Added an option to configure the maximum size of a fragment
authorTobias Brunner <tobias@strongswan.org>
Sat, 12 Jan 2013 10:48:32 +0000 (11:48 +0100)
committerTobias Brunner <tobias@strongswan.org>
Sat, 12 Jan 2013 10:54:58 +0000 (11:54 +0100)
man/strongswan.conf.5.in
src/libcharon/sa/ikev1/task_manager_v1.c

index 8000951..3f4e638 100644 (file)
@@ -164,6 +164,10 @@ are released to free memory once an IKE_SA is established.
 Enabling this might conflict with plugins that later need access to e.g. the
 used certificates.
 .TP
+.BR charon.fragment_size " [512]"
+Maximum size (in bytes) of a sent fragment when using the proprietary IKEv1
+fragmentation extension.
+.TP
 .BR charon.half_open_timeout " [30]"
 Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
 .TP
index 60ec231..7d6e7ac 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2012 Tobias Brunner
+ * Copyright (C) 2007-2013 Tobias Brunner
  * Copyright (C) 2007-2011 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -217,6 +217,11 @@ struct private_task_manager_t {
                size_t max_packet;
 
                /**
+                * Maximum length of a single fragment (when sending)
+                */
+               size_t size;
+
+               /**
                 * The exchange type we use for fragments. Always the initial type even
                 * for fragmented quick mode or transaction messages (i.e. either
                 * ID_PROT or AGGRESSIVE)
@@ -414,7 +419,7 @@ static bool send_packet(private_task_manager_t *this, bool request,
        ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
        fragmentation = ike_cfg->fragmentation(ike_cfg);
        data = packet->get_data(packet);
-       if (data.len > MAX_FRAGMENT_SIZE && (fragmentation == FRAGMENTATION_FORCE ||
+       if (data.len > this->frag.size && (fragmentation == FRAGMENTATION_FORCE ||
           (this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_FRAGMENTATION) &&
                fragmentation == FRAGMENTATION_YES)))
        {
@@ -425,7 +430,7 @@ static bool send_packet(private_task_manager_t *this, bool request,
 
                /* reduce size due to non-ESP marker */
                nat = this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY);
-               frag_size = MAX_FRAGMENT_SIZE - (nat ? 4 : 0);
+               frag_size = this->frag.size - (nat ? 4 : 0);
 
                src = packet->get_source(packet);
                dst = packet->get_destination(packet);
@@ -1989,6 +1994,8 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
                        .exchange = ID_PROT,
                        .max_packet = lib->settings->get_int(lib->settings,
                                        "%s.max_packet", MAX_PACKET, charon->name),
+                       .size = lib->settings->get_int(lib->settings,
+                                       "%s.fragment_size", MAX_FRAGMENT_SIZE, charon->name),
                },
                .ike_sa = ike_sa,
                .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),