From 4b1cd5a367058f2fe09d5e0e49a4c79eb5cd0193 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 7 Oct 2009 11:40:36 +0200 Subject: Reenabled acq_expires SA timer using rekey timeout While not using a SA expiration for allocating SPIs works fine, the situation is much more problematic for kernel-created temporary SAs from acquires. If the negotiation of such a CHILD_SA fails, the created temporary SA can not be deleted. --- src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c') diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 08d494ecb..d280daf74 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1996,7 +1996,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY); if (fd) { - ignore_result(write(fd, "0", 1)); + ignore_result(write(fd, "165", 3)); close(fd); } -- cgit v1.2.3