aboutsummaryrefslogtreecommitdiffstats
path: root/main/ipsec-tools
diff options
context:
space:
mode:
authorTimo Teras <timo.teras@iki.fi>2010-03-09 09:53:54 +0200
committerTimo Teras <timo.teras@iki.fi>2010-03-09 09:53:54 +0200
commita545b8247822fa8d51168f5e3869e8a898f01933 (patch)
treef7850c24e17fd415c493f6f18cec5cfe0058e21c /main/ipsec-tools
parentcab470b7a8cb5091f683190fc2baf31114c91b1e (diff)
downloadaports-a545b8247822fa8d51168f5e3869e8a898f01933.tar.bz2
aports-a545b8247822fa8d51168f5e3869e8a898f01933.tar.xz
main/ipsec-tools: add patch for fd priorities
it improves admin port responsiveness under high load.
Diffstat (limited to 'main/ipsec-tools')
-rw-r--r--main/ipsec-tools/APKBUILD6
-rw-r--r--main/ipsec-tools/fd-priorities.patch285
2 files changed, 289 insertions, 2 deletions
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index b01973470a..a3da4fc175 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -2,7 +2,7 @@
pkgname=ipsec-tools
pkgver=0.8_alpha20090903
_myver=0.8-alpha20090903
-pkgrel=5
+pkgrel=6
pkgdesc="User-space IPsec tools for various IPsec implementations"
url="http://ipsec-tools.sourceforge.net/"
license="BSD"
@@ -15,6 +15,7 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
50-reverse-connect.patch
60-debug-quick.patch
initial-contact-fix.diff
+ fd-priorities.patch
"
_builddir="$srcdir"/$pkgname-$_myver
@@ -60,4 +61,5 @@ md5sums="8ec28d4e89c0f5e49ae2caa7463fbcfd ipsec-tools-0.8-alpha20090903.tar.gz
2d00250cf72da7f2f559c91b65a48747 racoon.confd
13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch
baa13d7f0f48955c792f7fcd42a8587a 60-debug-quick.patch
-69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff"
+69e06c5cc3a0c1cc8b10ddc89d1e644b initial-contact-fix.diff
+c1e8b8dc80ef4b5d79fece52a4865e68 fd-priorities.patch"
diff --git a/main/ipsec-tools/fd-priorities.patch b/main/ipsec-tools/fd-priorities.patch
new file mode 100644
index 0000000000..68fc4b3455
--- /dev/null
+++ b/main/ipsec-tools/fd-priorities.patch
@@ -0,0 +1,285 @@
+? .msg
+? ChangeLog
+? alpine-config
+? commiters.txt
+? fd-priorities-2.patch
+? fd-priorities.patch
+? ipsec-tools-0.8-alpha20090820.tar.bz2
+? ipsec-tools-0.8-alpha20090903.tar.bz2
+? local-changes.diff
+? patch-to-support-cast128-cbc-algorithm.patch
+? racoon.txt
+? rpm/Makefile
+? rpm/Makefile.in
+? rpm/ipsec-tools.spec
+? rpm/suse/Makefile
+? rpm/suse/Makefile.in
+? rpm/suse/ipsec-tools.spec
+? src/Makefile
+? src/Makefile.in
+? src/include-glibc/.includes
+? src/include-glibc/Makefile
+? src/include-glibc/Makefile.in
+? src/libipsec/.deps
+? src/libipsec/.libs
+? src/libipsec/Makefile
+? src/libipsec/Makefile.in
+? src/libipsec/ipsec_dump_policy.lo
+? src/libipsec/ipsec_get_policylen.lo
+? src/libipsec/ipsec_strerror.lo
+? src/libipsec/key_debug.lo
+? src/libipsec/libipsec.la
+? src/libipsec/pfkey.lo
+? src/libipsec/pfkey_dump.lo
+? src/libipsec/policy_parse.c
+? src/libipsec/policy_parse.h
+? src/libipsec/policy_parse.lo
+? src/libipsec/policy_token.c
+? src/libipsec/policy_token.lo
+? src/racoon/.deps
+? src/racoon/.libs
+? src/racoon/Makefile
+? src/racoon/Makefile.in
+? src/racoon/cfparse.c
+? src/racoon/cfparse.h
+? src/racoon/cftoken.c
+? src/racoon/eaytest
+? src/racoon/libracoon.la
+? src/racoon/libracoon_la-kmpstat.lo
+? src/racoon/libracoon_la-misc.lo
+? src/racoon/libracoon_la-sockmisc.lo
+? src/racoon/libracoon_la-vmbuf.lo
+? src/racoon/plainrsa-gen
+? src/racoon/prsa_par.c
+? src/racoon/prsa_par.h
+? src/racoon/prsa_tok.c
+? src/racoon/racoon
+? src/racoon/racoonctl
+? src/racoon/samples/psk.txt
+? src/racoon/samples/racoon.conf
+? src/setkey/.deps
+? src/setkey/.libs
+? src/setkey/Makefile
+? src/setkey/Makefile.in
+? src/setkey/parse.c
+? src/setkey/parse.h
+? src/setkey/setkey
+? src/setkey/token.c
+Index: src/racoon/admin.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v
+retrieving revision 1.32
+diff -u -r1.32 admin.c
+--- a/src/racoon/admin.c 3 Sep 2009 09:29:07 -0000 1.32
++++ b/src/racoon/admin.c 9 Mar 2010 07:50:46 -0000
+@@ -734,7 +734,7 @@
+ return -1;
+ }
+
+- monitor_fd(lcconf->sock_admin, admin_handler, NULL);
++ monitor_fd(lcconf->sock_admin, admin_handler, NULL, 0);
+ plog(LLV_DEBUG, LOCATION, NULL,
+ "open %s as racoon management.\n", sunaddr.sun_path);
+
+Index: src/racoon/evt.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/evt.c,v
+retrieving revision 1.9
+diff -u -r1.9 evt.c
+--- a/src/racoon/evt.c 23 Jan 2009 08:05:58 -0000 1.9
++++ b/src/racoon/evt.c 9 Mar 2010 07:50:46 -0000
+@@ -373,7 +373,7 @@
+
+ LIST_INSERT_HEAD(list, l, ll_chain);
+ l->fd = fd;
+- monitor_fd(l->fd, evt_unsubscribe_cb, l);
++ monitor_fd(l->fd, evt_unsubscribe_cb, l, 0);
+
+ plog(LLV_DEBUG, LOCATION, NULL,
+ "[%d] admin connection is polling events\n", fd);
+Index: src/racoon/grabmyaddr.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c,v
+retrieving revision 1.23
+diff -u -r1.23 grabmyaddr.c
+--- a/src/racoon/grabmyaddr.c 3 Jul 2009 06:41:46 -0000 1.23
++++ b/src/racoon/grabmyaddr.c 9 Mar 2010 07:50:46 -0000
+@@ -296,7 +296,7 @@
+ lcconf->rtsock = kernel_open_socket();
+ if (lcconf->rtsock < 0)
+ return -1;
+- monitor_fd(lcconf->rtsock, kernel_receive, NULL);
++ monitor_fd(lcconf->rtsock, kernel_receive, NULL, 0);
+ } else {
+ lcconf->rtsock = -1;
+ if (!myaddr_open_all_configured(NULL))
+Index: src/racoon/isakmp.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v
+retrieving revision 1.60
+diff -u -r1.60 isakmp.c
+--- a/src/racoon/isakmp.c 3 Sep 2009 09:29:07 -0000 1.60
++++ b/src/racoon/isakmp.c 9 Mar 2010 07:50:48 -0000
+@@ -1720,7 +1720,7 @@
+ "%s used as isakmp port (fd=%d)\n",
+ saddr2str(addr), fd);
+
+- monitor_fd(fd, isakmp_handler, NULL);
++ monitor_fd(fd, isakmp_handler, NULL, 1);
+ return fd;
+
+ err:
+Index: src/racoon/pfkey.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/pfkey.c,v
+retrieving revision 1.52
+diff -u -r1.52 pfkey.c
+--- a/src/racoon/pfkey.c 9 Feb 2010 23:05:16 -0000 1.52
++++ b/src/racoon/pfkey.c 9 Mar 2010 07:50:49 -0000
+@@ -487,7 +487,7 @@
+ return -1;
+ }
+ #endif
+- monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL);
++ monitor_fd(lcconf->sock_pfkey, pfkey_handler, NULL, 0);
+ return 0;
+ }
+
+Index: src/racoon/session.c
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.c,v
+retrieving revision 1.27
+diff -u -r1.27 session.c
+--- a/src/racoon/session.c 4 Mar 2010 15:13:53 -0000 1.27
++++ b/src/racoon/session.c 9 Mar 2010 07:50:50 -0000
+@@ -103,8 +103,13 @@
+ struct fd_monitor {
+ int (*callback)(void *ctx, int fd);
+ void *ctx;
++ int prio;
++ int fd;
++ TAILQ_ENTRY(fd_monitor) chain;
+ };
+
++#define NUM_PRIORITIES 2
++
+ static void close_session __P((void));
+ static void initfds __P((void));
+ static void init_signal __P((void));
+@@ -115,13 +120,14 @@
+
+ static fd_set preset_mask, active_mask;
+ static struct fd_monitor fd_monitors[FD_SETSIZE];
++static TAILQ_HEAD(fd_monitor_list, fd_monitor) fd_monitor_tree[NUM_PRIORITIES];
+ static int nfds = 0;
+
+ static volatile sig_atomic_t sigreq[NSIG + 1];
+ static struct sched scflushsa = SCHED_INITIALIZER();
+
+ void
+-monitor_fd(int fd, int (*callback)(void *, int), void *ctx)
++monitor_fd(int fd, int (*callback)(void *, int), void *ctx, int priority)
+ {
+ if (fd < 0 || fd >= FD_SETSIZE) {
+ plog(LLV_ERROR, LOCATION, NULL, "fd_set overrun");
+@@ -131,9 +137,17 @@
+ FD_SET(fd, &preset_mask);
+ if (fd > nfds)
+ nfds = fd;
++ if (priority <= 0)
++ priority = 0;
++ if (priority >= NUM_PRIORITIES)
++ priority = NUM_PRIORITIES - 1;
+
+ fd_monitors[fd].callback = callback;
+ fd_monitors[fd].ctx = ctx;
++ fd_monitors[fd].prio = priority;
++ fd_monitors[fd].fd = fd;
++ TAILQ_INSERT_TAIL(&fd_monitor_tree[priority],
++ &fd_monitors[fd], chain);
+ }
+
+ void
+@@ -144,10 +158,15 @@
+ exit(1);
+ }
+
++ if (fd_monitors[fd].callback == NULL)
++ return;
++
+ FD_CLR(fd, &preset_mask);
+ FD_CLR(fd, &active_mask);
+ fd_monitors[fd].callback = NULL;
+ fd_monitors[fd].ctx = NULL;
++ TAILQ_REMOVE(&fd_monitor_tree[fd_monitors[fd].prio],
++ &fd_monitors[fd], chain);
+ }
+
+ int
+@@ -158,11 +177,15 @@
+ char pid_file[MAXPATHLEN];
+ FILE *fp;
+ pid_t racoon_pid = 0;
+- int i;
++ int i, count;
++ struct fd_monitor *fdm;
+
+ nfds = 0;
+ FD_ZERO(&preset_mask);
+
++ for (i = 0; i < NUM_PRIORITIES; i++)
++ TAILQ_INIT(&fd_monitor_tree[i]);
++
+ /* initialize schedular */
+ sched_init();
+ init_signal();
+@@ -291,16 +314,24 @@
+ /*NOTREACHED*/
+ }
+
+- for (i = 0; i <= nfds; i++) {
+- if (!FD_ISSET(i, &active_mask))
+- continue;
+-
+- if (fd_monitors[i].callback != NULL)
+- fd_monitors[i].callback(fd_monitors[i].ctx, i);
+- else
+- plog(LLV_ERROR, LOCATION, NULL,
+- "fd %d set, but no active callback\n", i);
++ count = 0;
++ for (i = 0; i < NUM_PRIORITIES; i++) {
++ TAILQ_FOREACH(fdm, &fd_monitor_tree[i], chain) {
++ if (!FD_ISSET(fdm->fd, &active_mask))
++ continue;
++
++ FD_CLR(fdm->fd, &active_mask);
++ if (fdm->callback != NULL) {
++ fdm->callback(fdm->ctx, fdm->fd);
++ count++;
++ } else
++ plog(LLV_ERROR, LOCATION, NULL,
++ "fd %d set, but no active callback\n", i);
++ }
++ if (count != 0)
++ break;
+ }
++
+ }
+ }
+
+Index: src/racoon/session.h
+===================================================================
+RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.h,v
+retrieving revision 1.8
+diff -u -r1.8 session.h
+--- a/src/racoon/session.h 23 Jan 2009 08:05:58 -0000 1.8
++++ b/src/racoon/session.h 9 Mar 2010 07:50:50 -0000
+@@ -37,7 +37,7 @@
+ extern int session __P((void));
+ extern RETSIGTYPE signal_handler __P((int));
+
+-extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx));
++extern void monitor_fd __P((int fd, int (*callback)(void *, int), void *ctx, int priority));
+ extern void unmonitor_fd __P((int fd));
+
+ #endif /* _SESSION_H */