summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--packages/strongswan/patches/0005-vici-add-soft-lifetime-calculation-if-hard-lifetime-configured.patch97
1 files changed, 0 insertions, 97 deletions
diff --git a/packages/strongswan/patches/0005-vici-add-soft-lifetime-calculation-if-hard-lifetime-configured.patch b/packages/strongswan/patches/0005-vici-add-soft-lifetime-calculation-if-hard-lifetime-configured.patch
deleted file mode 100644
index dc21a96d..00000000
--- a/packages/strongswan/patches/0005-vici-add-soft-lifetime-calculation-if-hard-lifetime-configured.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From a2b1e06f07569e8d3f08a37b68a206164b67fbe3 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Tue, 6 Dec 2022 17:33:20 +0100
-Subject: [PATCH] vici: Base default soft lifetime on hard lifetime if
- configured
-
-Depending on the configured hard lifetime the default soft lifetime
-might not make sense and could even cause rekeying to get disabled.
-To avoid that, derive the soft lifetime from the hard lifetime so it's
-10% higher than the soft lifetime.
-
-References strongswan/strongswan#1414
----
- src/libcharon/plugins/vici/vici_config.c | 46 ++++++++++++++++++++----
- 1 file changed, 40 insertions(+), 6 deletions(-)
-
-diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
-index 0c061d4b2d7..a59d799caf6 100644
---- a/src/libcharon/plugins/vici/vici_config.c
-+++ b/src/libcharon/plugins/vici/vici_config.c
-@@ -1981,18 +1981,52 @@ CALLBACK(auth_sn, bool,
- */
- static void check_lifetimes(lifetime_cfg_t *lft)
- {
-+ /* if no soft lifetime specified, set a default or base it on the hard lifetime */
-+ if (lft->time.rekey == LFT_UNDEFINED)
-+ {
-+ if (lft->time.life != LFT_UNDEFINED)
-+ {
-+ lft->time.rekey = lft->time.life / 1.1;
-+ }
-+ else
-+ {
-+ lft->time.rekey = LFT_DEFAULT_CHILD_REKEY_TIME;
-+ }
-+ }
-+ if (lft->bytes.rekey == LFT_UNDEFINED)
-+ {
-+ if (lft->bytes.life != LFT_UNDEFINED)
-+ {
-+ lft->bytes.rekey = lft->bytes.life / 1.1;
-+ }
-+ else
-+ {
-+ lft->bytes.rekey = LFT_DEFAULT_CHILD_REKEY_BYTES;
-+ }
-+ }
-+ if (lft->packets.rekey == LFT_UNDEFINED)
-+ {
-+ if (lft->packets.life != LFT_UNDEFINED)
-+ {
-+ lft->packets.rekey = lft->packets.life / 1.1;
-+ }
-+ else
-+ {
-+ lft->packets.rekey = LFT_DEFAULT_CHILD_REKEY_PACKETS;
-+ }
-+ }
- /* if no hard lifetime specified, add one at soft lifetime + 10% */
- if (lft->time.life == LFT_UNDEFINED)
- {
-- lft->time.life = lft->time.rekey * 110 / 100;
-+ lft->time.life = lft->time.rekey * 1.1;
- }
- if (lft->bytes.life == LFT_UNDEFINED)
- {
-- lft->bytes.life = lft->bytes.rekey * 110 / 100;
-+ lft->bytes.life = lft->bytes.rekey * 1.1;
- }
- if (lft->packets.life == LFT_UNDEFINED)
- {
-- lft->packets.life = lft->packets.rekey * 110 / 100;
-+ lft->packets.life = lft->packets.rekey * 1.1;
- }
- /* if no rand time defined, use difference of hard and soft */
- if (lft->time.jitter == LFT_UNDEFINED)
-@@ -2026,17 +2060,17 @@ CALLBACK(children_sn, bool,
- .mode = MODE_TUNNEL,
- .lifetime = {
- .time = {
-- .rekey = LFT_DEFAULT_CHILD_REKEY_TIME,
-+ .rekey = LFT_UNDEFINED,
- .life = LFT_UNDEFINED,
- .jitter = LFT_UNDEFINED,
- },
- .bytes = {
-- .rekey = LFT_DEFAULT_CHILD_REKEY_BYTES,
-+ .rekey = LFT_UNDEFINED,
- .life = LFT_UNDEFINED,
- .jitter = LFT_UNDEFINED,
- },
- .packets = {
-- .rekey = LFT_DEFAULT_CHILD_REKEY_PACKETS,
-+ .rekey = LFT_UNDEFINED,
- .life = LFT_UNDEFINED,
- .jitter = LFT_UNDEFINED,
- },