From: Tobias Brunner Date: Sat, 12 Jan 2013 10:48:32 +0000 (+0100) Subject: Added an option to configure the maximum size of a fragment X-Git-Tag: 5.0.2dr4~8^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee6902ef7f69386cc73303e530736d2ba9423051;p=thirdparty%2Fstrongswan.git Added an option to configure the maximum size of a fragment --- diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index 8000951ab4..3f4e6389e9 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -164,6 +164,10 @@ are released to free memory once an IKE_SA is established. Enabling this might conflict with plugins that later need access to e.g. the used certificates. .TP +.BR charon.fragment_size " [512]" +Maximum size (in bytes) of a sent fragment when using the proprietary IKEv1 +fragmentation extension. +.TP .BR charon.half_open_timeout " [30]" Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING). .TP diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 60ec231992..7d6e7ac91b 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2012 Tobias Brunner + * Copyright (C) 2007-2013 Tobias Brunner * Copyright (C) 2007-2011 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -216,6 +216,11 @@ struct private_task_manager_t { */ size_t max_packet; + /** + * Maximum length of a single fragment (when sending) + */ + size_t size; + /** * The exchange type we use for fragments. Always the initial type even * for fragmented quick mode or transaction messages (i.e. either @@ -414,7 +419,7 @@ static bool send_packet(private_task_manager_t *this, bool request, ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); fragmentation = ike_cfg->fragmentation(ike_cfg); data = packet->get_data(packet); - if (data.len > MAX_FRAGMENT_SIZE && (fragmentation == FRAGMENTATION_FORCE || + if (data.len > this->frag.size && (fragmentation == FRAGMENTATION_FORCE || (this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_FRAGMENTATION) && fragmentation == FRAGMENTATION_YES))) { @@ -425,7 +430,7 @@ static bool send_packet(private_task_manager_t *this, bool request, /* reduce size due to non-ESP marker */ nat = this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY); - frag_size = MAX_FRAGMENT_SIZE - (nat ? 4 : 0); + frag_size = this->frag.size - (nat ? 4 : 0); src = packet->get_source(packet); dst = packet->get_destination(packet); @@ -1989,6 +1994,8 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) .exchange = ID_PROT, .max_packet = lib->settings->get_int(lib->settings, "%s.max_packet", MAX_PACKET, charon->name), + .size = lib->settings->get_int(lib->settings, + "%s.fragment_size", MAX_FRAGMENT_SIZE, charon->name), }, .ike_sa = ike_sa, .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),