#include <stdio.h>
#include <netdb.h>
+/**
+ * Magic value for an undefined lifetime
+ */
+#define LFT_UNDEFINED (~(u_int64_t)0)
+
typedef struct private_vici_config_t private_vici_config_t;
/**
.mode = MODE_TUNNEL,
.dpd_action = ACTION_NONE,
.start_action = ACTION_NONE,
+ .lft = {
+ .time = {
+ .life = LFT_UNDEFINED,
+ },
+ .bytes = {
+ .life = LFT_UNDEFINED,
+ },
+ .packets = {
+ .life = LFT_UNDEFINED,
+ },
+ }
};
child_cfg_t *cfg;
proposal_t *proposal;
proposal_create_default(PROTO_ESP));
}
+ /* if no hard lifetime specified, add one at soft lifetime + 10% */
+ if (child.lft.time.life == LFT_UNDEFINED)
+ {
+ child.lft.time.life = child.lft.time.rekey * 110 / 100;
+ }
+ if (child.lft.bytes.life == LFT_UNDEFINED)
+ {
+ child.lft.bytes.life = child.lft.bytes.rekey * 110 / 100;
+ }
+ if (child.lft.packets.life == LFT_UNDEFINED)
+ {
+ child.lft.packets.life = child.lft.packets.rekey * 110 / 100;
+ }
+
log_child_data(&child, name);
cfg = child_cfg_create(name, &child.lft, child.updown,
.fragmentation = FRAGMENTATION_NO,
.unique = UNIQUE_NO,
.keyingtries = 1,
+ .over_time = LFT_UNDEFINED,
};
peer_cfg_t *peer_cfg;
ike_cfg_t *ike_cfg;
peer.remote_addrs = strdup("%any");
}
+ if (peer.over_time == LFT_UNDEFINED)
+ {
+ /* default over_time to 10% of rekey/reauth time if not given */
+ peer.over_time = max(peer.rekey_time, peer.reauth_time) / 10;
+ }
+
log_peer_data(&peer);
ike_cfg = ike_cfg_create(peer.version, peer.send_certreq, peer.encap,
projects / thirdparty / strongswan.git / commitdiff
