Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
This commit is contained in:
parent
71da001753
commit
8015c91cb9
|
@ -786,7 +786,8 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
|
||||||
child_cfg = child_cfg_create(
|
child_cfg = child_cfg_create(
|
||||||
msg->add_conn.name, &lifetime,
|
msg->add_conn.name, &lifetime,
|
||||||
msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
|
msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
|
||||||
msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp, 0);
|
msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp,
|
||||||
|
msg->add_conn.inactivity);
|
||||||
child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
|
child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
|
||||||
msg->add_conn.install_policy);
|
msg->add_conn.install_policy);
|
||||||
add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
|
add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
|
||||||
|
|
|
@ -227,6 +227,7 @@ static const token_info_t token_info[] =
|
||||||
{ ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL },
|
{ ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL },
|
||||||
{ ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL },
|
{ ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL },
|
||||||
{ ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action },
|
{ ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action },
|
||||||
|
{ ARG_TIME, offsetof(starter_conn_t, inactivity), NULL },
|
||||||
{ ARG_MISC, 0, NULL /* KW_MODECONFIG */ },
|
{ ARG_MISC, 0, NULL /* KW_MODECONFIG */ },
|
||||||
{ ARG_MISC, 0, NULL /* KW_XAUTH */ },
|
{ ARG_MISC, 0, NULL /* KW_XAUTH */ },
|
||||||
{ ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool },
|
{ ARG_ENUM, offsetof(starter_conn_t, me_mediation), LST_bool },
|
||||||
|
|
|
@ -135,6 +135,8 @@ struct starter_conn {
|
||||||
dpd_action_t dpd_action;
|
dpd_action_t dpd_action;
|
||||||
int dpd_count;
|
int dpd_count;
|
||||||
|
|
||||||
|
time_t inactivity;
|
||||||
|
|
||||||
bool me_mediation;
|
bool me_mediation;
|
||||||
char *me_mediated_by;
|
char *me_mediated_by;
|
||||||
char *me_peerid;
|
char *me_peerid;
|
||||||
|
|
|
@ -348,6 +348,10 @@ defines the timeout interval, after which all connections to a peer are deleted
|
||||||
in case of inactivity. This only applies to IKEv1, in IKEv2 the default
|
in case of inactivity. This only applies to IKEv1, in IKEv2 the default
|
||||||
retransmission timeout applies, as every exchange is used to detect dead peers.
|
retransmission timeout applies, as every exchange is used to detect dead peers.
|
||||||
.TP
|
.TP
|
||||||
|
.B inactivity
|
||||||
|
defines the timeout interval, after which a CHILD_SA is closed if it did
|
||||||
|
not send or receive any traffic. Currently supported in IKEv2 connections only.
|
||||||
|
.TP
|
||||||
.B eap
|
.B eap
|
||||||
defines the EAP type to propose as server if the client requests EAP
|
defines the EAP type to propose as server if the client requests EAP
|
||||||
authentication. This parameter is deprecated in the favour of
|
authentication. This parameter is deprecated in the favour of
|
||||||
|
|
|
@ -90,6 +90,7 @@ typedef enum {
|
||||||
KW_DPDDELAY,
|
KW_DPDDELAY,
|
||||||
KW_DPDTIMEOUT,
|
KW_DPDTIMEOUT,
|
||||||
KW_DPDACTION,
|
KW_DPDACTION,
|
||||||
|
KW_INACTIVITY,
|
||||||
KW_MODECONFIG,
|
KW_MODECONFIG,
|
||||||
KW_XAUTH,
|
KW_XAUTH,
|
||||||
KW_MEDIATION,
|
KW_MEDIATION,
|
||||||
|
|
|
@ -81,6 +81,7 @@ pfsgroup, KW_PFSGROUP
|
||||||
dpddelay, KW_DPDDELAY
|
dpddelay, KW_DPDDELAY
|
||||||
dpdtimeout, KW_DPDTIMEOUT
|
dpdtimeout, KW_DPDTIMEOUT
|
||||||
dpdaction, KW_DPDACTION
|
dpdaction, KW_DPDACTION
|
||||||
|
inactivity, KW_INACTIVITY
|
||||||
modeconfig, KW_MODECONFIG
|
modeconfig, KW_MODECONFIG
|
||||||
xauth, KW_XAUTH
|
xauth, KW_XAUTH
|
||||||
mediation, KW_MEDIATION
|
mediation, KW_MEDIATION
|
||||||
|
|
|
@ -264,6 +264,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
||||||
msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
|
msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
|
||||||
msg.add_conn.dpd.delay = conn->dpd_delay;
|
msg.add_conn.dpd.delay = conn->dpd_delay;
|
||||||
msg.add_conn.dpd.action = conn->dpd_action;
|
msg.add_conn.dpd.action = conn->dpd_action;
|
||||||
|
msg.add_conn.inactivity = conn->inactivity;
|
||||||
msg.add_conn.ikeme.mediation = conn->me_mediation;
|
msg.add_conn.ikeme.mediation = conn->me_mediation;
|
||||||
msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
|
msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
|
||||||
msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid);
|
msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid);
|
||||||
|
|
|
@ -223,6 +223,7 @@ struct stroke_msg_t {
|
||||||
int mobike;
|
int mobike;
|
||||||
int force_encap;
|
int force_encap;
|
||||||
int ipcomp;
|
int ipcomp;
|
||||||
|
time_t inactivity;
|
||||||
int proxy_mode;
|
int proxy_mode;
|
||||||
int install_policy;
|
int install_policy;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue