diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-03-13 12:15:25 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-05-23 18:05:58 +0200 |
commit | 70855696adb5bf363c0b91af0af9fe09db4a9e6c (patch) | |
tree | 8777d914191845d0a380fb276a8cabc4eada0051 /src/libcharon | |
parent | bfbd3af8506052fa3a331bd151453795913d3645 (diff) | |
download | strongswan-70855696adb5bf363c0b91af0af9fe09db4a9e6c.tar.bz2 strongswan-70855696adb5bf363c0b91af0af9fe09db4a9e6c.tar.xz |
kernel-netlink: Use total retransmit timeout as acquire timeout
By using the total retransmit timeout, modifications of timeout settings
automatically reflect on the value of xfrm_acq_expires. If set, the
value of xfrm_acq_expires configured by the user takes precedence over
the calculated value.
Diffstat (limited to 'src/libcharon')
-rw-r--r-- | src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 13 | ||||
-rw-r--r-- | src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c | 23 |
2 files changed, 23 insertions, 13 deletions
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 6f18674fd..da05de304 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -78,9 +78,6 @@ /** Base priority for installed policies */ #define PRIO_BASE 200000 -/** Default lifetime of an acquire XFRM state (in seconds) */ -#define DEFAULT_ACQUIRE_LIFETIME 165 - /** * Map the limit for bytes and packets to XFRM_INF by default */ @@ -3231,7 +3228,6 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() { private_kernel_netlink_ipsec_t *this; bool register_for_events = TRUE; - FILE *f; INIT(this, .public = { @@ -3276,15 +3272,6 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() register_for_events = FALSE; } - f = fopen("/proc/sys/net/core/xfrm_acq_expires", "w"); - if (f) - { - fprintf(f, "%u", lib->settings->get_int(lib->settings, - "%s.plugins.kernel-netlink.xfrm_acq_expires", - DEFAULT_ACQUIRE_LIFETIME, lib->ns)); - fclose(f); - } - this->socket_xfrm = netlink_socket_create(NETLINK_XFRM, xfrm_msg_names, lib->settings->get_bool(lib->settings, "%s.plugins.kernel-netlink.parallel_xfrm", FALSE, lib->ns)); diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c index 8bafc3c55..58350028f 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -19,6 +19,8 @@ #include "kernel_netlink_ipsec.h" #include "kernel_netlink_net.h" +#include <sa/task_manager.h> + typedef struct private_kernel_netlink_plugin_t private_kernel_netlink_plugin_t; /** @@ -50,6 +52,24 @@ METHOD(plugin_t, get_features, int, return countof(f); } +METHOD(plugin_t, reload, bool, + private_kernel_netlink_plugin_t *this) +{ + u_int timeout; + FILE *f; + + f = fopen("/proc/sys/net/core/xfrm_acq_expires", "w"); + if (f) + { + timeout = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-netlink.xfrm_acq_expires", + task_manager_total_retransmit_timeout(), lib->ns); + fprintf(f, "%u", timeout); + fclose(f); + } + return TRUE; +} + METHOD(plugin_t, destroy, void, private_kernel_netlink_plugin_t *this) { @@ -76,10 +96,13 @@ plugin_t *kernel_netlink_plugin_create() .plugin = { .get_name = _get_name, .get_features = _get_features, + .reload = _reload, .destroy = _destroy, }, }, ); + reload(this); + return &this->public.plugin; } |