Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c,v retrieving revision 1.21 retrieving revision 1.21.2.1 diff -u -p -r1.21 -r1.21.2.1 --- ipsec-tools/src/libipsec/pfkey.c 2011/01/20 16:08:35 1.21 +++ ipsec-tools/src/libipsec/pfkey.c 2011/11/14 13:25:06 1.21.2.1 @@ -1,4 +1,4 @@ -/* $NetBSD: pfkey.c,v 1.21 2011/01/20 16:08:35 vanhu Exp $ */ +/* $NetBSD: pfkey.c,v 1.21.2.1 2011/11/14 13:25:06 tteras Exp $ */ /* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */ @@ -1783,7 +1783,9 @@ int pfkey_open(void) { int so; - int bufsiz = 128 * 1024; /*is 128K enough?*/ + int bufsiz_current, bufsiz_wanted; + int ret; + socklen_t len; if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) { __ipsec_set_strerror(strerror(errno)); @@ -1794,14 +1796,29 @@ pfkey_open(void) * This is a temporary workaround for KAME PR 154. * Don't really care even if it fails. */ - (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz)); - (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); - bufsiz = 256 * 1024; - (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); - bufsiz = 512 * 1024; - (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); - bufsiz = 1024 * 1024; - (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); + /* Try to have 128k. If we have more, do not lower it. */ + bufsiz_wanted = 128 * 1024; + len = sizeof(bufsiz_current); + ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF, + &bufsiz_current, &len); + if ((ret < 0) || (bufsiz_current < bufsiz_wanted)) + (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, + &bufsiz_wanted, sizeof(bufsiz_wanted)); + + /* Try to have have at least 2MB. If we have more, do not lower it. */ + bufsiz_wanted = 2 * 1024 * 1024; + len = sizeof(bufsiz_current); + ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF, + &bufsiz_current, &len); + if (ret < 0) + bufsiz_current = 128 * 1024; + + for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) { + if (setsockopt(so, SOL_SOCKET, SO_RCVBUF, + &bufsiz_wanted, sizeof(bufsiz_wanted)) == 0) + break; + } + __ipsec_errcode = EIPSEC_NO_ERROR; return so; }