWS about job priorities and IKE_SA_INIT dropping.
-rw-r--r-- | NEWS | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -9,9 +9,17 @@ strongswan-4.5.3 - The dynamic IMC/IMV libraries were moved from the plugins directory to a new imcvs directory in the prefix/lib/ipsec/ subdirectory. +- Job priorities were introduced to prevent thread starvation caused by too + many threads handling blocking operations (such as CRL fetching). Refer to + strongswan.conf(5) for details. + +- Two new strongswan.conf options allow to fine-tune performance on IKEv2 + gateways by dropping IKE_SA_INIT requests on high load. + - IKEv2 charon daemon supports start PASS and DROP shunt policies preventing traffic to go through IPsec connections. Installation of the - shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel interfaces. + shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel + interfaces. - The history of policies installed in the kernel is now tracked so that e.g. trap policies are correctly updated when reauthenticated SAs are terminated. |