Reenabled acq_expires SA timer using rekey timeout
authorMartin Willi <martin@strongswan.org>
Wed, 7 Oct 2009 09:40:36 +0000 (11:40 +0200)
committerMartin Willi <martin@strongswan.org>
Wed, 7 Oct 2009 11:09:59 +0000 (13:09 +0200)
While not using a SA expiration for allocating SPIs works fine,
the situation is much more problematic for kernel-created temporary
SAs from acquires. If the negotiation of such a CHILD_SA fails,
the created temporary SA can not be deleted.

src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c

index 08d494e..d280daf 100644 (file)
@@ -1996,7 +1996,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
        fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY);
        if (fd)
        {
-               ignore_result(write(fd, "0", 1));
+               ignore_result(write(fd, "165", 3));
                close(fd);
        }