[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-tech
Subject: Re: iked(8): add support for IKEv2 Message Fragmentation
From: Tobias Heider <tobias_heider () genua ! de>
Date: 2019-02-28 6:06:40
Message-ID: 20190228060639.GB4682 () genua ! de
[Download RAW message or body]
On Wed, Feb 27, 2019 at 01:01:37PM +0000, Stuart Henderson wrote:
> A couple of nits - manpage part is missing, I propose this:
>
> Index: iked.conf.5
> ===================================================================
> RCS file: /cvs/src/sbin/iked/iked.conf.5,v
> retrieving revision 1.53
> diff -u -p -r1.53 iked.conf.5
> --- iked.conf.5 31 Jan 2018 13:25:55 -0000 1.53
> +++ iked.conf.5 27 Feb 2019 12:45:46 -0000
> @@ -136,6 +136,12 @@ This is the default.
> .It Ic set decouple
> Don't load the negotiated SAs and flows from the kernel.
> This mode is only useful for testing and debugging.
> +.It Ic set fragmentation
> +Enable IKEv2 Message Fragmentation (RFC 7383) support.
> +This allows IKEv2 to operate in environments that might block IP fragments.
> +.It Ic set nofragmentation
> +Disables IKEv2 Message Fragmentation support.
> +This is the default.
> .It Ic set mobike
> Enable MOBIKE (RFC 4555) support.
> This is the default.
+1, nothing more to say here.
> There are some over-long lines - it's not fair to require <=80 for
> everything in this diff when big parts of iked already exceed this,
> but some of the longer ones need reining in e.g.
>
> > Index: sbin/iked/iked.h
> ..
> |------------------------------------------------------------------------------|
> > +#define IKED_FRAG_TOTAL_MAX 111 /* upper limit of frag_total (64kB / 576B) */
> ...#define IKED_FRAG_TOTAL_MAX 111 /* upper limit of frag_total (64kB / 576B) */
>
> > struct iked_message *
> > ikev2_msg_lookup(struct iked *, struct iked_msgqueue *,
> > struct iked_message *, struct ike_header *);
> > +void ikev2_msg_lookup_dispose_all(struct iked *env, struct iked_msgqueue *queue,
> > + struct iked_message *msg, struct ike_header *hdr);
> > +int ikev2_msg_lookup_retransmit_all(struct iked *env, struct iked_msgqueue *queue,
> > + struct iked_message *msg, struct ike_header *hdr, struct iked_sa *sa);
> ...(split onto another line)
>
> > Index: sbin/iked/ikev2.c
> ..
> > - if ((m = ikev2_msg_lookup(env, &sa->sa_responses, msg, hdr))) {
> > - if (ikev2_msg_retransmit_response(env, sa, m)) {
> > + if ((r = ikev2_msg_lookup_retransmit_all(env, &sa->sa_responses, msg, hdr, sa)) != 0) {
> > + if (r == -1) {
> ...(and here)
>
> I've done that in my tree.
Nice reminder to copy my vimrc to the machine next time, thx.
> Ha, nice :)
You're welcome ;)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic