diff options
-rw-r--r-- | src/charon-nm/nm/nm_service.c | 3 | ||||
-rw-r--r-- | src/conftest/config.c | 2 | ||||
-rw-r--r-- | src/libcharon/config/peer_cfg.c | 18 | ||||
-rw-r--r-- | src/libcharon/config/peer_cfg.h | 13 | ||||
-rw-r--r-- | src/libcharon/plugins/android/android_service.c | 3 | ||||
-rw-r--r-- | src/libcharon/plugins/ha/ha_tunnel.c | 2 | ||||
-rw-r--r-- | src/libcharon/plugins/load_tester/load_tester_config.c | 10 | ||||
-rw-r--r-- | src/libcharon/plugins/maemo/maemo_service.c | 3 | ||||
-rw-r--r-- | src/libcharon/plugins/medcli/medcli_config.c | 9 | ||||
-rw-r--r-- | src/libcharon/plugins/medsrv/medsrv_config.c | 3 | ||||
-rw-r--r-- | src/libcharon/plugins/sql/sql_config.c | 2 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_config.c | 3 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_socket.c | 1 | ||||
-rw-r--r-- | src/libcharon/plugins/uci/uci_config.c | 3 | ||||
-rw-r--r-- | src/libcharon/processing/jobs/dpd_timeout_job.c | 2 | ||||
-rwxr-xr-x | src/libcharon/sa/ikev1/task_manager_v1.c | 20 | ||||
-rw-r--r-- | src/starter/confread.c | 2 | ||||
-rw-r--r-- | src/starter/starterstroke.c | 1 | ||||
-rw-r--r-- | src/stroke/stroke_msg.h | 1 |
19 files changed, 76 insertions, 25 deletions
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 64da53f79..61b6a6c91 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -503,7 +503,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ 600, 600, /* jitter, over 10min */ - TRUE, FALSE, 0, /* mobike, aggressive, DPD */ + TRUE, FALSE, /* mobike, aggressive */ + 0, 0, /* DPD delay, timeout */ virtual ? host_create_from_string("0.0.0.0", 0) : NULL, NULL, FALSE, NULL, NULL); /* pool, mediation */ auth = auth_cfg_create(); diff --git a/src/conftest/config.c b/src/conftest/config.c index a62363cd8..d45d512a2 100644 --- a/src/conftest/config.c +++ b/src/conftest/config.c @@ -252,7 +252,7 @@ static peer_cfg_t *load_peer_config(private_config_t *this, ike_cfg = load_ike_config(this, settings, config); peer_cfg = peer_cfg_create(config, IKEV2, ike_cfg, CERT_ALWAYS_SEND, - UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, 0, + UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, 0, 0, NULL, NULL, FALSE, NULL, NULL); auth = auth_cfg_create(); diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index b278dc337..d16aedc79 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -136,6 +136,11 @@ struct private_peer_cfg_t { u_int32_t dpd; /** + * DPD timeout intervall (used for IKEv1 only) + */ + u_int32_t dpd_timeout; + + /** * virtual IP to use locally */ host_t *virtual_ip; @@ -398,6 +403,12 @@ METHOD(peer_cfg_t, get_dpd, u_int32_t, return this->dpd; } +METHOD(peer_cfg_t, get_dpd_timeout, u_int32_t, + private_peer_cfg_t *this) +{ + return this->dpd_timeout; +} + METHOD(peer_cfg_t, get_virtual_ip, host_t*, private_peer_cfg_t *this) { @@ -586,8 +597,9 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, u_int32_t rekey_time, u_int32_t reauth_time, u_int32_t jitter_time, u_int32_t over_time, bool mobike, bool aggressive, u_int32_t dpd, - host_t *virtual_ip, char *pool, bool mediation, - peer_cfg_t *mediated_by, identification_t *peer_id) + u_int32_t dpd_timeout, host_t *virtual_ip, + char *pool, bool mediation, peer_cfg_t *mediated_by, + identification_t *peer_id) { private_peer_cfg_t *this; @@ -618,6 +630,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, .use_mobike = _use_mobike, .use_aggressive = _use_aggressive, .get_dpd = _get_dpd, + .get_dpd_timeout = _get_dpd_timeout, .get_virtual_ip = _get_virtual_ip, .get_pool = _get_pool, .add_auth_cfg = _add_auth_cfg, @@ -646,6 +659,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, .use_mobike = mobike, .aggressive = aggressive, .dpd = dpd, + .dpd_timeout = dpd_timeout, .virtual_ip = virtual_ip, .pool = strdupnull(pool), .local_auth = linked_list_create(), diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index 969ccabf2..572153505 100644 --- a/src/libcharon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h @@ -271,6 +271,13 @@ struct peer_cfg_t { u_int32_t (*get_dpd) (peer_cfg_t *this); /** + * Get the DPD timeout interval (IKEv1 only) + * + * @return dpd_timeout in seconds + */ + u_int32_t (*get_dpd_timeout) (peer_cfg_t *this); + + /** * Get a virtual IP for the local peer. * * If no virtual IP should be used, NULL is returned. %any means to request @@ -366,6 +373,7 @@ struct peer_cfg_t { * @param mobike use MOBIKE (RFC4555) if peer supports it * @param aggressive use/accept aggressive mode with IKEv1 * @param dpd DPD check interval, 0 to disable + * @param dpd_timeout DPD timeout interval (IKEv1 only), if 0 default applies * @param virtual_ip virtual IP for local host, or NULL * @param pool pool name to get configuration attributes from, or NULL * @param mediation TRUE if this is a mediation connection @@ -379,7 +387,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version, u_int32_t rekey_time, u_int32_t reauth_time, u_int32_t jitter_time, u_int32_t over_time, bool mobike, bool aggressive, u_int32_t dpd, - host_t *virtual_ip, char *pool, bool mediation, - peer_cfg_t *mediated_by, identification_t *peer_id); + u_int32_t dpd_timeout, host_t *virtual_ip, + char *pool, bool mediation, peer_cfg_t *mediated_by, + identification_t *peer_id); #endif /** PEER_CFG_H_ @}*/ diff --git a/src/libcharon/plugins/android/android_service.c b/src/libcharon/plugins/android/android_service.c index 62fd52b12..a25ca3612 100644 --- a/src/libcharon/plugins/android/android_service.c +++ b/src/libcharon/plugins/android/android_service.c @@ -277,7 +277,8 @@ static job_requeue_t initiate(private_android_service_t *this) UNIQUE_REPLACE, 1, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ 600, 600, /* jitter, over 10min */ - TRUE, FALSE, 0, /* mobike, aggressive, DPD */ + TRUE, FALSE, /* mobike, aggressive */ + 0, 0, /* DPD delay, timeout */ host_create_from_string("0.0.0.0", 0) /* virt */, NULL, FALSE, NULL, NULL); /* pool, mediation */ diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index 6f20620f2..6558ea3b7 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -208,7 +208,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create("ha", IKEV2, ike_cfg, CERT_NEVER_SEND, UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30, - NULL, NULL, FALSE, NULL, NULL); + 0, NULL, NULL, FALSE, NULL, NULL); auth_cfg = auth_cfg_create(); auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 47ce6fa71..75ac1ff49 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -95,6 +95,11 @@ struct private_load_tester_config_t { u_int dpd_delay; /** + * DPD timeout (IKEv1 only) + */ + u_int dpd_timeout; + + /** * incremental numbering of generated configs */ u_int num; @@ -259,7 +264,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) this->ike_rekey, 0, /* rekey, reauth */ 0, this->ike_rekey, /* jitter, overtime */ FALSE, FALSE, /* mobike, aggressive mode */ - this->dpd_delay, /* dpddelay */ + this->dpd_delay, /* dpd_delay */ + this->dpd_timeout, /* dpd_timeout */ this->vip ? this->vip->clone(this->vip) : NULL, this->pool, FALSE, NULL, NULL); if (num) @@ -367,6 +373,8 @@ load_tester_config_t *load_tester_config_create() "%s.plugins.load-tester.child_rekey", 600, charon->name); this->dpd_delay = lib->settings->get_int(lib->settings, "%s.plugins.load-tester.dpd_delay", 0, charon->name); + this->dpd_timeout = lib->settings->get_int(lib->settings, + "%s.plugins.load-tester.dpd_timeout", 0, charon->name); this->initiator_auth = lib->settings->get_str(lib->settings, "%s.plugins.load-tester.initiator_auth", "pubkey", charon->name); diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 67d2b2984..1d1bb63d8 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -332,7 +332,8 @@ static gboolean initiate_connection(private_maemo_service_t *this, UNIQUE_REPLACE, 1, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ 600, 600, /* jitter, over 10min */ - TRUE, FALSE, 0, /* mobike, aggressive, DPD */ + TRUE, FALSE, /* mobike, aggressive */ + 0, 0, /* DPD delay, timeout */ host_create_from_string("0.0.0.0", 0) /* virt */, NULL, FALSE, NULL, NULL); /* pool, mediation */ diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index 7fa0152bd..3b99144f0 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -126,7 +126,8 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, this->dpd, /* mobike, aggressive, dpddelay */ + TRUE, FALSE, /* mobike, aggressive */ + this->dpd, 0, /* DPD delay, timeout */ NULL, NULL, /* vip, pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); @@ -163,7 +164,8 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, this->dpd, /* mobike, aggressive, dpddelay */ + TRUE, FALSE, /* mobike, aggressive */ + this->dpd, 0, /* DPD delay, timeout */ NULL, NULL, /* vip, pool */ FALSE, med_cfg, /* mediation, med by */ identification_create_from_encoding(ID_KEY_ID, other)); @@ -238,7 +240,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, this->dpd, /* mobike, aggr., dpddelay */ + TRUE, FALSE, /* mobike, aggressive */ + this->dpd, 0, /* DPD delay, timeout */ NULL, NULL, /* vip, pool */ FALSE, NULL, NULL); /* mediation, med by, peer id */ diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index 366558ac2..42564734f 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -92,7 +92,8 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, CERT_NEVER_SEND, UNIQUE_REPLACE, 1, this->rekey*60, 0, /* keytries, rekey, reauth */ this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, this->dpd, /* mobike, aggr., dpddelay */ + TRUE, FALSE, /* mobike, aggressiv */ + this->dpd, 0, /* DPD delay, timeout */ NULL, NULL, /* vip, pool */ TRUE, NULL, NULL); /* mediation, med by, peer id */ e->destroy(e); diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index b06bd3706..c2d4b6885 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -370,7 +370,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, peer_cfg = peer_cfg_create( name, IKEV2, ike, cert_policy, uniqueid, keyingtries, rekeytime, reauthtime, jitter, overtime, - mobike, FALSE, dpd_delay, vip, pool, + mobike, FALSE, dpd_delay, 0, vip, pool, mediation, mediated_cfg, peer_id); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_method); diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 89e1e0a91..6b8dc234b 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -661,7 +661,8 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, msg->add_conn.version, ike_cfg, msg->add_conn.me.sendcert, unique, msg->add_conn.rekey.tries, rekey, reauth, jitter, over, - msg->add_conn.mobike, msg->add_conn.aggressive, msg->add_conn.dpd.delay, + msg->add_conn.mobike, msg->add_conn.aggressive, + msg->add_conn.dpd.delay, msg->add_conn.dpd.timeout, vip, msg->add_conn.other.sourceip_mask ? msg->add_conn.name : msg->add_conn.other.sourceip, msg->add_conn.ikeme.mediation, mediated_by, peer_id); diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 8a52e0eb0..daf244e74 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -234,6 +234,7 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg) DBG2(DBG_CFG, " ike=%s", msg->add_conn.algorithms.ike); DBG2(DBG_CFG, " esp=%s", msg->add_conn.algorithms.esp); DBG2(DBG_CFG, " dpddelay=%d", msg->add_conn.dpd.delay); + DBG2(DBG_CFG, " dpdtimeout=%d", msg->add_conn.dpd.timeout); DBG2(DBG_CFG, " dpdaction=%d", msg->add_conn.dpd.action); DBG2(DBG_CFG, " closeaction=%d", msg->add_conn.close_action); DBG2(DBG_CFG, " mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no"); diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index b4e99c3f2..eb2c4b330 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -175,7 +175,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, name, IKEV2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, 1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */ 1800, 900, /* jitter, overtime */ - TRUE, FALSE, 60, /* mobike, aggr., dpddelay */ + TRUE, FALSE, /* mobike, aggressive */ + 60, 0, /* DPD delay, timeout */ NULL, NULL, /* vip, pool */ FALSE, NULL, NULL); /* mediation, med by, peer id */ auth = auth_cfg_create(); diff --git a/src/libcharon/processing/jobs/dpd_timeout_job.c b/src/libcharon/processing/jobs/dpd_timeout_job.c index 0615be053..c3337996b 100644 --- a/src/libcharon/processing/jobs/dpd_timeout_job.c +++ b/src/libcharon/processing/jobs/dpd_timeout_job.c @@ -73,7 +73,7 @@ METHOD(job_t, execute, void, } enumerator->destroy(enumerator); - /* check if no incoming packet during timeout, reestalish SA */ + /* check if no incoming packet during timeout, reestablish SA */ if (use_time < this->check) { DBG1(DBG_JOB, "DPD check timed out, enforcing DPD action"); diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 7e56fb71c..2f47e721e 100755 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1388,18 +1388,26 @@ METHOD(task_manager_t, queue_child_delete, void, METHOD(task_manager_t, queue_dpd, void, private_task_manager_t *this) { - u_int32_t t = 0, retransmit; + peer_cfg_t *peer_cfg; + u_int32_t t, retransmit; queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE, this->dpd_send++)); + peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); - /* schedule DPD timeout job using the same timeout as a retransmitting - * IKE message would have. */ - for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++) + /* compute timeout in milliseconds */ + t = 1000 * peer_cfg->get_dpd_timeout(peer_cfg); + if (t == 0) { - t += (u_int32_t)(this->retransmit_timeout * 1000.0 * - pow(this->retransmit_base, retransmit)); + /* use the same timeout as a retransmitting IKE message would have */ + for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++) + { + t += (u_int32_t)(this->retransmit_timeout * 1000.0 * + pow(this->retransmit_base, retransmit)); + } } + + /* schedule DPD timeout job */ lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*)dpd_timeout_job_create(this->ike_sa->get_id(this->ike_sa)), t); } diff --git a/src/starter/confread.c b/src/starter/confread.c index 2fb329c85..804ec6e99 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -97,7 +97,7 @@ static void default_values(starter_config_t *cfg) cfg->conn_default.addr_family = AF_INET; cfg->conn_default.tunnel_addr_family = AF_INET; cfg->conn_default.install_policy = TRUE; - cfg->conn_default.dpd_delay = 30; /* seconds */ + cfg->conn_default.dpd_delay = 30; /* seconds */ cfg->conn_default.dpd_timeout = 150; /* seconds */ cfg->conn_default.left.seen = LEMPTY; diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index c28db5c36..72b3f1a89 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -252,6 +252,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn) msg.add_conn.algorithms.ike = push_string(&msg, conn->ike); msg.add_conn.algorithms.esp = push_string(&msg, conn->esp); msg.add_conn.dpd.delay = conn->dpd_delay; + msg.add_conn.dpd.timeout = conn->dpd_timeout; msg.add_conn.dpd.action = conn->dpd_action; msg.add_conn.close_action = conn->close_action; msg.add_conn.inactivity = conn->inactivity; diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index 22d4f11a3..e1ac684e2 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -278,6 +278,7 @@ struct stroke_msg_t { } rekey; struct { time_t delay; + time_t timeout; int action; } dpd; struct { |