[Ipsec-tools-devel] Control lifetime for GET SPI Request
Brought to you by:
mit_warlord,
netbsd
From: krbmit s. <kr...@gm...> - 2011-07-20 05:17:31
|
Hi All, I am using linux kernel 2.6.31. I am using XFRM frame work via netlink, for setting up kernel IPsec parameters. I want to control the life time of the SA created during GET_SPI Request using xfrm. I always see that the hard expire is set to 30 sec, is it possible to do this and if possible how to achieve this . Are SPi values from kernel unique , i have come across some values that are repeated. #ip -s xfrm state src X dst Y proto esp spi 0x00001fa0(8096) reqid 0(0x00000000) mode transport replay-window 0 seq 0x00000000 sel src 192.168.68.3/32 dst 197.168.101.101/32 uid 0 lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec),* hard 30(sec)* expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2011-07-20 10:39:05 use - stats: replay-window 0 replay 0 failed 0 Kindly revert Thanks and Regards Naveen |