From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 20 Dec 2008 11:39:33 +0000 (+0000)
Subject: server/keyexch.c: Lower the validity time for a challenge.
X-Git-Tag: 1.0.0pre8~40
X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/commitdiff_plain/56516aeb66062dd8dd5b4225a67e24096cf3fe3f

server/keyexch.c: Lower the validity time for a challenge.

If the server is busy dealing with LAN-speed traffic, it can easily
exhaust the 32 MB data limit within the 2 minutes allowed.  The result
of this is that another switch or switch-ok gets sent and ignored, and
no new keys are negotiated.  The only thing to do is lower the validity
time.  One key-exchange every 20 seconds isn't going to break the bank.
---

diff --git a/server/keyexch.c b/server/keyexch.c
index c2f035d4..6490dd73 100644
--- a/server/keyexch.c
+++ b/server/keyexch.c
@@ -77,7 +77,7 @@
 
 /*----- Tunable parameters ------------------------------------------------*/
 
-#define T_VALID MIN(2)			/* Challenge validity period */
+#define T_VALID SEC(20)			/* Challenge validity period */
 #define T_RETRY SEC(10)			/* Challenge retransmit interval */
 
 #define VALIDP(kx, now) ((now) < (kx)->t_valid)