server/keyexch.c: Lower the validity time for a challenge.

If the server is busy dealing with LAN-speed traffic, it can easily
exhaust the 32 MB data limit within the 2 minutes allowed.  The result
of this is that another switch or switch-ok gets sent and ignored, and
no new keys are negotiated.  The only thing to do is lower the validity
time.  One key-exchange every 20 seconds isn't going to break the bank.

diff --git a/server/keyexch.c b/server/keyexch.c
index c2f035d..6490dd7 100644 (file)
--- a/server/keyexch.c
+++ b/server/keyexch.c
@@ -77,7 +77,7 @@
 
 /*----- Tunable parameters ------------------------------------------------*/
 
-#define T_VALID MIN(2)                 /* Challenge validity period */
+#define T_VALID SEC(20)                        /* Challenge validity period */
 #define T_RETRY SEC(10)                        /* Challenge retransmit interval */
 
 #define VALIDP(kx, now) ((now) < (kx)->t_valid)