ikev1: Make maximum number of IKEv1 phase 2 exchanges we keep state about configurable
authorTobias Brunner <tobias@strongswan.org>
Tue, 22 Sep 2015 09:56:44 +0000 (11:56 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 30 Oct 2015 09:16:35 +0000 (10:16 +0100)
Fixes #1128.

conf/options/charon.opt
src/libcharon/sa/ikev1/keymat_v1.c

index 5d137ae..b00fe73 100644 (file)
@@ -204,6 +204,10 @@ charon.load_modular = no
        plugin list is preserved. Enabled plugins not found in that list are ordered
        alphabetically before other plugins with the same priority.
 
+charon.max_ikev1_exchanges = 3
+       Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about and
+       track concurrently.
+
 charon.max_packet = 10000
        Maximum packet size accepted by charon.
 
index f5a91db..e428966 100644 (file)
 typedef struct private_keymat_v1_t private_keymat_v1_t;
 
 /**
- * Max. number of IVs to track.
+ * Max. number of IVs/QMs to track.
  */
-#define MAX_IV 3
-
-/**
- * Max. number of Quick Modes to track.
- */
-#define MAX_QM 2
+#define MAX_EXCHANGES_DEFAULT 3
 
 /**
  * Data stored for IVs
@@ -110,6 +105,11 @@ struct private_keymat_v1_t {
         * of QMs are tracked at the same time. Stores qm_data_t objects.
         */
        linked_list_t *qms;
+
+       /**
+        * Max. number of IVs/Quick Modes to track.
+        */
+       int max_exchanges;
 };
 
 
@@ -874,7 +874,7 @@ static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid)
        }
        this->qms->insert_first(this->qms, found);
        /* remove least recently used state if maximum reached */
-       if (this->qms->get_count(this->qms) > MAX_QM &&
+       if (this->qms->get_count(this->qms) > this->max_exchanges &&
                this->qms->remove_last(this->qms, (void**)&qm) == SUCCESS)
        {
                qm_data_destroy(qm);
@@ -1048,7 +1048,7 @@ static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid)
        }
        this->ivs->insert_first(this->ivs, found);
        /* remove least recently used IV if maximum reached */
-       if (this->ivs->get_count(this->ivs) > MAX_IV &&
+       if (this->ivs->get_count(this->ivs) > this->max_exchanges &&
                this->ivs->remove_last(this->ivs, (void**)&iv) == SUCCESS)
        {
                iv_data_destroy(iv);
@@ -1163,6 +1163,8 @@ keymat_v1_t *keymat_v1_create(bool initiator)
                .ivs = linked_list_create(),
                .qms = linked_list_create(),
                .initiator = initiator,
+               .max_exchanges = lib->settings->get_int(lib->settings,
+                                       "%s.max_ikev1_exchanges", MAX_EXCHANGES_DEFAULT, lib->ns),
        );
 
        return &this->public;