I got the xfrm.h updated. I am running tests various distros. The errors were due to the order in which in.h and in6.h were included.
On Wed, Jun 28, 2017 at 08:03:49AM +0000, Ilan Tayari wrote: > This reminds me of a different thing. > With the crypto offload we easily reach 18Gbps on a single SA, and we expect > to increase speed even more soon. > > This means without ESN, we deplete the 2^32 sequence numbers after ~47 > minutes. Interesting! > I can set the SA lifetime to less than that, but it would be nicer to have > the daemon set a soft limit on packet count, and then rekey just in time > before the sequence numbers deplete, regardless of how fast I generate the > traffic. > > What do you think? I think it is a nice to have. Paul added the keywords. I will see if I can finish it. -antony _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
