When combined with the IndirectData option,
packets for nodes for which we do not have a meta connection with are also dropped.
+@cindex ECDSAPrivateKeyFile
+@item ECDSAPrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/ecdsa_key.priv})
+The file in which the private ECDSA key of this tinc daemon resides.
+This is only used if ExperimentalProtocol is enabled.
+
+@cindex ExperimentalProtocol
+@item ExperimentalProtocol = <yes|no> (no) [experimental]
+When this option is enabled, experimental protocol enhancements will be used.
+Ephemeral ECDH will be used for key exchanges,
+and ECDSA will be used instead of RSA for authentication.
+When enabled, an ECDSA key must have been generated before with
+@samp{tincctl generate-ecdsa-keys}.
+The experimental protocol may change at any time,
+and there is no guarantee that tinc will run stable when it is used.
+
@cindex Forwarding
@item Forwarding = <off|internal|kernel> (internal) [experimental]
This option selects the way indirect packets are forwarded.
Specifying . for @var{netname} is the same as not specifying any @var{netname}.
@xref{Multiple networks}.
-@item --controlcookie=@var{filename}
+@item --pidfile=@var{filename}
Store a cookie in @var{filename} which allows tincctl to authenticate.
If unspecified, the default is
-@file{@value{localstatedir}/run/tinc.@var{netname}.cookie}.
+@file{@value{localstatedir}/run/tinc.@var{netname}.pid}.
@item -L, --mlock
Lock tinc into main memory.
@item -n, --net=@var{netname}
Use configuration for net @var{netname}. @xref{Multiple networks}.
-@item --controlcookie=@var{filename}
+@item --pidfile=@var{filename}
Use the cookie from @var{filename} to authenticate with a running tinc daemon.
If unspecified, the default is
-@file{@value{localstatedir}/run/tinc.@var{netname}.cookie}.
+@file{@value{localstatedir}/run/tinc.@var{netname}.pid}.
@item --help
Display a short reminder of runtime options and commands, then terminate.