diff options
| author | Martin Willi <martin@revosec.ch> | 2014-06-16 17:26:33 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2014-06-17 15:42:02 +0200 |
| commit | bdcaa5e680b6b9f9637c7f513e3953dddfc0e7f7 (patch) | |
| tree | afd9adf0ee33ba733704df155cbb678eb87d7af2 /src | |
| parent | a2c2ce9693a2bff7b5074519c20be0c35efa9704 (diff) | |
| download | strongswan-bdcaa5e680b6b9f9637c7f513e3953dddfc0e7f7.tar.bz2 strongswan-bdcaa5e680b6b9f9637c7f513e3953dddfc0e7f7.tar.xz | |
child-cfg: Store connection specific replay window on CHILD_SA config
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/config/child_cfg.c | 24 | ||||
| -rw-r--r-- | src/libcharon/config/child_cfg.h | 14 |
2 files changed, 38 insertions, 0 deletions
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 3f07b5860..7e4a1433d 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -27,6 +27,9 @@ ENUM(action_names, ACTION_NONE, ACTION_RESTART, "restart", ); +/** Default replay window size, if not set using charon.replay_window */ +#define DEFAULT_REPLAY_WINDOW 32 + typedef struct private_child_cfg_t private_child_cfg_t; /** @@ -138,6 +141,11 @@ struct private_child_cfg_t { * enable installation and removal of kernel IPsec policies */ bool install_policy; + + /** + * anti-replay window size + */ + u_int32_t replay_window; }; METHOD(child_cfg_t, get_name, char*, @@ -481,6 +489,18 @@ METHOD(child_cfg_t, get_tfc, u_int32_t, return this->tfc; } +METHOD(child_cfg_t, get_replay_window, u_int32_t, + private_child_cfg_t *this) +{ + return this->replay_window; +} + +METHOD(child_cfg_t, set_replay_window, void, + private_child_cfg_t *this, u_int32_t replay_window) +{ + this->replay_window = replay_window; +} + METHOD(child_cfg_t, set_mipv6_options, void, private_child_cfg_t *this, bool proxy_mode, bool install_policy) { @@ -558,6 +578,8 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, .get_reqid = _get_reqid, .get_mark = _get_mark, .get_tfc = _get_tfc, + .get_replay_window = _get_replay_window, + .set_replay_window = _set_replay_window, .use_proxy_mode = _use_proxy_mode, .install_policy = _install_policy, .get_ref = _get_ref, @@ -580,6 +602,8 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, .my_ts = linked_list_create(), .other_ts = linked_list_create(), .tfc = tfc, + .replay_window = lib->settings->get_int(lib->settings, + "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns), ); if (mark_in) diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index 43ad1c5c8..9f7a92b70 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -235,6 +235,20 @@ struct child_cfg_t { u_int32_t (*get_tfc)(child_cfg_t *this); /** + * Get anti-replay window size + * + * @return anti-replay window size + */ + u_int32_t (*get_replay_window)(child_cfg_t *this); + + /** + * Set anti-replay window size + * + * @param window anti-replay window size + */ + void (*set_replay_window)(child_cfg_t *this, u_int32_t window); + + /** * Sets two options needed for Mobile IPv6 interoperability. * * @param proxy_mode use IPsec transport proxy mode (default FALSE) |