Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 00308f85 authored by Benedict Wong's avatar Benedict Wong
Browse files

Set SPI Allocation Timeout to One Hour 

This change increases the default expiration length of an SA to 1h. The
IPsec API expects that SPIs are allocated indefinitely, but potential
for instability requires that these get cleaned up automatically. As
such, the duration was chosen as a sane, but long timeout value.

Bug: 72316671
Test: Added CTS tests to enforce this behavior
Change-Id: I47aef9cea4a09da253b2ec048a8797af5fa25529
parent 2733708c

rootdir/init.rc

+3 −0
Original line number Diff line number Diff line
@@ -573,6 +573,9 @@ on boot 
    hostname localhost

    domainname localdomain



    # IPsec SA default expiration length

    write /proc/sys/net/core/xfrm_acq_expires 3600



    # Memory management.  Basic kernel parameters, and allow the high

    # level system server to be able to adjust the kernel OOM driver

    # parameters to match how it is managing things.