starter: Add a replay_window connection option

2014-06-16 17:36:13 +02:00 · 2014-06-16 17:36:13 +02:00 · d5367d2262
parent 823ce4a37f
commit d5367d2262
8 changed files with 12 additions and 0 deletions
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@ -1151,6 +1151,10 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
 				map_action(msg->add_conn.close_action), msg->add_conn.ipcomp,
 				msg->add_conn.inactivity, msg->add_conn.reqid,
 				&mark_in, &mark_out, msg->add_conn.tfc);
+	if (msg->add_conn.replay_window != -1)
+	{
+		child_cfg->set_replay_window(child_cfg, msg->add_conn.replay_window);
+	}
 	child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
 											msg->add_conn.install_policy);
 	add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
--- a/src/starter/args.c
+++ b/src/starter/args.c
@ -173,6 +173,7 @@ static const token_info_t token_info[] =
 	{ ARG_STR,  offsetof(starter_conn_t, me_mediated_by), NULL                     },
 	{ ARG_STR,  offsetof(starter_conn_t, me_peerid), NULL                          },
 	{ ARG_UINT, offsetof(starter_conn_t, reqid), NULL                              },
+	{ ARG_UINT, offsetof(starter_conn_t, replay_window), NULL                      },
 	{ ARG_MISC, 0, NULL  /* KW_MARK */                                             },
 	{ ARG_MISC, 0, NULL  /* KW_MARK_IN */                                          },
 	{ ARG_MISC, 0, NULL  /* KW_MARK_OUT */                                         },
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@ -34,6 +34,7 @@
 #define SA_REPLACEMENT_MARGIN_DEFAULT  540 /* 9 minutes */
 #define SA_REPLACEMENT_FUZZ_DEFAULT    100 /* 100% of margin */
 #define SA_REPLACEMENT_RETRIES_DEFAULT   3
+#define SA_REPLAY_WINDOW_DEFAULT        -1 /* use charon.replay_window */

 static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
 static const char esp_defaults[] = "aes128-sha1,3des-sha1";
@ -132,6 +133,7 @@ static void default_values(starter_config_t *cfg)
 	cfg->conn_default.install_policy        = TRUE;
 	cfg->conn_default.dpd_delay             =  30; /* seconds */
 	cfg->conn_default.dpd_timeout           = 150; /* seconds */
+	cfg->conn_default.replay_window         = SA_REPLAY_WINDOW_DEFAULT;

 	cfg->conn_default.left.seen  = SEEN_NONE;
 	cfg->conn_default.right.seen = SEEN_NONE;
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@ -162,6 +162,7 @@ struct starter_conn {
 		u_int32_t       reqid;
 		mark_t          mark_in;
 		mark_t          mark_out;
+		u_int32_t       replay_window;
 		u_int32_t       tfc;
 		bool            install_policy;
 		bool            aggressive;
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@ -69,6 +69,7 @@ typedef enum {
 	KW_MEDIATED_BY,
 	KW_ME_PEERID,
 	KW_REQID,
+	KW_REPLAY_WINDOW,
 	KW_MARK,
 	KW_MARK_IN,
 	KW_MARK_OUT,
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@ -69,6 +69,7 @@ mediation,         KW_MEDIATION
 mediated_by,       KW_MEDIATED_BY
 me_peerid,         KW_ME_PEERID
 reqid,             KW_REQID
+replay_window,     KW_REPLAY_WINDOW
 mark,              KW_MARK
 mark_in,           KW_MARK_IN
 mark_out,          KW_MARK_OUT
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@ -202,6 +202,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
 	msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid);
 	msg.add_conn.reqid = conn->reqid;
+	msg.add_conn.replay_window = conn->replay_window;
 	msg.add_conn.mark_in.value = conn->mark_in.value;
 	msg.add_conn.mark_in.mask = conn->mark_in.mask;
 	msg.add_conn.mark_out.value = conn->mark_out.value;
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@ -304,6 +304,7 @@ struct stroke_msg_t {
 				u_int32_t mask;
 			} mark_in, mark_out;
 			stroke_end_t me, other;
+			u_int32_t replay_window;
 		} add_conn;

 		/* data for STR_ADD_CA */