diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-05-19 16:14:40 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-05-23 18:02:15 +0200 |
commit | 389e4b8e673fe679c3074f5563c3581b3271ef2a (patch) | |
tree | ed16eaf0bf0bc7a42f405478eff9924cc33cc6ea /conf | |
parent | d140b3bd3f7ff6f6b7bdc5202bd0dee7f39fa699 (diff) | |
download | strongswan-389e4b8e673fe679c3074f5563c3581b3271ef2a.tar.bz2 strongswan-389e4b8e673fe679c3074f5563c3581b3271ef2a.tar.xz |
ike: Use optional jitter to calculate retransmission timeouts
Also adds an optional limit to avoid very high retransmission timeouts
with high numbers of retries.
Diffstat (limited to 'conf')
-rw-r--r-- | conf/options/charon.opt | 7 | ||||
-rw-r--r-- | conf/strongswan.conf.5.tail.in | 12 |
2 files changed, 18 insertions, 1 deletions
diff --git a/conf/options/charon.opt b/conf/options/charon.opt index 4c4311e81..a5f03f272 100644 --- a/conf/options/charon.opt +++ b/conf/options/charon.opt @@ -311,6 +311,13 @@ charon.retransmit_timeout = 4.0 charon.retransmit_tries = 5 Number of times to retransmit a packet before giving up. +charon.retransmit_jitter = 0 + Maximum jitter in percent to apply randomly to calculated retransmission + timeout (0 to disable). + +charon.retransmit_limit = 0 + Upper limit in seconds for calculated retransmission timeout (0 to disable). + charon.retry_initiate_interval = 0 Interval in seconds to use when retrying to initiate an IKE_SA (e.g. if DNS resolution failed), 0 to disable retries. diff --git a/conf/strongswan.conf.5.tail.in b/conf/strongswan.conf.5.tail.in index 72aa7f856..f428fc323 100644 --- a/conf/strongswan.conf.5.tail.in +++ b/conf/strongswan.conf.5.tail.in @@ -408,6 +408,8 @@ using the three keys listed below: .BR charon.retransmit_base " [1.8]" .BR charon.retransmit_timeout " [4.0]" .BR charon.retransmit_tries " [5]" +.BR charon.retransmit_jitter " [0]" +.BR charon.retransmit_limit " [0]" .fi .RE .PP @@ -419,7 +421,15 @@ The following algorithm is used to calculate the timeout: .PP Where .I n -is the current retransmission count. +is the current retransmission count. The calculated timeout can't exceed the +configured retransmit_limit (if any), which is useful if the number of retries +is high. +.PP +If a jitter in percent is configured, the timeout is modified as follows: +.PP +.EX + relative timeout -= random(0, retransmit_jitter * relative timeout) +.EE .PP Using the default values, packets are retransmitted in: |