summaryrefslogtreecommitdiffstats
path: root/main/ipsec-tools/02-pfkey-buffer-size-fix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/ipsec-tools/02-pfkey-buffer-size-fix.patch')
-rw-r--r--main/ipsec-tools/02-pfkey-buffer-size-fix.patch65
1 files changed, 65 insertions, 0 deletions
diff --git a/main/ipsec-tools/02-pfkey-buffer-size-fix.patch b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch
new file mode 100644
index 000000000..eb028304b
--- /dev/null
+++ b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch
@@ -0,0 +1,65 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c,v
+retrieving revision 1.21
+retrieving revision 1.21.2.1
+diff -u -p -r1.21 -r1.21.2.1
+--- ipsec-tools/src/libipsec/pfkey.c 2011/01/20 16:08:35 1.21
++++ ipsec-tools/src/libipsec/pfkey.c 2011/11/14 13:25:06 1.21.2.1
+@@ -1,4 +1,4 @@
+-/* $NetBSD: pfkey.c,v 1.21 2011/01/20 16:08:35 vanhu Exp $ */
++/* $NetBSD: pfkey.c,v 1.21.2.1 2011/11/14 13:25:06 tteras Exp $ */
+
+ /* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */
+
+@@ -1783,7 +1783,9 @@ int
+ pfkey_open(void)
+ {
+ int so;
+- int bufsiz = 128 * 1024; /*is 128K enough?*/
++ int bufsiz_current, bufsiz_wanted;
++ int ret;
++ socklen_t len;
+
+ if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
+ __ipsec_set_strerror(strerror(errno));
+@@ -1794,14 +1796,29 @@ pfkey_open(void)
+ * This is a temporary workaround for KAME PR 154.
+ * Don't really care even if it fails.
+ */
+- (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
+- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+- bufsiz = 256 * 1024;
+- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+- bufsiz = 512 * 1024;
+- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+- bufsiz = 1024 * 1024;
+- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
++ /* Try to have 128k. If we have more, do not lower it. */
++ bufsiz_wanted = 128 * 1024;
++ len = sizeof(bufsiz_current);
++ ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF,
++ &bufsiz_current, &len);
++ if ((ret < 0) || (bufsiz_current < bufsiz_wanted))
++ (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
++ &bufsiz_wanted, sizeof(bufsiz_wanted));
++
++ /* Try to have have at least 2MB. If we have more, do not lower it. */
++ bufsiz_wanted = 2 * 1024 * 1024;
++ len = sizeof(bufsiz_current);
++ ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
++ &bufsiz_current, &len);
++ if (ret < 0)
++ bufsiz_current = 128 * 1024;
++
++ for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) {
++ if (setsockopt(so, SOL_SOCKET, SO_RCVBUF,
++ &bufsiz_wanted, sizeof(bufsiz_wanted)) == 0)
++ break;
++ }
++
+ __ipsec_errcode = EIPSEC_NO_ERROR;
+ return so;
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-21 09:28:28 +0000