diff options
| author | Martin Willi <martin@revosec.ch> | 2011-05-02 15:04:42 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-05-16 15:24:13 +0200 |
| commit | 3f064037054a278065f8dd75429457d63da2eb07 (patch) | |
| tree | 231bf2465a774334f2580521ec80e7266470fad8 /src/libcharon | |
| parent | 06f0ede7592e8aff410278a076cb1bc6f118506a (diff) | |
| download | strongswan-3f064037054a278065f8dd75429457d63da2eb07.tar.bz2 strongswan-3f064037054a278065f8dd75429457d63da2eb07.tar.xz | |
Added a job_threshold option to drop IKE_SA_INITs if a certain job load reached
Diffstat (limited to 'src/libcharon')
| -rw-r--r-- | src/libcharon/network/receiver.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index d8cebe192..7914c1e98 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -36,6 +36,8 @@ #define COOKIE_THRESHOLD_DEFAULT 10 /** default value for private_receiver_t.block_threshold */ #define BLOCK_THRESHOLD_DEFAULT 5 +/** default value for private_receiver_t.job_threshold */ +#define JOB_THRESHOLD_DEFAULT 0 /** length of the secret to use for cookie calculation */ #define SECRET_LENGTH 16 @@ -101,6 +103,11 @@ struct private_receiver_t { u_int32_t block_threshold; /** + * Drop IKE_SA_INIT requests if processor job load exceeds this limit + */ + u_int32_t job_threshold; + + /** * Delay for receiving incoming packets, to simulate larger RTT */ int receive_delay; @@ -350,6 +357,25 @@ static job_requeue_t receive_packets(private_receiver_t *this) message->destroy(message); return JOB_REQUEUE_DIRECT; } + + /* check if job load acceptable */ + if (this->job_threshold) + { + u_int jobs = 0, i; + + for (i = 0; i < JOB_PRIO_MAX; i++) + { + jobs += lib->processor->get_job_load(lib->processor, i); + } + if (jobs > this->job_threshold) + { + DBG1(DBG_NET, "ignoring IKE_SA setup from %H, job load of %d " + "exceeds limit of %d", message->get_source(message), + jobs, this->job_threshold); + message->destroy(message); + return JOB_REQUEUE_DIRECT; + } + } } if (this->receive_delay) { @@ -408,6 +434,8 @@ receiver_t *receiver_create() this->block_threshold = lib->settings->get_int(lib->settings, "charon.block_threshold", BLOCK_THRESHOLD_DEFAULT); } + this->job_threshold = lib->settings->get_int(lib->settings, + "charon.job_threshold", JOB_THRESHOLD_DEFAULT); this->receive_delay = lib->settings->get_int(lib->settings, "charon.receive_delay", 0); this->receive_delay_type = lib->settings->get_int(lib->settings, |