Sophie: resiprocate-repro-1.8.7-1.fc18 x86

resiprocate-repro-1.8.7-1.fc18.x86_64.rpm

########################################################
# repro configuration file
########################################################

########################################################
# Log settings
########################################################

# Logging Type: syslog|cerr|cout|file
# Note: Logging to cout can negatively effect performance.
# When repro is placed into production 'file' or
# 'syslog' should be used.
LoggingType = cout

# Log Filename
LogFilename = repro.log

# Log file Max Bytes
LogFileMaxBytes = 5242880

# Instance name to be shown in logs, very useful when multiple instances
# logging to syslog concurrently
# If unspecified, defaults to argv[0] (name of the executable)
#LoggingInstanceName repro-dev

########################################################
# Transport settings
########################################################

# Local IP Address to bind SIP transports to. If left blank
# repro will bind to all adapters.
#IPAddress = 192.168.1.106
#IPAddress = 2001:5c0:1000:a::6d
IPAddress =

# Local port to listen on for SIP messages over UDP - 0 to disable
UDPPort = 5060

# Local port to listen on for SIP messages over TCP - 0 to disable
TCPPort = 5060

# Local port to listen on for SIP messages over TLS - 0 to disable
TLSPort = 0

# Local port to listen on for SIP messages over DTLS - 0 to disable
DTLSPort = 0

# TLS domain name for this server (note: domain cert for this domain must be present)
TLSDomainName =

# Whether or not we ask for (Optional) or expect (Mandatory) TLS
# clients to present a client certificate
# Possible values:
# None: client can connect without any cert, if a cert is sent, it is not checked
# Optional: client can connect without any cert, if a cert is sent, it must be acceptable to us
# Mandatory: client can not connect without any cert, cert must be acceptable to us
# How we decide if a cert is acceptable: it must meet two criteria:
# 1. it must be signed by a CA that we trust (see CADirectory)
# 2. the domain or full sip: URI in the cert must match the From: URI of all
# SIP messages coming from the peer
TLSClientVerification = None

# Whether we accept the subjectAltName email address as if it was a SIP
# address (when checking the validity of a client certificate)
# Very few commercial CAs offer support for SIP addresses in subjectAltName
# For many purposes, an email address subjectAltName may be considered
# equivalent within a specific domain.
# Currently, this accepts such certs globally (for any incoming connection),
# not just for connections from the local users.
TLSUseEmailAsSIP = false

# Alternate and more flexible method to specify transports to bind to. If specified here
# then IPAddress, and port settings above are ignored.
# Transports MUST be numbered in sequential order, starting from 1. Possible settings are:
# Transport<Num>Interface = <IPAddress>:<Port> - Note: For IPv6 addresses last colon separates
# IP Address and Port - square bracket notation
# is not used.
# Transport<Num>Type = <'TCP'|'UDP'|'TLS'|'DTLS'> - default is UDP if missing
# Transport<Num>TlsDomain = <TLSDomain> - only required if transport is TLS or DTLS
# Transport<Num>TlsClientVerification = <'None'|'Optional'|'Mandatory'> - default is None
# Transport<Num>RecordRouteUri = <'auto'|URI> - if set to auto then record route URI
# is automatically generated from the other
# transport settings. Otherwise explicity
# enter the full URI you want repro to use.
# Do not specify 'auto' if you specified
# the IPAddress as INADDR_ANY (0.0.0.0).
# If nothing is specified then repro will
# use the global RecordRouteUri setting.
#
# Transport<Num>RcvBufLen = <SocketReceiveBufferSize> - currently only applies to UDP transports,
# leave empty to use OS default
# Example:
# Transport1Interface = 192.168.1.106:5060
# Transport1Type = TCP
# Transport1RecordRouteUri = auto
#
# Transport2Interface = 192.168.1.106:5060
# Transport2Type = UDP
# Transport2RecordRouteUri = auto
# Transport2RcvBufLen = 10000
#
# Transport3Interface = 192.168.1.106:5061
# Transport3Type = TLS
# Transport3TlsDomain = sipdomain.com
# Transport3TlsClientVerification = Mandatory
# Transport3RecordRouteUri = sip:h1.sipdomain.com;transport=TLS
#
# Transport4Interface = 2666:f0d0:1008:88::4:5060
# Transport4Type = UDP
# Transport4RecordRouteUri = auto

# Comma separated list of DNS servers, overrides default OS detected list (leave blank
# for default)
DNSServers =

# Enable IPv6
EnableIPv6 = false

# Enable IPv4
DisableIPv4 = false

# Port on which to run the HTTP configuration interface and/or certificate server
# 0 to disable (default: 5080)
HttpPort = 5080

# disable HTTP challenges for web based configuration GUI
DisableHttpAuth = false

# Web administrator password
HttpAdminPassword = admin

# Port on which to listen for and send XML RPC messaging used in command processing
# 0 to disable (default: 5081)
CommandPort = 5081

# Port on which to listen for and send XML RPC messaging used in registration sync
# process - 0 to disable (default: 0)
RegSyncPort = 0

# Hostname/ip address of another instance of repro to synchronize registrations with
# (note xmlrpcport must also be specified)
RegSyncPeer =

########################################################
# Misc settings
########################################################

# Must be true or false, default = false, not supported on Windows
Daemonize = false

# On UNIX it is normal to create a PID file
# if unspecified, no attempt will be made to create a PID file
#PidFile = /var/run/repro/repro.pid

# Path to load certificates from (default: "$(HOME)/.sipCerts on *nix, and c:\sipCerts
# on windows)
# Note that repro loads ALL root certificates found by the settings
# CertificatePath, CADirectory and CAFile. Setting one option does
# not disable the other options.
# Certificates in this location have to match one of the filename
# patterns expected by the legacy reSIProcate SSL code:
# domain_cert_NAME.pem, root_cert_NAME.pem, ...
CertificatePath =

# Path to load root certificates from
# Iff this directory is specified, all files in the directory
# will be loaded as root certificates, prefixes and suffixes are
# not considered
# Note that repro loads ALL root certificates found by the settings
# CertificatePath, CADirectory and CAFile. Setting one option does
# not disable the other options.
# On Debian, the typical location is /etc/ssl/certs
#CADirectory = /etc/ssl/certs

# Specify a single file containing one or more root certificates
# and possible chain/intermediate certificates to be loaded
# Iff this filename is specified, the certificates in the file will
# be loaded as root certificates
#
# This does NOT currently support bundles of unrelated root certificates
# stored in the same PEM file, it ONLY supports related/chained root
# certificates. If multiple roots must be supported, use the CADirectory
# option.
#
# In the future, this behavior may change to load a bundle,
# such as /etc/ssl/certs/ca-certificates.txt on Debian and
# /etc/pki/tls/cert.pem on Red Hat/CentOS
#
# Note that repro loads ALL root certificates found by the settings
# CertificatePath, CADirectory and CAFile. Setting one option does
# not disable the other options.
#
# This example loads just the CACert.org chain, which typically
# includes the class 1 root and the class 3 root (signed by the class 1 root)
#CAFile = /etc/ssl/certs/cacert.org.pem

# The Path to read and write Berkely DB database files
DatabasePath = /var/lib/repro

# The hostname running MySQL server to connect to, leave blank to use BerkelyDB.
# The value of host may be either a host name or an IP address. If host is "localhost",
# a connection to the local host is assumed. For Windows, the client connects using a
# shared-memory connection, if the server has shared-memory connections enabled. Otherwise,
# TCP/IP is used. For Unix, the client connects using a Unix socket file. For a host value of
# "." on Windows, the client connects using a named pipe, if the server has named-pipe
# connections enabled. If named-pipe connections are not enabled, an error occurs.
# WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
MySQLServer =

# The MySQL login ID to use when connecting to the MySQL Server. If user is empty string "",
# the current user is assumed. Under Unix, this is the current login name. Under Windows,
# the current user name must be specified explicitly.
MySQLUser = root

# The password for the MySQL login ID specified.
MySQLPassword = root

# The database name on the MySQL server that contains the repro tables
MySQLDatabaseName = repro

# If port is not 0, the value is used as the port number for the TCP/IP connection. Note that
# the host parameter determines the type of the connection.
MySQLPort = 3306

# The Users and MessageSilo database tables are different from the other repro configuration
# database tables, in that they are accessed at runtime as SIP requests arrive. It may be
# desirable to use BerkeleyDb for the other repro tables (which are read at starup time, then
# cached in memory), and MySQL for the runtime accessed tables; or two seperate MySQL instances
# for these different table sets. Use the following settings in order to specify a seperate
# MySQL instance for use by the Users and MessageSilo tables.
#
# WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
#
# Note: If this setting is left blank then repro will fallback all remaining my sql
# settings to use the global MySQLServer settings. If the MySQLServer setting is also
# blank, then repro will use BerkelyDB for all configuration tables. See the
# documentation on the global MySQLServer settings for more details on the following
# individual settings.
RuntimeMySQLServer =
RuntimeMySQLUser = root
RuntimeMySQLPassword = root
RuntimeMySQLDatabaseName = repro
RuntimeMySQLPort = 3306

# If you would like to be able to authenticate users from a MySQL source other than the repro user
# database table itself, then specify the query here. The following conditions apply:
# 1. The database table must reside on the same MySQL server instance as the repro database
# or Runtime tables database.
# 2. The statement provided will be UNION'd with the hardcoded repro query, so that auth from
# both sources is possible. Note: If the same user exists in both tables, then the repro
# auth info will be used.
# 3. The provided SELECT statement must return the SIP A1 password hash of the user in question.
# 4. The provided SELECT statement must contain two tags embedded into the query: $user and $domain
# These tags should be used in the WHERE clause, and repro will replace these tags with the
# actual user and domain being queried.
# Example: SELECT sip_password_ha1 FROM directory.users WHERE sip_userid = '$user' AND
# sip_domain = '$domain' AND account_status = 'active'
MySQLCustomUserAuthQuery =

# Run a Certificate Server - Allows PUBLISH and SUBSCRIBE for certificates
EnableCertServer = false

# Value of server header for local UAS responses
ServerText =

# Enables Congestion Management
CongestionManagement = true

# Congestion Management Metric - can take one of the following values:
# SIZE : Based solely on the number of messages in each fifo
# TIME_DEPTH : Based on the age of the oldest (front-most) message
# in each fifo.
# WAIT_TIME : Based on the expected wait time for each fifo; this is
# calculated by multiplying the size by the average service time.
# This is the recommended metric.
CongestionManagementMetric = WAIT_TIME

# Congestion Management Tolerance for the given metric. This determines when the RejectionBehavior
# changes.
# 0-80 percent of max tolerance -> NORMAL (Not rejecting any work.)
# 80-100 percent of max tolerance -> REJECTING_NEW_WORK (Refuses new work,
# not continuation of old work.)
# >100 percent of max tolerance -> REJECTING_NON_ESSENTIAL (Rejecting all work
# that is non-essential to the health of the system (ie, if dropping
# something is liable to cause a leak, instability, or state-bloat, don't drop it.
# Otherwise, reject it.)
# Units specified are dependent on Metric specified above:
# If Metric is SIZE then units are number of messages
# If Metric is TIME_DEPTH then units are the number seconds old the oldest message is
# If Metric is WAIT_TIME then units are the expected wait time of each fifo in milliseconds
CongestionManagementTolerance = 200

# Specify the number of seconds between writes of the stack statistics block to the log files.
# Specifying 0 will disable the statistics collection entirely. If disabled the statistics
# also cannot be retreived using the reprocmd interface.
StatisticsLogInterval = 3600

# Use MultipleThreads stack processing.
ThreadedStack = true

# The number of worker threads used to asynchronously retrieve user authentication information
# from the database store.
NumAuthGrabberWorkerThreads = 2

# The number of worker threads in Async Processor tread pool. Used by all Async Processors
# (ie. RequestFilter)
NumAsyncProcessorWorkerThreads = 2

# Specify domains for which this proxy is authorative (in addition to those specified on web
# interface) - comma separate list
# Notes: * Domains specified here cannot be used when creating users, domains used in user
# AORs must be specified on the web interface.
# * In previous versions of repro, localhost, 127.0.0.1, the machine's hostname,
# and all interface addresses would automatically be appended to this
# configuration parameter. From now on, such values must be listed
# here explicitly if required, e.g.
#
# Domains = localhost, 127.0.0.1, sip-server.example.org, 10.83.73.80
#
# although when using TLS only, it is not desirable or necessary to
# add such values.
#
Domains =

# Uri to use as Record-Route
RecordRouteUri =

# Force record-routing
# WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
# the alternate transport specification mechanism and defining a RecordRouteUri per
# transport: TransportXRecordRouteUri
ForceRecordRouting = false

# Assume path option
AssumePath = false

# Disable registrar
DisableRegistrar = false

# Specify a comma separate list of enum suffixes to search for enum dns resolution
EnumSuffixes =

# Specify the target domain(s) for ENUM logic support. When a dialed SIP URI
# is addressed to +number@somedomain,
# where somedomain is an element of EnumDomains,
# the ENUM logic will be applied for the number
# If empty, ENUM is never used
EnumDomains =

# Specify length of timer C in sec (0 or negative will disable timer C) - default 180
TimerC = 180

# Override the default value of T1 in ms (you probably should not change this) - leave
# as 0 to use default of 500ms)
TimerT1 = 0

# Disable outbound support (RFC5626)
# WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
# the alternate transport specification mechanism and defining a RecordRouteUri per
# transport: TransportXRecordRouteUri
DisableOutbound = true

# Set the draft version of outbound to support (default: RFC5626)
# Other accepted values are the versions of the IETF drafts, before RFC5626 was issued
# (ie. 5, 8, etc.)
OutboundVersion = 5626

# There are cases where the first hop in a particular network supports the concept of outbound
# and ensures all messaging for a client is delivered over the same connection used for
# registration. This could be a SBC or other NAT traversal aid router that uses the Path
# header. However such endpoints may not be 100% compliant with outbound RFC and may not
# include a ;ob parameter in the path header. This parameter is required in order for repro
# to have knowledge that the first hop does support outbound, and it will reject registrations
# that appear to be using outboud (ie. instanceId and regId) with a 439 (First Hop Lacks Outbound
# Support). In this case it can be desirable when using repro as the registrar to not reject
# REGISTRATION requests that contain an instanceId and regId with a 439.
# If this setting is enabled, then repro will assume the first hop supports outbound
# and not return this error.
AssumeFirstHopSupportsOutbound = false

# Enable use of flow-tokens in non-outbound cases
# WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
# the alternate transport specification mechanism and defining a RecordRouteUri per
# transport: TransportXRecordRouteUri
EnableFlowTokens = false

# Enable use of flow-tokens in non-outbound cases for clients detected to be behind a NAT.
# This a more selective flow token hack mode for clients not supporting RFC5626. The
# original flow token hack (EnableFlowTokens) will use flow tokens on all client requests.
# Possible values are: DISABLED, ENABLED and PRIVATE_TO_PUBLIC.
# WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using
# the alternate transport specification mechanism and defining a RecordRouteUri per
# transport: TransportXRecordRouteUri
ClientNatDetectionMode = DISABLED

# Set to greater than 0 to enable addition of Flow-Timer header to REGISTER responses if
# outbound is enabled (default: 0)
FlowTimer = 0

########################################################
# CertificateAuthenticator Monkey Settings
########################################################

# Enables certificate authenticator - note you MUST use a TlsTransport
# with TlsClientVerification set to Optional or Mandatory.
# There are two levels of checking:
# a) cert must be signed by a CA trusted by the stack
# b) the CN or one of the subjectAltName values must match the From:
# header of each SIP message on the TlsConnection
# Examples:
# Cert 1:
# common name = daniel@pocock.com.au
# => From: <daniel@pocock.com.au> is the only value that will pass
# Cert 2:
# subjectAltName = pocock.com.au
# => From: <<anything>@pocock.com.au> will be accepted
# Typically, case 1 is for a real client connection (e.g. Jitsi), case 2
# (whole domain) is for federated SIP proxy-to-proxy communication (RFC 5922)
EnableCertificateAuthenticator = false

# A static text file that contains mappings of X.509 Common Names to
# permitted SIP `From:' addresses
#
# Without this file, the default behavior of the CertificateAuthenticator
# ensures that the `From:' address in SIP messages must match the
# Common Name or one of the subjectAltNames from the X.509 certificate
#
# When this file is supplied, the CertificateAuthenticator will continue
# to allow SIP messages where there is an exact match between the
# certificate and the `From:' address, but it will also allow
# the holder of a particular certificate to use any of the `mapped'
# `From:' addresses specified in the mappings file
#
# Default: there is no default value: if this filename is not specified,
# repro will not look for it
#
# File format:
# common name<TAB><mapping>,<mapping>,...
#
# where:
# <TAB> is exactly one tab
# <mapping> is `user@domain' or just `domain'
#
#CommonNameMappings = /etc/repro/tlsUserMappings.txt

########################################################
# DigestAuthenticator Monkey Settings
########################################################

# Disable DIGEST challenges - disables this monkey
DisableAuth = false

# Http hostname for this server (used in Identity headers)
HttpHostname =

# Disable adding identity headers
DisableIdentity = false

# Enable addition and processing of P-Asserted-Identity headers
EnablePAssertedIdentityProcessing = false

# Disable auth-int DIGEST challenges
DisableAuthInt = false

# Send 403 if a client sends a bad nonce in their credentials (will send a new
# challenge otherwise)
RejectBadNonces = false

# allow To tag in registrations
AllowBadReg = false

########################################################
# RequestFilter Monkey Settings
########################################################

# Disable RequestFilter monkey processing
DisableRequestFilterProcessor = false

# Default behavior for when no matching filter is found. Leave empty to allow
# request processing to continue. Otherwise set to a SIP status error code
# (400-699) that should be used to reject the request (ie. 500, Server Internal
# Error).
# The status code can optionally be followed by a , and SIP reason text.
RequestFilterDefaultNoMatchBehavior =

# Default behavior for SQL Query db errors. Leave empty to allow request processing
# to continue. Otherwise set to a SIP status error code (400-699) that should be
# used to reject the request (ie. 500 - Server Internal Error).
# The status code can optionally be followed by a , and SIP reason text.
# Note: DB support for this action requires MySQL support.
RequestFilterDefaultDBErrorBehavior = 500, Server Internal DB Error

# The hostname running MySQL server to connect to for any blocked entries
# that are configured to used a SQL statement.
# WARNING: repro must be compiled with the USE_MYSQL flag in order for this work.
#
# Note: If this setting is left blank then repro will fallback all remaining my sql
# settings to use the global RuntimeMySQLServer or MySQLServer settings. See the
# documentation on the global MySQLServer settings for more details on the following
# individual settings.
RequestFilterMySQLServer =
RequestFilterMySQLUser = root
RequestFilterMySQLPassword = root
RequestFilterMySQLDatabaseName =
RequestFilterMySQLPort = 3306

########################################################
# StaticRoute Monkey Settings
########################################################

# Specify where to route requests that are in this proxy's domain - disables the
# routes in the web interface and uses a SimpleStaticRoute monkey instead.
# A comma seperated list of routes can be specified here and each route will
# be added to the outbound Requests with the RequestUri left in tact.
Routes =

# Parallel fork to all matching static routes
ParallelForkStaticRoutes = false

# By default (false) we will stop looking for more Targets if we have found
# matching routes. Setting this value to true will allow the LocationServer Monkey
# to run after StaticRoutes have been found. In this case the matching
# StaticRoutes become fallback targets, processed only after all location server
# targets fail.
ContinueProcessingAfterRoutesFound = false

########################################################
# Message Silo Monkey Settings
########################################################

# Specify where the Message Silo is enabled or not. If enabled,
# then repro will store MESSAGE requests for users that are not online.
# When the user is back online (ie. registers with repro), the stored
# messages will be delivered.
MessageSiloEnabled = false

# A regular expression that can be used to filter which URI's not to
# do message storage (siloing) for. Destination/To URI's matching
# this regular expression will not be silo'd.
MessageSiloDestFilterRegex =

# A regular expression that can be used to filter which body/content/mime
# types not to do message storage (siloing) for. Content-Type's matching
# this regular expression will not be silo'd.
MessageSiloMimeTypeFilterRegex = application\/im\-iscomposing\+xml

# The number of seconds a message request will be stored in the message silo.
# Messages older than this time, are candidates for deletion.
# Default (259200 seconds = 30 days)
MessageSiloExpirationTime = 2592000

# Flag to indicate if a Date header should be added to replayed SIP
# MESSAGEs from the silo, when a user registers.
MessageSiloAddDateHeader = true

# Defines the maximum message content length (bytes) that will be stored in
# the message silo. Messages with a Content-Length larger than this
# value will be discarded.
# WARNING: Do not increasing this value beyond the capabilities of the
# database storage or internal buffers.
# Note: AbstractDb uses a read buffer size of 8192 - do not exceed this size.
MessageSiloMaxContentLength = 4096

# The status code returned to the sender when a messages is successfully
# silo'd.
MessageSiloSuccessStatusCode = 202

# The status code returned to the sender when a messages mime-type matches
# the MessageSiloMimeTypeFilterRegex. Can be used to avoid sending errors
# to isComposing mime bodies that don't need to be silod. Set to 0 to use
# repro standard response (ie. 480).
MessageSiloFilteredMimeTypeStatusCode = 200

# The status code returned to the sender when a messages is not silo'd due
# to the MaxContentLength being exceeded.
MessageSiloFailureStatusCode = 480

########################################################
# Recursive Redirect Lemur Settings
########################################################

# Handle 3xx responses in the proxy - enables the Recursive Redirect Lemur
RecursiveRedirect = false

########################################################
# Geo Proximity Target Sorter Baboon Settings
########################################################

# If enabled, then this baboon can post-process the target list.
# This includes targets from the StaticRoute monkey and/or targets
# from the LocationServer monkey. Requests that meet the filter
# criteria will have their Target list, flatened (serialized) and
# ordered based on the proximity of the target to the client sending
# the request. Proximity is determined by looking for a
# x-repro-geolocation="<latitude>,<longitude>" parameter on the Contact
# header of a received request, or the Contact headers of Registration
# requests. If this parameter is not found, then this processor will
# attempt to determine the public IP address closest to the client or
# target and use the MaxMind Geo IP library to lookup the geo location.
GeoProximityTargetSorting = false

# Specify the full path to the IPv4 Geo City database file
# Note: A free version of the database can be downloaded from here:
# http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# For a more accurate database, please see the details here:
# http://www.maxmind.com/app/city
GeoProximityIPv4CityDatabaseFile = GeoLiteCity.dat

# Specify the full path to the IPv6 Geo City database file
# Note: A free version of the database can be downloaded from here:
# http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/
# For a more accurate database, please see the details here:
# http://www.maxmind.com/app/city
# Leave blank to disable V6 lookups. Saves memory (if not required).
#GeoProximityIPv6CityDatabaseFile = GeoLiteCityv6.dat
GeoProximityIPv6CityDatabaseFile =

# This setting specifies a PCRE compliant regular expression to attempt
# to match against the request URI of inbound requests. Any requests
# matching this expression, will have its Targets sorted as described
# above. Leave blank to match all requests.
GeoProximityRequestUriFilter = ^sip:mediaserver.*@mydomain.com$

# The distance (in Kilometers) to use for proximity sorting, when the
# Geo Location of a target cannot be determined.
GeoProximityDefaultDistance = 0

# If enabled, then targets that are determined to be of equal distance
# from the client, will be placed in a random order.
LoadBalanceEqualDistantTargets = true

########################################################
# Q-Value Target Handler Baboon Settings
########################################################

# Enable sequential q-value processing - enables the Baboon
QValue = true

# Specify forking behavior for q-value targets: FULL_SEQUENTIAL, EQUAL_Q_PARALLEL,
# or FULL_PARALLEL
QValueBehavior = EQUAL_Q_PARALLEL

# Whether to cancel groups of parallel forks after the period specified by the
# QValueMsBeforeCancel parameter.
QValueCancelBetweenForkGroups = true

# msec to wait before cancelling parallel fork groups when QValueCancelBetweenForkGroups
# is true
QValueMsBeforeCancel = 30000

# Whether to wait for parallel fork groups to terminate before starting new fork-groups.
QValueWaitForTerminateBetweenForkGroups = true

# msec to wait before starting new groups of parallel forks when
# QValueWaitForTerminateBetweenForkGroups is false
QValueMsBetweenForkGroups = 3000