starter: Add a replay_window connection option
authorMartin Willi <martin@revosec.ch>
Mon, 16 Jun 2014 15:36:13 +0000 (17:36 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 17 Jun 2014 14:41:31 +0000 (16:41 +0200)
src/libcharon/plugins/stroke/stroke_config.c
src/starter/args.c
src/starter/confread.c
src/starter/confread.h
src/starter/keywords.h
src/starter/keywords.txt
src/starter/starterstroke.c
src/stroke/stroke_msg.h

index df15a16..62967b0 100644 (file)
@@ -1151,6 +1151,10 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
                                map_action(msg->add_conn.close_action), msg->add_conn.ipcomp,
                                msg->add_conn.inactivity, msg->add_conn.reqid,
                                &mark_in, &mark_out, msg->add_conn.tfc);
+       if (msg->add_conn.replay_window != -1)
+       {
+               child_cfg->set_replay_window(child_cfg, msg->add_conn.replay_window);
+       }
        child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
                                                                                        msg->add_conn.install_policy);
        add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
index f5a617e..0d662f4 100644 (file)
@@ -173,6 +173,7 @@ static const token_info_t token_info[] =
        { ARG_STR,  offsetof(starter_conn_t, me_mediated_by), NULL                     },
        { ARG_STR,  offsetof(starter_conn_t, me_peerid), NULL                          },
        { ARG_UINT, offsetof(starter_conn_t, reqid), NULL                              },
+       { ARG_UINT, offsetof(starter_conn_t, replay_window), NULL                      },
        { ARG_MISC, 0, NULL  /* KW_MARK */                                             },
        { ARG_MISC, 0, NULL  /* KW_MARK_IN */                                          },
        { ARG_MISC, 0, NULL  /* KW_MARK_OUT */                                         },
index 19178a2..0fac895 100644 (file)
@@ -34,6 +34,7 @@
 #define SA_REPLACEMENT_MARGIN_DEFAULT  540 /* 9 minutes */
 #define SA_REPLACEMENT_FUZZ_DEFAULT    100 /* 100% of margin */
 #define SA_REPLACEMENT_RETRIES_DEFAULT   3
+#define SA_REPLAY_WINDOW_DEFAULT        -1 /* use charon.replay_window */
 
 static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
 static const char esp_defaults[] = "aes128-sha1,3des-sha1";
@@ -132,6 +133,7 @@ static void default_values(starter_config_t *cfg)
        cfg->conn_default.install_policy        = TRUE;
        cfg->conn_default.dpd_delay             =  30; /* seconds */
        cfg->conn_default.dpd_timeout           = 150; /* seconds */
+       cfg->conn_default.replay_window         = SA_REPLAY_WINDOW_DEFAULT;
 
        cfg->conn_default.left.seen  = SEEN_NONE;
        cfg->conn_default.right.seen = SEEN_NONE;
index d55a17e..a32f8cb 100644 (file)
@@ -162,6 +162,7 @@ struct starter_conn {
                u_int32_t       reqid;
                mark_t          mark_in;
                mark_t          mark_out;
+               u_int32_t       replay_window;
                u_int32_t       tfc;
                bool            install_policy;
                bool            aggressive;
index 705a7c1..5b6b28b 100644 (file)
@@ -69,6 +69,7 @@ typedef enum {
        KW_MEDIATED_BY,
        KW_ME_PEERID,
        KW_REQID,
+       KW_REPLAY_WINDOW,
        KW_MARK,
        KW_MARK_IN,
        KW_MARK_OUT,
index ad915bf..ee0bd31 100644 (file)
@@ -69,6 +69,7 @@ mediation,         KW_MEDIATION
 mediated_by,       KW_MEDIATED_BY
 me_peerid,         KW_ME_PEERID
 reqid,             KW_REQID
+replay_window,     KW_REPLAY_WINDOW
 mark,              KW_MARK
 mark_in,           KW_MARK_IN
 mark_out,          KW_MARK_OUT
index fca4b1e..839e66e 100644 (file)
@@ -202,6 +202,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
        msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
        msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid);
        msg.add_conn.reqid = conn->reqid;
+       msg.add_conn.replay_window = conn->replay_window;
        msg.add_conn.mark_in.value = conn->mark_in.value;
        msg.add_conn.mark_in.mask = conn->mark_in.mask;
        msg.add_conn.mark_out.value = conn->mark_out.value;
index 5ece724..60886cf 100644 (file)
@@ -304,6 +304,7 @@ struct stroke_msg_t {
                                u_int32_t mask;
                        } mark_in, mark_out;
                        stroke_end_t me, other;
+                       u_int32_t replay_window;
                } add_conn;
 
                /* data for STR_ADD_CA */