main/ipsec-tools: add a patch to modify receive buffer size

this fixing behaviour on long backbuffer of packets to start
dropping packets instead of processing them late.

1 files changed, 33 insertions, 0 deletions

diff --git a/main/ipsec-tools/70-rcvbuf-size.patch b/main/ipsec-tools/70-rcvbuf-size.patch
new file mode 100644
index 0000000000..34e295decf
--- /dev/null
+++ b/main/ipsec-tools/70-rcvbuf-size.patch
@@ -0,0 +1,33 @@
+Index: src/racoon/isakmp.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v
+retrieving revision 1.60
+diff -u -r1.60 isakmp.c
+--- a/src/racoon/isakmp.c	3 Sep 2009 09:29:07 -0000	1.60
++++ b/src/racoon/isakmp.c	20 Aug 2010 11:59:20 -0000
+@@ -1579,6 +1579,7 @@
+ #ifdef ENABLE_NATT
+ 	int option = -1;
+ #endif
++        int rcvSize = 16384;
+ 
+ 	/* warn if wildcard address - should we forbid this? */
+ 	switch (addr->sa_family) {
+@@ -1706,6 +1707,17 @@
+ 		goto err;
+ 	}
+ 
++	/* set receive buffer size - shouldn't be too large otherwise
++	 * we can acommodate too long backbuffer of packets and not
++	 * able to handle any packets in real time */
++	if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF,
++	                (void*) &rcvSize, sizeof(rcvSize)) < 0) {
++                plog(LLV_ERROR, LOCATION, NULL,
++                     "failed to set SO_RCVBUF size (%s).\n",
++                     strerror(errno));
++                /* soft-error, continue even if this failed */
++        }
++
+ 	if (setsockopt_bypass(fd, addr->sa_family) < 0)
+ 		goto err;
+