child-cfg: Store connection specific replay window on CHILD_SA config
authorMartin Willi <martin@revosec.ch>
Mon, 16 Jun 2014 15:26:33 +0000 (17:26 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 17 Jun 2014 13:42:02 +0000 (15:42 +0200)
src/libcharon/config/child_cfg.c
src/libcharon/config/child_cfg.h

index 3f07b58..7e4a143 100644 (file)
@@ -27,6 +27,9 @@ ENUM(action_names, ACTION_NONE, ACTION_RESTART,
        "restart",
 );
 
+/** Default replay window size, if not set using charon.replay_window */
+#define DEFAULT_REPLAY_WINDOW 32
+
 typedef struct private_child_cfg_t private_child_cfg_t;
 
 /**
@@ -138,6 +141,11 @@ struct private_child_cfg_t {
         * enable installation and removal of kernel IPsec policies
         */
        bool install_policy;
+
+       /**
+        * anti-replay window size
+        */
+       u_int32_t replay_window;
 };
 
 METHOD(child_cfg_t, get_name, char*,
@@ -481,6 +489,18 @@ METHOD(child_cfg_t, get_tfc, u_int32_t,
        return this->tfc;
 }
 
+METHOD(child_cfg_t, get_replay_window, u_int32_t,
+       private_child_cfg_t *this)
+{
+       return this->replay_window;
+}
+
+METHOD(child_cfg_t, set_replay_window, void,
+       private_child_cfg_t *this, u_int32_t replay_window)
+{
+       this->replay_window = replay_window;
+}
+
 METHOD(child_cfg_t, set_mipv6_options, void,
        private_child_cfg_t *this, bool proxy_mode, bool install_policy)
 {
@@ -558,6 +578,8 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
                        .get_reqid = _get_reqid,
                        .get_mark = _get_mark,
                        .get_tfc = _get_tfc,
+                       .get_replay_window = _get_replay_window,
+                       .set_replay_window = _set_replay_window,
                        .use_proxy_mode = _use_proxy_mode,
                        .install_policy = _install_policy,
                        .get_ref = _get_ref,
@@ -580,6 +602,8 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
                .my_ts = linked_list_create(),
                .other_ts = linked_list_create(),
                .tfc = tfc,
+               .replay_window = lib->settings->get_int(lib->settings,
+                               "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
        );
 
        if (mark_in)
index 43ad1c5..9f7a92b 100644 (file)
@@ -235,6 +235,20 @@ struct child_cfg_t {
        u_int32_t (*get_tfc)(child_cfg_t *this);
 
        /**
+        * Get anti-replay window size
+        *
+        * @return                              anti-replay window size
+        */
+       u_int32_t (*get_replay_window)(child_cfg_t *this);
+
+       /**
+        * Set anti-replay window size
+        *
+        * @param window                anti-replay window size
+        */
+       void (*set_replay_window)(child_cfg_t *this, u_int32_t window);
+
+       /**
         * Sets two options needed for Mobile IPv6 interoperability.
         *
         * @param proxy_mode    use IPsec transport proxy mode (default FALSE)