diff options
Diffstat (limited to 'src/charon/network')
| -rw-r--r-- | src/charon/network/receiver.c | 12 | ||||
| -rw-r--r-- | src/charon/network/socket.h | 6 |
2 files changed, 13 insertions, 5 deletions
diff --git a/src/charon/network/receiver.c b/src/charon/network/receiver.c index 885280a62..73317ccbc 100644 --- a/src/charon/network/receiver.c +++ b/src/charon/network/receiver.c @@ -13,7 +13,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: receiver.c 3994 2008-05-21 21:52:59Z andreas $ + * $Id: receiver.c 4228 2008-07-30 08:27:08Z martin $ */ #include <stdlib.h> @@ -96,6 +96,11 @@ struct private_receiver_t { * hasher to use for cookie calculation */ hasher_t *hasher; + + /** + * use denial of service protection mechanisms (cookies) + */ + bool dos_protection; }; /** @@ -282,7 +287,8 @@ static job_requeue_t receive_packets(private_receiver_t *this) } if (message->get_request(message) && - message->get_exchange_type(message) == IKE_SA_INIT) + message->get_exchange_type(message) == IKE_SA_INIT && + this->dos_protection) { /* check for cookies */ if (cookie_required(this, message)) @@ -367,6 +373,8 @@ receiver_t *receiver_create() this->secret_used = 0; this->rng->get_bytes(this->rng, SECRET_LENGTH, this->secret); memcpy(this->secret_old, this->secret, SECRET_LENGTH); + this->dos_protection = lib->settings->get_bool(lib->settings, + "charon.dos_protection", TRUE); this->job = callback_job_create((callback_job_cb_t)receive_packets, this, NULL, NULL); diff --git a/src/charon/network/socket.h b/src/charon/network/socket.h index 077da4bba..b76a9b0c3 100644 --- a/src/charon/network/socket.h +++ b/src/charon/network/socket.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. * - * $Id: socket.h 3589 2008-03-13 14:14:44Z martin $ + * $Id: socket.h 4355 2008-09-25 07:56:58Z tobias $ */ /** @@ -50,7 +50,7 @@ typedef struct socket_t socket_t; * The first uses raw sockets to allow binding of other daemons (pluto) to * UDP/500. An installed "Linux socket filter" filters out all non-IKEv2 * traffic and handles just IKEv2 messages. An other daemon (pluto) must - * handle all traffic seperatly, e.g. ignore IKEv2 traffic, since charon + * handle all traffic separately, e.g. ignore IKEv2 traffic, since charon * handles that. * The other implementation uses normal sockets and is built if * --disable-pluto is given to the configure script. @@ -91,7 +91,7 @@ struct socket_t { }; /** - * Create a socket_t, wich binds multiple sockets. + * Create a socket_t, which binds multiple sockets. * * @return socket_t object */ |