starter: Add a replay_window connection option
This commit is contained in:
parent
823ce4a37f
commit
d5367d2262
|
@ -1151,6 +1151,10 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
|
||||||
map_action(msg->add_conn.close_action), msg->add_conn.ipcomp,
|
map_action(msg->add_conn.close_action), msg->add_conn.ipcomp,
|
||||||
msg->add_conn.inactivity, msg->add_conn.reqid,
|
msg->add_conn.inactivity, msg->add_conn.reqid,
|
||||||
&mark_in, &mark_out, msg->add_conn.tfc);
|
&mark_in, &mark_out, msg->add_conn.tfc);
|
||||||
|
if (msg->add_conn.replay_window != -1)
|
||||||
|
{
|
||||||
|
child_cfg->set_replay_window(child_cfg, msg->add_conn.replay_window);
|
||||||
|
}
|
||||||
child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
|
child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
|
||||||
msg->add_conn.install_policy);
|
msg->add_conn.install_policy);
|
||||||
add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
|
add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
|
||||||
|
|
|
@ -173,6 +173,7 @@ static const token_info_t token_info[] =
|
||||||
{ ARG_STR, offsetof(starter_conn_t, me_mediated_by), NULL },
|
{ ARG_STR, offsetof(starter_conn_t, me_mediated_by), NULL },
|
||||||
{ ARG_STR, offsetof(starter_conn_t, me_peerid), NULL },
|
{ ARG_STR, offsetof(starter_conn_t, me_peerid), NULL },
|
||||||
{ ARG_UINT, offsetof(starter_conn_t, reqid), NULL },
|
{ ARG_UINT, offsetof(starter_conn_t, reqid), NULL },
|
||||||
|
{ ARG_UINT, offsetof(starter_conn_t, replay_window), NULL },
|
||||||
{ ARG_MISC, 0, NULL /* KW_MARK */ },
|
{ ARG_MISC, 0, NULL /* KW_MARK */ },
|
||||||
{ ARG_MISC, 0, NULL /* KW_MARK_IN */ },
|
{ ARG_MISC, 0, NULL /* KW_MARK_IN */ },
|
||||||
{ ARG_MISC, 0, NULL /* KW_MARK_OUT */ },
|
{ ARG_MISC, 0, NULL /* KW_MARK_OUT */ },
|
||||||
|
|
|
@ -34,6 +34,7 @@
|
||||||
#define SA_REPLACEMENT_MARGIN_DEFAULT 540 /* 9 minutes */
|
#define SA_REPLACEMENT_MARGIN_DEFAULT 540 /* 9 minutes */
|
||||||
#define SA_REPLACEMENT_FUZZ_DEFAULT 100 /* 100% of margin */
|
#define SA_REPLACEMENT_FUZZ_DEFAULT 100 /* 100% of margin */
|
||||||
#define SA_REPLACEMENT_RETRIES_DEFAULT 3
|
#define SA_REPLACEMENT_RETRIES_DEFAULT 3
|
||||||
|
#define SA_REPLAY_WINDOW_DEFAULT -1 /* use charon.replay_window */
|
||||||
|
|
||||||
static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
|
static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
|
||||||
static const char esp_defaults[] = "aes128-sha1,3des-sha1";
|
static const char esp_defaults[] = "aes128-sha1,3des-sha1";
|
||||||
|
@ -132,6 +133,7 @@ static void default_values(starter_config_t *cfg)
|
||||||
cfg->conn_default.install_policy = TRUE;
|
cfg->conn_default.install_policy = TRUE;
|
||||||
cfg->conn_default.dpd_delay = 30; /* seconds */
|
cfg->conn_default.dpd_delay = 30; /* seconds */
|
||||||
cfg->conn_default.dpd_timeout = 150; /* seconds */
|
cfg->conn_default.dpd_timeout = 150; /* seconds */
|
||||||
|
cfg->conn_default.replay_window = SA_REPLAY_WINDOW_DEFAULT;
|
||||||
|
|
||||||
cfg->conn_default.left.seen = SEEN_NONE;
|
cfg->conn_default.left.seen = SEEN_NONE;
|
||||||
cfg->conn_default.right.seen = SEEN_NONE;
|
cfg->conn_default.right.seen = SEEN_NONE;
|
||||||
|
|
|
@ -162,6 +162,7 @@ struct starter_conn {
|
||||||
u_int32_t reqid;
|
u_int32_t reqid;
|
||||||
mark_t mark_in;
|
mark_t mark_in;
|
||||||
mark_t mark_out;
|
mark_t mark_out;
|
||||||
|
u_int32_t replay_window;
|
||||||
u_int32_t tfc;
|
u_int32_t tfc;
|
||||||
bool install_policy;
|
bool install_policy;
|
||||||
bool aggressive;
|
bool aggressive;
|
||||||
|
|
|
@ -69,6 +69,7 @@ typedef enum {
|
||||||
KW_MEDIATED_BY,
|
KW_MEDIATED_BY,
|
||||||
KW_ME_PEERID,
|
KW_ME_PEERID,
|
||||||
KW_REQID,
|
KW_REQID,
|
||||||
|
KW_REPLAY_WINDOW,
|
||||||
KW_MARK,
|
KW_MARK,
|
||||||
KW_MARK_IN,
|
KW_MARK_IN,
|
||||||
KW_MARK_OUT,
|
KW_MARK_OUT,
|
||||||
|
|
|
@ -69,6 +69,7 @@ mediation, KW_MEDIATION
|
||||||
mediated_by, KW_MEDIATED_BY
|
mediated_by, KW_MEDIATED_BY
|
||||||
me_peerid, KW_ME_PEERID
|
me_peerid, KW_ME_PEERID
|
||||||
reqid, KW_REQID
|
reqid, KW_REQID
|
||||||
|
replay_window, KW_REPLAY_WINDOW
|
||||||
mark, KW_MARK
|
mark, KW_MARK
|
||||||
mark_in, KW_MARK_IN
|
mark_in, KW_MARK_IN
|
||||||
mark_out, KW_MARK_OUT
|
mark_out, KW_MARK_OUT
|
||||||
|
|
|
@ -202,6 +202,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
||||||
msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
|
msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
|
||||||
msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid);
|
msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid);
|
||||||
msg.add_conn.reqid = conn->reqid;
|
msg.add_conn.reqid = conn->reqid;
|
||||||
|
msg.add_conn.replay_window = conn->replay_window;
|
||||||
msg.add_conn.mark_in.value = conn->mark_in.value;
|
msg.add_conn.mark_in.value = conn->mark_in.value;
|
||||||
msg.add_conn.mark_in.mask = conn->mark_in.mask;
|
msg.add_conn.mark_in.mask = conn->mark_in.mask;
|
||||||
msg.add_conn.mark_out.value = conn->mark_out.value;
|
msg.add_conn.mark_out.value = conn->mark_out.value;
|
||||||
|
|
|
@ -304,6 +304,7 @@ struct stroke_msg_t {
|
||||||
u_int32_t mask;
|
u_int32_t mask;
|
||||||
} mark_in, mark_out;
|
} mark_in, mark_out;
|
||||||
stroke_end_t me, other;
|
stroke_end_t me, other;
|
||||||
|
u_int32_t replay_window;
|
||||||
} add_conn;
|
} add_conn;
|
||||||
|
|
||||||
/* data for STR_ADD_CA */
|
/* data for STR_ADD_CA */
|
||||||
|
|
Loading…
Reference in New Issue