[vpnc-devel] svn commit: vpnc r170 - in /trunk: config.c config.h tunip.c tunip.h vpnc-script vpnc.c
vpnc at unix-ag.uni-kl.de
vpnc at unix-ag.uni-kl.de
Mon Apr 30 15:41:47 CEST 2007
Author: Maurice Massar
Date: Mon Apr 30 15:41:46 2007
New Revision: 170
Log:
dpd timer/disable patch from Joerg Mayer <jmvpnc at loplof.de>
Modified:
trunk/config.c
trunk/config.h
trunk/tunip.c
trunk/tunip.h
trunk/vpnc-script
trunk/vpnc.c
Modified: trunk/config.c
==============================================================================
--- trunk/config.c (original)
+++ trunk/config.c Mon Apr 30 15:41:46 2007
@@ -244,6 +244,11 @@
return "10000";
}
+static const char *config_def_dpd_idle(void)
+{
+ return "300";
+}
+
static const char *config_def_app_version(void)
{
struct utsname uts;
@@ -272,7 +277,7 @@
static const struct config_names_s {
enum config_enum nm;
const int needsArgument;
- const int lvl;
+ const int long_only;
const char *option;
const char *name;
const char *type;
@@ -476,11 +481,19 @@
"--udp-port",
"Cisco UDP Encapsulation Port ",
"<0-65535>",
- "local UDP port number to use (0 == use random port)\n"
+ "Local UDP port number to use (0 == use random port)\n"
"This is only relevant if cisco-udp nat-traversal is used.\n"
"This is the _local_ port, the remote udp port is discovered automatically.\n"
"It is especially not the cisco-tcp port\n",
config_def_udp_port
+ }, {
+ CONFIG_DPD_IDLE, 1, 1,
+ "--dpd-idle",
+ "DPD idle timeout (our side) ",
+ "<0,10-86400>",
+ "Send DPD packet after not receiving anything for <idle> seconds.\n"
+ "Use 0 to disable DPD completely (both ways).\n",
+ config_def_dpd_idle
}, {
CONFIG_NON_INTERACTIVE, 0, 1,
"--non-inter",
@@ -580,7 +593,7 @@
printf("%s%s\n", pre, p);
}
-static void print_usage(char *argv0, int long_help)
+static void print_usage(char *argv0, int print_level)
{
int c;
@@ -588,7 +601,7 @@
argv0);
printf("Legend:\n");
for (c = 0; config_names[c].name != NULL; c++) {
- if (config_names[c].lvl > long_help)
+ if (config_names[c].long_only > print_level)
continue;
printf(" %s %s\n"
@@ -607,7 +620,7 @@
printf("\n");
}
- if (!long_help)
+ if (!print_level)
printf("Use --long-help to see all options\n\n");
printf("Report bugs to vpnc at unix-ag.uni-kl.de\n");
Modified: trunk/config.h
==============================================================================
--- trunk/config.h (original)
+++ trunk/config.h Mon Apr 30 15:41:46 2007
@@ -54,6 +54,7 @@
CONFIG_VENDOR,
CONFIG_NATT_MODE,
CONFIG_UDP_ENCAP_PORT,
+ CONFIG_DPD_IDLE,
LAST_CONFIG
};
Modified: trunk/tunip.c
==============================================================================
--- trunk/tunip.c (original)
+++ trunk/tunip.c Mon Apr 30 15:41:46 2007
@@ -821,9 +821,9 @@
if (s->ike.do_dpd) {
/* send initial dpd request */
- next_ike_dpd = time(NULL) + 300;
+ next_ike_dpd = time(NULL) + s->ike.dpd_idle;
dpd_ike(s);
- normal_timeout.tv_sec = 300;
+ normal_timeout.tv_sec = s->ike.dpd_idle;
normal_timeout.tv_usec = 0;
}
@@ -867,11 +867,11 @@
select_timeout.tv_sec = 5;
select_timeout.tv_usec = 0;
dpd_ike(s);
- next_ike_dpd = now + 300;
+ next_ike_dpd = now + s->ike.dpd_idle;
}
else if (now >= next_ike_dpd) {
dpd_ike(s);
- next_ike_dpd = now + 300;
+ next_ike_dpd = now + s->ike.dpd_idle;
}
}
}
@@ -919,13 +919,13 @@
if (s->ike.do_dpd) {
if (s->ike.dpd_seqno != s->ike.dpd_seqno_ack) {
dpd_ike(s);
- next_ike_dpd = now + 300;
+ next_ike_dpd = now + s->ike.dpd_idle;
if (now + 5 < next_up)
next_up = now + 5;
}
else if (now >= next_ike_dpd) {
dpd_ike(s);
- next_ike_dpd = now + 300;
+ next_ike_dpd = now + s->ike.dpd_idle;
}
if (next_ike_dpd < next_up)
next_up = next_ike_dpd;
Modified: trunk/tunip.h
==============================================================================
--- trunk/tunip.h (original)
+++ trunk/tunip.h Mon Apr 30 15:41:46 2007
@@ -92,6 +92,7 @@
uint8_t *current_iv;
struct lifetime life;
int do_dpd;
+ int dpd_idle;
uint32_t dpd_seqno;
uint32_t dpd_seqno_ack;
time_t dpd_sent;
Modified: trunk/vpnc-script
==============================================================================
--- trunk/vpnc-script (original)
+++ trunk/vpnc-script Mon Apr 30 15:41:46 2007
@@ -225,7 +225,7 @@
CISCO_DEF_DOMAIN_ORIG="$CISCO_DEF_DOMAIN"
# Don't step on INTERNAL_IP4_DNS value, use a temporary variable
INTERNAL_IP4_DNS_TEMP="$INTERNAL_IP4_DNS"
- exec 6< /etc/resolv.conf
+ exec 6< "$RESOLV_CONF_BACKUP"
while read LINE <&6 ; do
case "$LINE" in
nameserver*)
Modified: trunk/vpnc.c
==============================================================================
--- trunk/vpnc.c (original)
+++ trunk/vpnc.c Mon Apr 30 15:41:46 2007
@@ -1051,8 +1051,15 @@
l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
VID_NATT_00, sizeof(VID_NATT_00));
}
- l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
- VID_DPD, sizeof(VID_DPD));
+ s->ike.dpd_idle = atoi(config[CONFIG_DPD_IDLE]);
+ if (s->ike.dpd_idle != 0) {
+ if (s->ike.dpd_idle < 10)
+ s->ike.dpd_idle = 10;
+ if (s->ike.dpd_idle > 86400)
+ s->ike.dpd_idle = 86400;
+ l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
+ VID_DPD, sizeof(VID_DPD));
+ }
flatten_isakmp_packet(p1, &pkt, &pkt_len, 0);
/* Now, send that packet and receive a new one. */
@@ -1266,11 +1273,15 @@
} else if (rp->u.vid.length == sizeof(VID_DPD)
&& memcmp(rp->u.vid.data, VID_DPD,
sizeof(VID_DPD)) == 0) {
- gcry_create_nonce(&s->ike.dpd_seqno, sizeof(s->ike.dpd_seqno));
- s->ike.dpd_seqno &= 0x7FFFFFFF;
- s->ike.dpd_seqno_ack = s->ike.dpd_seqno;
- s->ike.do_dpd = 1;
- DEBUG(2, printf("peer is DPD capable (RFC3706)\n"));
+ if (s->ike.dpd_idle != 0) {
+ gcry_create_nonce(&s->ike.dpd_seqno, sizeof(s->ike.dpd_seqno));
+ s->ike.dpd_seqno &= 0x7FFFFFFF;
+ s->ike.dpd_seqno_ack = s->ike.dpd_seqno;
+ s->ike.do_dpd = 1;
+ DEBUG(2, printf("peer is DPD capable (RFC3706)\n"));
+ } else {
+ DEBUG(2, printf("ignoring that peer is DPD capable (RFC3706)\n"));
+ }
} else {
hex_dump("unknown ISAKMP_PAYLOAD_VID: ",
rp->u.vid.data, rp->u.vid.length, NULL);
More information about the vpnc-devel
mailing list