Reenabled acq_expires SA timer using rekey timeout

While not using a SA expiration for allocating SPIs works fine, the situation is much more problematic for kernel-created temporary SAs from acquires. If the negotiation of such a CHILD_SA fails, the created temporary SA can not be deleted.
author: Martin Willi <martin@strongswan.org> 2009-10-07 11:40:36 +0200
committer: Martin Willi <martin@strongswan.org> 2009-10-07 13:09:59 +0200
commit: 4b1cd5a367058f2fe09d5e0e49a4c79eb5cd0193 (patch)
tree: c88a962eccf3b6d83a49c3efa4b96a936dacf372 /src
parent: 991f7ccd6c3887286645821a5c295710cf05f156 (diff)
download: strongswan-4b1cd5a367058f2fe09d5e0e49a4c79eb5cd0193.tar.bz2
strongswan-4b1cd5a367058f2fe09d5e0e49a4c79eb5cd0193.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 08d494ecb..d280daf74 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1996,7 +1996,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
 	fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY);
 	if (fd)
 	{
-		ignore_result(write(fd, "0", 1));
+		ignore_result(write(fd, "165", 3));
 		close(fd);
 	}
author	Martin Willi <martin@strongswan.org>	2009-10-07 11:40:36 +0200
committer	Martin Willi <martin@strongswan.org>	2009-10-07 13:09:59 +0200
commit	4b1cd5a367058f2fe09d5e0e49a4c79eb5cd0193 (patch)
tree	c88a962eccf3b6d83a49c3efa4b96a936dacf372 /src
parent	991f7ccd6c3887286645821a5c295710cf05f156 (diff)
download	strongswan-4b1cd5a367058f2fe09d5e0e49a4c79eb5cd0193.tar.bz2 strongswan-4b1cd5a367058f2fe09d5e0e49a4c79eb5cd0193.tar.xz