Module Name: src
Committed By: tteras
Date: Mon Nov 14 13:24:05 UTC 2011
Modified Files:
src/crypto/dist/ipsec-tools/src/libipsec: pfkey.c
Log Message:
>From Marcelo Leitner <[email protected]>: do not shrink pfkey socket
buffers (if system default is larger than what we want as minimum)
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c
diff -u src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c:1.21 src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c:1.22
--- src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c:1.21 Thu Jan 20 16:08:35 2011
+++ src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c Mon Nov 14 13:24:04 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkey.c,v 1.21 2011/01/20 16:08:35 vanhu Exp $ */
+/* $NetBSD: pfkey.c,v 1.22 2011/11/14 13:24:04 tteras Exp $ */
/* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */
@@ -1783,7 +1783,9 @@ int
pfkey_open(void)
{
int so;
- int bufsiz = 128 * 1024; /*is 128K enough?*/
+ int bufsiz_current, bufsiz_wanted;
+ int ret;
+ socklen_t len;
if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
__ipsec_set_strerror(strerror(errno));
@@ -1794,14 +1796,29 @@ pfkey_open(void)
* This is a temporary workaround for KAME PR 154.
* Don't really care even if it fails.
*/
- (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
- bufsiz = 256 * 1024;
- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
- bufsiz = 512 * 1024;
- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
- bufsiz = 1024 * 1024;
- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+ /* Try to have 128k. If we have more, do not lower it. */
+ bufsiz_wanted = 128 * 1024;
+ len = sizeof(bufsiz_current);
+ ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF,
+ &bufsiz_current, &len);
+ if ((ret < 0) || (bufsiz_current < bufsiz_wanted))
+ (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
+ &bufsiz_wanted, sizeof(bufsiz_wanted));
+
+ /* Try to have have at least 2MB. If we have more, do not lower it. */
+ bufsiz_wanted = 2 * 1024 * 1024;
+ len = sizeof(bufsiz_current);
+ ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
+ &bufsiz_current, &len);
+ if (ret < 0)
+ bufsiz_current = 128 * 1024;
+
+ for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) {
+ if (setsockopt(so, SOL_SOCKET, SO_RCVBUF,
+ &bufsiz_wanted, sizeof(bufsiz_wanted)) == 0)
+ break;
+ }
+
__ipsec_errcode = EIPSEC_NO_ERROR;
return so;
}
