diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2021-08-03 12:46:31 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2021-08-03 12:46:31 +0000 |
| commit | 72b3da5e1fc00c1f9722375538c295d3b2c01ae5 (patch) | |
| tree | f5ec2500a6fc0f6cfdacc7accded14160956682b /sbin/iked | |
| parent | 6f3fe88fd66db0cafe6379d43fbfd038f3e92ead (diff) | |
Increase default data bytes limit for Child SAs to 4 GB.
Lower limits lead to excessive rekeying and lost data in high performance
setups without much benefit.
Brought up by mvs@
ok patrick@ sthen@
Diffstat (limited to 'sbin/iked')
| -rw-r--r-- | sbin/iked/iked.conf.5 | 8 | ||||
| -rw-r--r-- | sbin/iked/types.h | 4 |
2 files changed, 6 insertions, 6 deletions
diff --git a/sbin/iked/iked.conf.5 b/sbin/iked/iked.conf.5 index a67d1d184e4..df1a0f09442 100644 --- a/sbin/iked/iked.conf.5 +++ b/sbin/iked/iked.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: iked.conf.5,v 1.85 2021/04/11 23:27:06 tobhe Exp $ +.\" $OpenBSD: iked.conf.5,v 1.86 2021/08/03 12:46:30 tobhe Exp $ .\" .\" Copyright (c) 2010 - 2014 Reyk Floeter <reyk@openbsd.org> .\" Copyright (c) 2004 Mathieu Sauve-Frankel All rights reserved. @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: April 11 2021 $ +.Dd $Mdocdate: August 3 2021 $ .Dt IKED.CONF 5 .Os .Sh NAME @@ -586,8 +586,8 @@ parameter defines the Child SA expiration timeout by the SA was in use and by the number of .Ar bytes that were processed using the SA. -Default values are 3 hours and 512 megabytes which means that SA will be -rekeyed before reaching the time limit or 512 megabytes of data +Default values are 3 hours and 4 gigabytes which means that SA will be +rekeyed before reaching the time limit or 4 gigabytes of data will pass through. Zero values disable rekeying. .Pp diff --git a/sbin/iked/types.h b/sbin/iked/types.h index 889398db226..b16d04c1ab6 100644 --- a/sbin/iked/types.h +++ b/sbin/iked/types.h @@ -1,4 +1,4 @@ -/* $OpenBSD: types.h,v 1.43 2021/05/13 15:20:48 tobhe Exp $ */ +/* $OpenBSD: types.h,v 1.44 2021/08/03 12:46:30 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -67,7 +67,7 @@ #define IKED_CYCLE_BUFFERS 8 /* # of static buffers for mapping */ #define IKED_PASSWORD_SIZE 256 /* limited by most EAP types */ -#define IKED_LIFETIME_BYTES 536870912 /* 512 Mb */ +#define IKED_LIFETIME_BYTES 4294967296 /* 4 GB */ #define IKED_LIFETIME_SECONDS 10800 /* 3 hours */ #define IKED_E 0x1000 /* Decrypted flag */ |