From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 17 Jul 2015 12:08:09 +0000 (+0200)
Subject: ikev1: Assign different job priorities for inbound IKEv1 messages
X-Git-Tag: 5.3.3rc1~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a5c07be0589af9dd65150d20fa421bcd017b85e9;p=thirdparty%2Fstrongswan.git

ikev1: Assign different job priorities for inbound IKEv1 messages
---

diff --git a/src/libcharon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c
index a6795e766e..31f048db66 100644
--- a/src/libcharon/processing/jobs/process_message_job.c
+++ b/src/libcharon/processing/jobs/process_message_job.c
@@ -91,16 +91,26 @@ METHOD(job_t, get_priority, job_priority_t,
 	{
 		case IKE_AUTH:
 			/* IKE auth is rather expensive and often blocking, low priority */
+		case AGGRESSIVE:
+		case ID_PROT:
+			/* AM is basically IKE_SA_INIT/IKE_AUTH combined (without EAP/XAuth)
+			 * MM is similar, but stretched out more */
 			return JOB_PRIO_LOW;
 		case INFORMATIONAL:
+		case INFORMATIONAL_V1:
 			/* INFORMATIONALs are inexpensive, for DPD we should have low
 			 * reaction times */
 			return JOB_PRIO_HIGH;
 		case IKE_SA_INIT:
-		case CREATE_CHILD_SA:
-		default:
 			/* IKE_SA_INIT is expensive, but we will drop them in the receiver
 			 * if we are overloaded */
+		case CREATE_CHILD_SA:
+		case QUICK_MODE:
+			/* these may require DH, but if not they are relatively cheap */
+		case TRANSACTION:
+			/* these are mostly cheap, however, if XAuth via RADIUS is used
+			 * they may block */
+		default:
 			return JOB_PRIO_MEDIUM;
 	}
 }