From: Martin Willi <martin@revosec.ch>
Date: Mon, 16 Jun 2014 15:36:13 +0000 (+0200)
Subject: starter: Add a replay_window connection option
X-Git-Tag: 5.2.0rc1~49^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5367d22623f5b594fc7b1f49dfa967c0a2eb318;p=thirdparty%2Fstrongswan.git

starter: Add a replay_window connection option
---

diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index df15a16087..62967b006b 100644
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -1151,6 +1151,10 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
 				map_action(msg->add_conn.close_action), msg->add_conn.ipcomp,
 				msg->add_conn.inactivity, msg->add_conn.reqid,
 				&mark_in, &mark_out, msg->add_conn.tfc);
+	if (msg->add_conn.replay_window != -1)
+	{
+		child_cfg->set_replay_window(child_cfg, msg->add_conn.replay_window);
+	}
 	child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
 											msg->add_conn.install_policy);
 	add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
diff --git a/src/starter/args.c b/src/starter/args.c
index f5a617eaa8..0d662f400e 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -173,6 +173,7 @@ static const token_info_t token_info[] =
 	{ ARG_STR,  offsetof(starter_conn_t, me_mediated_by), NULL                     },
 	{ ARG_STR,  offsetof(starter_conn_t, me_peerid), NULL                          },
 	{ ARG_UINT, offsetof(starter_conn_t, reqid), NULL                              },
+	{ ARG_UINT, offsetof(starter_conn_t, replay_window), NULL                      },
 	{ ARG_MISC, 0, NULL  /* KW_MARK */                                             },
 	{ ARG_MISC, 0, NULL  /* KW_MARK_IN */                                          },
 	{ ARG_MISC, 0, NULL  /* KW_MARK_OUT */                                         },
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 19178a2c39..0fac895425 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -34,6 +34,7 @@
 #define SA_REPLACEMENT_MARGIN_DEFAULT  540 /* 9 minutes */
 #define SA_REPLACEMENT_FUZZ_DEFAULT    100 /* 100% of margin */
 #define SA_REPLACEMENT_RETRIES_DEFAULT   3
+#define SA_REPLAY_WINDOW_DEFAULT        -1 /* use charon.replay_window */
 
 static const char ike_defaults[] = "aes128-sha1-modp2048,3des-sha1-modp1536";
 static const char esp_defaults[] = "aes128-sha1,3des-sha1";
@@ -132,6 +133,7 @@ static void default_values(starter_config_t *cfg)
 	cfg->conn_default.install_policy        = TRUE;
 	cfg->conn_default.dpd_delay             =  30; /* seconds */
 	cfg->conn_default.dpd_timeout           = 150; /* seconds */
+	cfg->conn_default.replay_window         = SA_REPLAY_WINDOW_DEFAULT;
 
 	cfg->conn_default.left.seen  = SEEN_NONE;
 	cfg->conn_default.right.seen = SEEN_NONE;
diff --git a/src/starter/confread.h b/src/starter/confread.h
index d55a17e631..a32f8cba40 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -162,6 +162,7 @@ struct starter_conn {
 		u_int32_t       reqid;
 		mark_t          mark_in;
 		mark_t          mark_out;
+		u_int32_t       replay_window;
 		u_int32_t       tfc;
 		bool            install_policy;
 		bool            aggressive;
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 705a7c16e9..5b6b28bf85 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -69,6 +69,7 @@ typedef enum {
 	KW_MEDIATED_BY,
 	KW_ME_PEERID,
 	KW_REQID,
+	KW_REPLAY_WINDOW,
 	KW_MARK,
 	KW_MARK_IN,
 	KW_MARK_OUT,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index ad915bf2af..ee0bd31e1e 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -69,6 +69,7 @@ mediation,         KW_MEDIATION
 mediated_by,       KW_MEDIATED_BY
 me_peerid,         KW_ME_PEERID
 reqid,             KW_REQID
+replay_window,     KW_REPLAY_WINDOW
 mark,              KW_MARK
 mark_in,           KW_MARK_IN
 mark_out,          KW_MARK_OUT
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index fca4b1e7dc..839e66e7bb 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -202,6 +202,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
 	msg.add_conn.ikeme.peerid = push_string(&msg, conn->me_peerid);
 	msg.add_conn.reqid = conn->reqid;
+	msg.add_conn.replay_window = conn->replay_window;
 	msg.add_conn.mark_in.value = conn->mark_in.value;
 	msg.add_conn.mark_in.mask = conn->mark_in.mask;
 	msg.add_conn.mark_out.value = conn->mark_out.value;
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index 5ece7248bf..60886cf7fe 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -304,6 +304,7 @@ struct stroke_msg_t {
 				u_int32_t mask;
 			} mark_in, mark_out;
 			stroke_end_t me, other;
+			u_int32_t replay_window;
 		} add_conn;
 
 		/* data for STR_ADD_CA */