diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-07-21 17:24:00 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-08-29 18:02:30 +0200 |
| commit | 528c40017e41ba17bfe9ea5a712b49b3ba5d2909 (patch) | |
| tree | b407214936cf52409f43910540c36c168c6ecf6c /conf | |
| parent | c6b9a3a48514c0d45981a6dabe89df4db1fb9e7f (diff) | |
| download | strongswan-528c40017e41ba17bfe9ea5a712b49b3ba5d2909.tar.bz2 strongswan-528c40017e41ba17bfe9ea5a712b49b3ba5d2909.tar.xz | |
conf: Extend description of charon.plugins.kernel-netlink.xfrm_acq_expires
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/plugins/kernel-netlink.opt | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt index 6adefd8de..0d465f607 100644 --- a/conf/plugins/kernel-netlink.opt +++ b/conf/plugins/kernel-netlink.opt @@ -61,8 +61,12 @@ charon.plugins.kernel-netlink.ignore_retransmit_errors = no Whether to ignore errors potentially resulting from a retransmission. charon.plugins.kernel-netlink.xfrm_acq_expires = 165 - Lifetime of XFRM acquire state in kernel. - - Lifetime of XFRM acquire state in kernel. The value gets written to - /proc/sys/net/core/xfrm_acq_expires. Indirectly controls the delay of XFRM - acquire messages sent. + Lifetime of XFRM acquire state and allocated SPIs in kernel. + + Lifetime of XFRM acquire state created by the kernel when traffic matches a + trap policy. The value gets written to /proc/sys/net/core/xfrm_acq_expires. + Indirectly controls the delay between XFRM acquire messages triggered by the + kernel for a trap policy. The same value is used as timeout for SPIs + allocated by the kernel. The default value equals the default total + retransmission timeout for IKE messages, see IKEv2 RETRANSMISSION + in **strongswan.conf**(5). |