ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
strongswan/conf
History
Tobias Brunner 2f3c08d268 ikev1: Allow immediate deletion of rekeyed CHILD_SAs 
When charon rekeys a CHILD_SA after a soft limit expired, it is only
deleted after the hard limit is reached.  In case of packet/byte limits
this may not be the case for a long time since the packets/bytes are
usually sent using the new SA.  This may result in a very large number of
stale CHILD_SAs and kernel states.  With enough connections configured this
will ultimately exhaust the memory of the system.

This patch adds a strongswan.conf setting that, if enabled, causes the old
CHILD_SA to be deleted by the initiator after a successful rekeying.

Enabling this setting might create problems with implementations that
continue to use rekeyed SAs (e.g. if the DELETE notify is lost).
 		2016-03-03 17:28:03 +01:00
..
options ikev1: Allow immediate deletion of rekeyed CHILD_SAs 2016-03-03 17:28:03 +01:00
plugins eap-radius: Add ability to configure RADIUS retransmission behavior 2015-11-17 14:25:08 +01:00
.gitignore conf: Ignore generated strongswan.conf.5.main 2014-02-18 10:08:54 +01:00
Makefile.am conf: Add documentation for new osx-attr option 2015-08-28 15:49:58 +02:00
default.opt conf: Generate and install config sippets for option descriptions 2014-02-12 14:34:33 +01:00
format-options.py conf: Add support for escaping dots in section/option names 2015-12-04 18:22:44 +01:00
strongswan.conf conf: Generate and install config sippets for option descriptions 2014-02-12 14:34:33 +01:00
strongswan.conf.5.head.in conf: Split strongswan.conf(5) man page and use generated snippet 2014-02-12 14:34:33 +01:00
strongswan.conf.5.tail.in conf: Document variables and config files/dirs 2014-02-12 14:34:34 +01:00