Update Nebula docs with new settings (#350)

Author: johnmaguire

docs/config/firewall.mdx

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 13
+sidebar_position: 14
 description: Configure inbound and outbound firewall rules for a Nebula host
 ---
 

docs/config/handshake.mdx

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 16
+sidebar_position: 17
 description: Configuration of the Nebula handshake manager subsystem.
 ---
 

docs/config/listen.mdx

@@ -56,6 +56,17 @@ packets `always`, `never`, or only to `private` network remotes.
 
 Valid values: `always`, `never`, `private`
 
+## listen.accept_recv_error
+
+<Pill className="mb-24">Reloadable</Pill> <Pill className="mb-24">Default: `always`</Pill>
+<Pill className="mb-24">Added in v1.10.1</Pill>
+
+Controls whether Nebula accepts `recv_error` packets from remote hosts. This is the counterpart to
+[`send_recv_error`](#listensend_recv_error) — while `send_recv_error` controls whether your node _sends_ these packets,
+`accept_recv_error` controls whether your node _acts on_ them when received.
+
+Valid values: `always`, `never`, `private`
+
 ## listen.so_mark
 
 <Pill className="mb-24">Added in v1.10.0</Pill>

docs/config/local-range.mdx

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 17
+sidebar_position: 18
 description: local_ranges has been deprecated in favor of preferred_ranges
 ---
 

docs/config/logging.mdx

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 12
+sidebar_position: 13
 description: Logging configuration reference for Nebula mesh networking.
 ---
 

docs/config/routines.mdx

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 14
+sidebar_position: 15
 description: Routines configuration reference for Nebula mesh networking.
 ---
 

docs/config/sshd.mdx

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 11
+sidebar_position: 12
 description: Enable Nebula's built-in debugging console, accessible via SSH.
 ---
 

docs/config/stats.mdx

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 15
+sidebar_position: 16
 description: Configure Prometheus or Graphite stats reporting in the Nebula client.
 ---
 

docs/config/tun.mdx

@@ -136,8 +136,20 @@ remaining available gateways, though load balancing may become uneven until the
 ## tun.use_system_route_table
 
 <Pill className="mb-24">Default: False</Pill>
+<Pill className="mb-24">Added in v1.7.0</Pill>
 
 This option is only supported on Linux.
 
 Set to true to manage unsafe routes directly on the system route table with gateway routes instead of in nebula
 configuration files.
+
+## tun.use_system_route_table_buffer_size
+
+<Pill className="mb-24">Default: 0</Pill>
+<Pill className="mb-24">Added in v1.10.0</Pill>
+
+This option is only supported on Linux.
+
+Buffer size for reading route updates. `0` means the system default buffer size is used
+(`/proc/sys/net/core/rmem_default`). If using massive route updates, for example BGP, you may need to increase this
+value to avoid packet loss. `SO_RCVBUFFORCE` is used to avoid having to raise the system wide max.

docs/config/tunnels.mdx

@@ -0,0 +1,33 @@
+---
+sidebar_position: 11
+description: Configure tunnel lifecycle management for Nebula mesh networking.
+---
+
+import { Pill } from '@components/Pill/Pill';
+
+# tunnels
+
+<Pill className="mb-24">Added in v1.9.6</Pill>
+
+`tunnels` configures tunnel lifecycle management, allowing Nebula to automatically drop tunnels that have been inactive
+for a period of time.
+
+```yml
+tunnels:
+  drop_inactive: false
+  inactivity_timeout: 10m
+```
+
+## tunnels.drop_inactive
+
+<Pill className="mb-24">Reloadable</Pill> <Pill className="mb-24">Default: false</Pill>
+
+Controls whether inactive tunnels are maintained or dropped after the `inactivity_timeout` period has elapsed. In
+general, it is a good idea to enable this setting. It will be enabled by default in a future release.
+
+## tunnels.inactivity_timeout
+
+<Pill className="mb-24">Reloadable</Pill> <Pill className="mb-24">Default: 10m</Pill>
+
+Controls how long a tunnel must not see any inbound or outbound traffic before being considered inactive and eligible to
+be dropped. Only applies when [`tunnels.drop_inactive`](#tunnelsdrop_inactive) is enabled.