- st->key_lifetime=dict_read_number(dict,"key-lifetime",
- False,"site",loc,DEFAULT_KEY_LIFETIME);
- st->setup_retries=dict_read_number(dict,"setup-retries",
- False,"site",loc,DEFAULT_SETUP_RETRIES);
- st->setup_timeout=dict_read_number(dict,"setup-timeout",
- False,"site",loc,DEFAULT_SETUP_TIMEOUT);
- st->wait_timeout=dict_read_number(dict,"wait-time",
- False,"site",loc,DEFAULT_WAIT_TIME);
- /* XXX should be configurable */
- st->log_events=LOG_SECURITY|LOG_ERROR|
- LOG_ACTIVATE_KEY|LOG_TIMEOUT_KEY|LOG_SETUP_INIT|LOG_SETUP_TIMEOUT;
+ st->key_lifetime=dict_read_number(
+ dict,"key-lifetime",False,"site",loc,DEFAULT_KEY_LIFETIME);
+ st->setup_retries=dict_read_number(
+ dict,"setup-retries",False,"site",loc,DEFAULT_SETUP_RETRIES);
+ st->setup_timeout=dict_read_number(
+ dict,"setup-timeout",False,"site",loc,DEFAULT_SETUP_TIMEOUT);
+ st->wait_timeout=dict_read_number(
+ dict,"wait-time",False,"site",loc,DEFAULT_WAIT_TIME);
+
+ if (st->key_lifetime < DEFAULT_KEY_RENEGOTIATE_GAP*2)
+ st->key_renegotiate_time=st->key_lifetime/2;
+ else
+ st->key_renegotiate_time=st->key_lifetime-DEFAULT_KEY_RENEGOTIATE_GAP;
+ st->key_renegotiate_time=dict_read_number(
+ dict,"renegotiate-time",False,"site",loc,st->key_renegotiate_time);
+ if (st->key_renegotiate_time > st->key_lifetime) {
+ cfgfatal(loc,"site",
+ "renegotiate-time must be less than key-lifetime\n");
+ }
+ st->keepalive=dict_read_bool(dict,"keepalive",False,"site",loc,False);
+
+ st->log_events=string_list_to_word(dict_lookup(dict,"log-events"),
+ log_event_table,"site");