Update.

1 files changed, 10 insertions, 2 deletions

diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3
index 4837dc74f01..804d5bf83fc 100644
--- a/lib/libc/gen/sysctl.3
+++ b/lib/libc/gen/sysctl.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: sysctl.3,v 1.50 2000/08/18 23:13:25 fgsch Exp $
+.\"	$OpenBSD: sysctl.3,v 1.51 2000/09/19 03:17:10 angelos Exp $
 .\"
 .\" Copyright (c) 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -537,7 +537,6 @@ The currently defined protocols and names are:
 .It ip	porthilast	integer	yes
 .It ip	maxqueue	integer	yes
 .It ip	encdebug	integer	yes
-.It ip	ipsec-acl	integer	yes
 .It ip	ipsec-invalid-life	integer	yes
 .It ip	ipsec-pfs	integer	yes
 .It ip	ipsec-soft-allocs	integer	yes
@@ -550,6 +549,7 @@ The currently defined protocols and names are:
 .It ip	ipsec-firstuse	integer	yes
 .It ip	ipsec-enc-alg	string	yes
 .It ip	ipsec-auth-alg	string	yes
+.It ip	ipsec-expire-acquire	integer	yes
 .It icmp	maskrepl	integer	yes
 .It icmp	bmcastecho	integer	yes
 .It ipip	allow	integer	yes
@@ -723,6 +723,14 @@ Supported values are hmac-md5, hmac-sha1, and hmac-ripemd160.
 If set to any other value, it is left to the key management daemons to
 select an authentiction algorithm for the security association.
 The default value is hmac-sha1.
+.It Li ip.ipsec-expire-acquire
+How long should the kernel allow key management to dynamically acquire
+security associations, before re-sending a request.
+The default value is 30 seconds.
+.It Li ip.ipsec-keep-invalid
+How long half-created security associations should be kept by the kernel
+(these are created by key management daemons while negotiating).
+The default value is 60 seconds.
 .It Li ipip.allow
 If set to 0, incoming IP-in-IP packets will not be processed.
 If set to any other value, processing will occur.