aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--conf/plugins/kernel-netlink.opt6
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c13
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c23
3 files changed, 26 insertions, 16 deletions
diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt
index 1136af1be..3d9c4a7a9 100644
--- a/conf/plugins/kernel-netlink.opt
+++ b/conf/plugins/kernel-netlink.opt
@@ -113,6 +113,6 @@ charon.plugins.kernel-netlink.xfrm_acq_expires = 165
trap policy. The value gets written to /proc/sys/net/core/xfrm_acq_expires.
Indirectly controls the delay between XFRM acquire messages triggered by the
kernel for a trap policy. The same value is used as timeout for SPIs
- allocated by the kernel. The default value equals the default total
- retransmission timeout for IKE messages, see IKEv2 RETRANSMISSION
- in **strongswan.conf**(5).
+ allocated by the kernel. The default value equals the total retransmission
+ timeout for IKE messages, see IKEv2 RETRANSMISSION in
+ **strongswan.conf**(5).
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 6f18674fd..da05de304 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -78,9 +78,6 @@
/** Base priority for installed policies */
#define PRIO_BASE 200000
-/** Default lifetime of an acquire XFRM state (in seconds) */
-#define DEFAULT_ACQUIRE_LIFETIME 165
-
/**
* Map the limit for bytes and packets to XFRM_INF by default
*/
@@ -3231,7 +3228,6 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
{
private_kernel_netlink_ipsec_t *this;
bool register_for_events = TRUE;
- FILE *f;
INIT(this,
.public = {
@@ -3276,15 +3272,6 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
register_for_events = FALSE;
}
- f = fopen("/proc/sys/net/core/xfrm_acq_expires", "w");
- if (f)
- {
- fprintf(f, "%u", lib->settings->get_int(lib->settings,
- "%s.plugins.kernel-netlink.xfrm_acq_expires",
- DEFAULT_ACQUIRE_LIFETIME, lib->ns));
- fclose(f);
- }
-
this->socket_xfrm = netlink_socket_create(NETLINK_XFRM, xfrm_msg_names,
lib->settings->get_bool(lib->settings,
"%s.plugins.kernel-netlink.parallel_xfrm", FALSE, lib->ns));
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
index 8bafc3c55..58350028f 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
@@ -19,6 +19,8 @@
#include "kernel_netlink_ipsec.h"
#include "kernel_netlink_net.h"
+#include <sa/task_manager.h>
+
typedef struct private_kernel_netlink_plugin_t private_kernel_netlink_plugin_t;
/**
@@ -50,6 +52,24 @@ METHOD(plugin_t, get_features, int,
return countof(f);
}
+METHOD(plugin_t, reload, bool,
+ private_kernel_netlink_plugin_t *this)
+{
+ u_int timeout;
+ FILE *f;
+
+ f = fopen("/proc/sys/net/core/xfrm_acq_expires", "w");
+ if (f)
+ {
+ timeout = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.xfrm_acq_expires",
+ task_manager_total_retransmit_timeout(), lib->ns);
+ fprintf(f, "%u", timeout);
+ fclose(f);
+ }
+ return TRUE;
+}
+
METHOD(plugin_t, destroy, void,
private_kernel_netlink_plugin_t *this)
{
@@ -76,10 +96,13 @@ plugin_t *kernel_netlink_plugin_create()
.plugin = {
.get_name = _get_name,
.get_features = _get_features,
+ .reload = _reload,
.destroy = _destroy,
},
},
);
+ reload(this);
+
return &this->public.plugin;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-18 09:12:44 +0000