child-cfg: Store connection specific replay window on CHILD_SA config

2025-12-04 00:00:21 -05:00 · 2014-06-16 17:26:33 +02:00 · 2014-06-16 17:26:33 +02:00 · bdcaa5e680
commit bdcaa5e680
parent a2c2ce9693
2 changed files with 38 additions and 0 deletions
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@ -27,6 +27,9 @@ ENUM(action_names, ACTION_NONE, ACTION_RESTART,
 	"restart",
 );

+/** Default replay window size, if not set using charon.replay_window */
+#define DEFAULT_REPLAY_WINDOW 32
+
 typedef struct private_child_cfg_t private_child_cfg_t;

 /**
@ -138,6 +141,11 @@ struct private_child_cfg_t {
 	 * enable installation and removal of kernel IPsec policies
 	 */
 	bool install_policy;
+
+	/**
+	 * anti-replay window size
+	 */
+	u_int32_t replay_window;
 };

 METHOD(child_cfg_t, get_name, char*,
@ -481,6 +489,18 @@ METHOD(child_cfg_t, get_tfc, u_int32_t,
 	return this->tfc;
 }

+METHOD(child_cfg_t, get_replay_window, u_int32_t,
+	private_child_cfg_t *this)
+{
+	return this->replay_window;
+}
+
+METHOD(child_cfg_t, set_replay_window, void,
+	private_child_cfg_t *this, u_int32_t replay_window)
+{
+	this->replay_window = replay_window;
+}
+
 METHOD(child_cfg_t, set_mipv6_options, void,
 	private_child_cfg_t *this, bool proxy_mode, bool install_policy)
 {
@ -558,6 +578,8 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
 			.get_reqid = _get_reqid,
 			.get_mark = _get_mark,
 			.get_tfc = _get_tfc,
+			.get_replay_window = _get_replay_window,
+			.set_replay_window = _set_replay_window,
 			.use_proxy_mode = _use_proxy_mode,
 			.install_policy = _install_policy,
 			.get_ref = _get_ref,
@ -580,6 +602,8 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
 		.my_ts = linked_list_create(),
 		.other_ts = linked_list_create(),
 		.tfc = tfc,
+		.replay_window = lib->settings->get_int(lib->settings,
+				"%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
 	);

 	if (mark_in)
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@ -234,6 +234,20 @@ struct child_cfg_t {
 	 */
 	u_int32_t (*get_tfc)(child_cfg_t *this);

+	/**
+	 * Get anti-replay window size
+	 *
+	 * @return				anti-replay window size
+	 */
+	u_int32_t (*get_replay_window)(child_cfg_t *this);
+
+	/**
+	 * Set anti-replay window size
+	 *
+	 * @param window		anti-replay window size
+	 */
+	void (*set_replay_window)(child_cfg_t *this, u_int32_t window);
+
 	/**
 	 * Sets two options needed for Mobile IPv6 interoperability.
 	 *