Added an option to configure the maximum size of a fragment

author Tobias Brunner <tobias@strongswan.org>

Sat, 12 Jan 2013 10:48:32 +0000 (11:48 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Sat, 12 Jan 2013 10:54:58 +0000 (11:54 +0100)
author Tobias Brunner <tobias@strongswan.org>
Sat, 12 Jan 2013 10:48:32 +0000 (11:48 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Sat, 12 Jan 2013 10:54:58 +0000 (11:54 +0100)
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in

index 8000951ab48236742809e4b4e39987b3790d801a..3f4e6389e971eeac7ea85706f87db887fbc676cb 100644 (file)
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -164,6 +164,10 @@ are released to free memory once an IKE_SA is established.
  Enabling this might conflict with plugins that later need access to e.g. the
  used certificates.
  .TP
+.BR charon.fragment_size " [512]"
+Maximum size (in bytes) of a sent fragment when using the proprietary IKEv1
+fragmentation extension.
+.TP
  .BR charon.half_open_timeout " [30]"
  Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
  .TP
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c

index 60ec23199274dd8b52a64c4d80583f03981da9b5..7d6e7ac91b62090c23c2f9e7a12354be5bcd3be1 100644 (file)
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2007-2012 Tobias Brunner
+ * Copyright (C) 2007-2013 Tobias Brunner
   * Copyright (C) 2007-2011 Martin Willi
   * Hochschule fuer Technik Rapperswil
   *
@@ -216,6 +216,11 @@ struct private_task_manager_t {
                  */
                 size_t max_packet;
  
+               /**
+                * Maximum length of a single fragment (when sending)
+                */
+               size_t size;
+
                 /**
                  * The exchange type we use for fragments. Always the initial type even
                  * for fragmented quick mode or transaction messages (i.e. either
@@ -414,7 +419,7 @@ static bool send_packet(private_task_manager_t *this, bool request,
         ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
         fragmentation = ike_cfg->fragmentation(ike_cfg);
         data = packet->get_data(packet);
-       if (data.len > MAX_FRAGMENT_SIZE && (fragmentation == FRAGMENTATION_FORCE ||
+       if (data.len > this->frag.size && (fragmentation == FRAGMENTATION_FORCE ||
            (this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_FRAGMENTATION) &&
                 fragmentation == FRAGMENTATION_YES)))
         {
@@ -425,7 +430,7 @@ static bool send_packet(private_task_manager_t *this, bool request,
  
                 /* reduce size due to non-ESP marker */
                 nat = this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY);
-               frag_size = MAX_FRAGMENT_SIZE - (nat ? 4 : 0);
+               frag_size = this->frag.size - (nat ? 4 : 0);
  
                 src = packet->get_source(packet);
                 dst = packet->get_destination(packet);
@@ -1989,6 +1994,8 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
                         .exchange = ID_PROT,
                         .max_packet = lib->settings->get_int(lib->settings,
                                         "%s.max_packet", MAX_PACKET, charon->name),
+                       .size = lib->settings->get_int(lib->settings,
+                                       "%s.fragment_size", MAX_FRAGMENT_SIZE, charon->name),
                 },
                 .ike_sa = ike_sa,
                 .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
author	Tobias Brunner <tobias@strongswan.org>
	Sat, 12 Jan 2013 10:48:32 +0000 (11:48 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Sat, 12 Jan 2013 10:54:58 +0000 (11:54 +0100)
man/strongswan.conf.5.in		patch \| blob \| blame \| history
src/libcharon/sa/ikev1/task_manager_v1.c		patch \| blob \| blame \| history