X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=doc%2Ftinc.conf.5.in;h=bc82b17637443a7708b1f470804b1a39c9a4f81d;hp=6f8db9c008f09ce14bf85169138f0bd4cd7d6f34;hb=74653beb5bc510e60579058ee15c0f66350f5137;hpb=5038964032ef55913b2d4741c67bf191b2208abb

diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
index 6f8db9c0..bc82b176 100644
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@@ -199,6 +199,32 @@ Tinc will expect packets read from the virtual network device
 to start with an Ethernet header.
 .El
 
+.It Va DirectOnly Li = yes | no Po no Pc Bq experimental
+When this option is enabled, packets that cannot be sent directly to the destination node,
+but which would have to be forwarded by an intermediate node, are dropped instead.
+When combined with the IndirectData option,
+packets for nodes for which we do not have a meta connection with are also dropped.
+
+.It Va Forwarding Li = off | internal | kernel Po internal Pc Bq experimental
+This option selects the way indirect packets are forwarded.
+.Bl -tag -width indent
+
+.It off
+Incoming packets that are not meant for the local node,
+but which should be forwarded to another node, are dropped.
+
+.It internal
+Incoming packets that are meant for another node are forwarded by tinc internally.
+
+.Pp
+This is the default mode, and unless you really know you need another forwarding mode, don't change it.
+
+.It kernel
+Incoming packets are always sent to the TUN/TAP device, even if the packets are not for the local node.
+This is less efficient, but allows the kernel to apply its routing and firewall rules on them,
+and can also help debugging.
+.El
+
 .It Va GraphDumpFile Li = Ar filename Bq experimental
 If this option is present,
 .Nm tinc