diff options
| -rw-r--r-- | conf/plugins/kernel-netlink.opt | 17 | ||||
| -rw-r--r-- | src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c | 44 |
2 files changed, 61 insertions, 0 deletions
diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt index 77ba6ea97..1136af1be 100644 --- a/conf/plugins/kernel-netlink.opt +++ b/conf/plugins/kernel-netlink.opt @@ -1,6 +1,14 @@ charon.plugins.kernel-netlink.buflen = <min(PAGE_SIZE, 8192)> Buffer size for received Netlink messages. +charon.plugins.kernel-netlink.force_receive_buffer_size = no + Force maximum Netlink receive buffer on Netlink socket. + + If the maximum Netlink socket receive buffer in bytes set by + _receive_buffer_size_ exceeds the system-wide maximum from + /proc/sys/net/core/rmem_max, this option can be used to override the limit. + Enabling this option requires special priviliges (CAP_NET_ADMIN). + charon.plugins.kernel-netlink.fwmark = Firewall mark to set on the routing rule that directs traffic to our routing table. @@ -39,6 +47,15 @@ charon.plugins.kernel-netlink.port_bypass = no port based policies use global XFRM bypass policies for the used IKE UDP ports. +charon.plugins.kernel-netlink.receive_buffer_size = 0 + Maximum Netlink socket receive buffer in bytes. + + Maximum Netlink socket receive buffer in bytes. This value controls how many + bytes of Netlink messages can be received on a Netlink socket. The default + value is set by /proc/sys/net/core/rmem_default. The specified value cannot + exceed the system-wide maximum from /proc/sys/net/core/rmem_max, unless + _force_receive_buffer_size_ is enabled. + charon.plugins.kernel-netlink.roam_events = yes Whether to trigger roam events when interfaces, addresses or routes change. diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index 7165b655b..44609002f 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -15,6 +15,29 @@ * for more details. */ +/* + * Copyright (C) 2016 secunet Security Networks AG + * Copyright (C) 2016 Thomas Egerer + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + #include <sys/socket.h> #include <linux/netlink.h> #include <linux/rtnetlink.h> @@ -557,6 +580,8 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names, struct sockaddr_nl addr = { .nl_family = AF_NETLINK, }; + bool force_buf = FALSE; + int rcvbuf_size = 0; INIT(this, .public = { @@ -606,6 +631,25 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names, destroy(this); return NULL; } + rcvbuf_size = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-netlink.receive_buffer_size", + rcvbuf_size, lib->ns); + if (rcvbuf_size) + { + int optname; + + force_buf = lib->settings->get_bool(lib->settings, + "%s.plugins.kernel-netlink.force_receive_buffer_size", + force_buf, lib->ns); + optname = force_buf ? SO_RCVBUFFORCE : SO_RCVBUF; + + if (setsockopt(this->socket, SOL_SOCKET, optname, &rcvbuf_size, + sizeof(rcvbuf_size)) == -1) + { + DBG1(DBG_KNL, "failed to %supdate receive buffer size to %d: %s", + force_buf ? "forcibly " : "", rcvbuf_size, strerror(errno)); + } + } if (this->parallel) { lib->watcher->add(lib->watcher, this->socket, WATCHER_READ, watch, this); |