projects / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 06f0ede)
Added a job_threshold option to drop IKE_SA_INITs if a certain job load reached
authorMartin Willi <martin@revosec.ch>
Mon, 2 May 2011 13:04:42 +0000 (15:04 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 May 2011 13:24:13 +0000 (15:24 +0200)
src/libcharon/network/receiver.c patch | blob | history

diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index d8cebe1..7914c1e 100644 (file)
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -36,6 +36,8 @@
 #define COOKIE_THRESHOLD_DEFAULT 10
 /** default value for private_receiver_t.block_threshold */
 #define BLOCK_THRESHOLD_DEFAULT 5
 #define COOKIE_THRESHOLD_DEFAULT 10
 /** default value for private_receiver_t.block_threshold */
 #define BLOCK_THRESHOLD_DEFAULT 5
+/** default value for private_receiver_t.job_threshold */
+#define JOB_THRESHOLD_DEFAULT 0
 /** length of the secret to use for cookie calculation */
 #define SECRET_LENGTH 16
 
 /** length of the secret to use for cookie calculation */
 #define SECRET_LENGTH 16
 
@@ -101,6 +103,11 @@ struct private_receiver_t {
        u_int32_t block_threshold;
 
        /**
        u_int32_t block_threshold;
 
        /**
+        * Drop IKE_SA_INIT requests if processor job load exceeds this limit
+        */
+       u_int32_t job_threshold;
+
+       /**
         * Delay for receiving incoming packets, to simulate larger RTT
         */
        int receive_delay;
         * Delay for receiving incoming packets, to simulate larger RTT
         */
        int receive_delay;
@@ -350,6 +357,25 @@ static job_requeue_t receive_packets(private_receiver_t *this)
                        message->destroy(message);
                        return JOB_REQUEUE_DIRECT;
                }
                        message->destroy(message);
                        return JOB_REQUEUE_DIRECT;
                }
+
+               /* check if job load acceptable */
+               if (this->job_threshold)
+               {
+                       u_int jobs = 0, i;
+
+                       for (i = 0; i < JOB_PRIO_MAX; i++)
+                       {
+                               jobs += lib->processor->get_job_load(lib->processor, i);
+                       }
+                       if (jobs > this->job_threshold)
+                       {
+                               DBG1(DBG_NET, "ignoring IKE_SA setup from %H, job load of %d "
+                                        "exceeds limit of %d", message->get_source(message),
+                                        jobs, this->job_threshold);
+                               message->destroy(message);
+                               return JOB_REQUEUE_DIRECT;
+                       }
+               }
        }
        if (this->receive_delay)
        {
        }
        if (this->receive_delay)
        {
@@ -408,6 +434,8 @@ receiver_t *receiver_create()
                this->block_threshold = lib->settings->get_int(lib->settings,
                                                "charon.block_threshold", BLOCK_THRESHOLD_DEFAULT);
        }
                this->block_threshold = lib->settings->get_int(lib->settings,
                                                "charon.block_threshold", BLOCK_THRESHOLD_DEFAULT);
        }
+       this->job_threshold = lib->settings->get_int(lib->settings,
+                                               "charon.job_threshold", JOB_THRESHOLD_DEFAULT);
        this->receive_delay = lib->settings->get_int(lib->settings,
                                                "charon.receive_delay", 0);
        this->receive_delay_type = lib->settings->get_int(lib->settings,
        this->receive_delay = lib->settings->get_int(lib->settings,
                                                "charon.receive_delay", 0);
        this->receive_delay_type = lib->settings->get_int(lib->settings,
strongSwan - IPsec VPN