[Ipsec-tools-devel] Control lifetime for GET SPI Request

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi All,
I am using linux kernel 2.6.31. I am using XFRM frame work via netlink,
for setting up kernel IPsec parameters.

I want to control the life time of the SA created during GET_SPI Request
using xfrm.
I always see that the hard expire is set to 30 sec, is it possible to do
this and if
possible how to achieve this .

Are SPi values from kernel unique , i have come across some values that
are repeated.

#ip -s xfrm state
src X  dst Y
        proto esp spi 0x00001fa0(8096) reqid 0(0x00000000) mode transport
        replay-window 0 seq 0x00000000
        sel src 192.168.68.3/32 dst 197.168.101.101/32 uid 0
        lifetime config:
          limit: soft (INF)(bytes), hard (INF)(bytes)
          limit: soft (INF)(packets), hard (INF)(packets)
          expire add: soft 0(sec),* hard 30(sec)*
          expire use: soft 0(sec), hard 0(sec)
        lifetime current:
          0(bytes), 0(packets)
          add 2011-07-20 10:39:05 use -
        stats:
          replay-window 0 replay 0 failed 0

Kindly revert

Thanks and Regards
Naveen