From 56516aeb66062dd8dd5b4225a67e24096cf3fe3f Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sat, 20 Dec 2008 11:39:33 +0000 Subject: [PATCH] server/keyexch.c: Lower the validity time for a challenge. If the server is busy dealing with LAN-speed traffic, it can easily exhaust the 32 MB data limit within the 2 minutes allowed. The result of this is that another switch or switch-ok gets sent and ignored, and no new keys are negotiated. The only thing to do is lower the validity time. One key-exchange every 20 seconds isn't going to break the bank. --- server/keyexch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/keyexch.c b/server/keyexch.c index c2f035d4..6490dd73 100644 --- a/server/keyexch.c +++ b/server/keyexch.c @@ -77,7 +77,7 @@ /*----- Tunable parameters ------------------------------------------------*/ -#define T_VALID MIN(2) /* Challenge validity period */ +#define T_VALID SEC(20) /* Challenge validity period */ #define T_RETRY SEC(10) /* Challenge retransmit interval */ #define VALIDP(kx, now) ((now) < (kx)->t_valid) -- 2.11.0