diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2012-08-23 14:58:18 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2012-08-23 14:59:26 +0300 |
| commit | 75708decfc9606471b2f84956c5aedbdc587b5c1 (patch) | |
| tree | 5758bae5c4e480bbec562b856d5c11ae1e51e7cb /main/ipsec-tools/02-pfkey-buffer-size-fix.patch | |
| parent | c2a9ab90408365e4d68c3bfe3350a09fd908881a (diff) | |
| download | aports-75708decfc9606471b2f84956c5aedbdc587b5c1.tar.bz2 aports-75708decfc9606471b2f84956c5aedbdc587b5c1.tar.xz | |
main/ipsec-tools: cherry-pick fixes from upstream CVS
Diffstat (limited to 'main/ipsec-tools/02-pfkey-buffer-size-fix.patch')
| -rw-r--r-- | main/ipsec-tools/02-pfkey-buffer-size-fix.patch | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/main/ipsec-tools/02-pfkey-buffer-size-fix.patch b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch new file mode 100644 index 0000000000..eb028304b8 --- /dev/null +++ b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch @@ -0,0 +1,65 @@ +Please note that diffs are not public domain; they are subject to the +copyright notices on the relevant files. + +=================================================================== +RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c,v +retrieving revision 1.21 +retrieving revision 1.21.2.1 +diff -u -p -r1.21 -r1.21.2.1 +--- ipsec-tools/src/libipsec/pfkey.c 2011/01/20 16:08:35 1.21 ++++ ipsec-tools/src/libipsec/pfkey.c 2011/11/14 13:25:06 1.21.2.1 +@@ -1,4 +1,4 @@ +-/* $NetBSD: pfkey.c,v 1.21 2011/01/20 16:08:35 vanhu Exp $ */ ++/* $NetBSD: pfkey.c,v 1.21.2.1 2011/11/14 13:25:06 tteras Exp $ */ + + /* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */ + +@@ -1783,7 +1783,9 @@ int + pfkey_open(void) + { + int so; +- int bufsiz = 128 * 1024; /*is 128K enough?*/ ++ int bufsiz_current, bufsiz_wanted; ++ int ret; ++ socklen_t len; + + if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) { + __ipsec_set_strerror(strerror(errno)); +@@ -1794,14 +1796,29 @@ pfkey_open(void) + * This is a temporary workaround for KAME PR 154. + * Don't really care even if it fails. + */ +- (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz)); +- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); +- bufsiz = 256 * 1024; +- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); +- bufsiz = 512 * 1024; +- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); +- bufsiz = 1024 * 1024; +- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); ++ /* Try to have 128k. If we have more, do not lower it. */ ++ bufsiz_wanted = 128 * 1024; ++ len = sizeof(bufsiz_current); ++ ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF, ++ &bufsiz_current, &len); ++ if ((ret < 0) || (bufsiz_current < bufsiz_wanted)) ++ (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, ++ &bufsiz_wanted, sizeof(bufsiz_wanted)); ++ ++ /* Try to have have at least 2MB. If we have more, do not lower it. */ ++ bufsiz_wanted = 2 * 1024 * 1024; ++ len = sizeof(bufsiz_current); ++ ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF, ++ &bufsiz_current, &len); ++ if (ret < 0) ++ bufsiz_current = 128 * 1024; ++ ++ for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) { ++ if (setsockopt(so, SOL_SOCKET, SO_RCVBUF, ++ &bufsiz_wanted, sizeof(bufsiz_wanted)) == 0) ++ break; ++ } ++ + __ipsec_errcode = EIPSEC_NO_ERROR; + return so; + } |