Re: iked(8): add support for IKEv2 Message Fragmentation

Wed, 27 Feb 2019 22:07:59 -0800 

On Wed, Feb 27, 2019 at 01:01:37PM +0000, Stuart Henderson wrote:
> A couple of nits - manpage part is missing, I propose this:
> 
> Index: iked.conf.5
> ===================================================================
> RCS file: /cvs/src/sbin/iked/iked.conf.5,v
> retrieving revision 1.53
> diff -u -p -r1.53 iked.conf.5
> --- iked.conf.5       31 Jan 2018 13:25:55 -0000      1.53
> +++ iked.conf.5       27 Feb 2019 12:45:46 -0000
> @@ -136,6 +136,12 @@ This is the default.
>  .It Ic set decouple
>  Don't load the negotiated SAs and flows from the kernel.
>  This mode is only useful for testing and debugging.
> +.It Ic set fragmentation
> +Enable IKEv2 Message Fragmentation (RFC 7383) support.
> +This allows IKEv2 to operate in environments that might block IP fragments.
> +.It Ic set nofragmentation
> +Disables IKEv2 Message Fragmentation support.
> +This is the default.
>  .It Ic set mobike
>  Enable MOBIKE (RFC 4555) support.
>  This is the default.

+1, nothing more to say here.

> There are some over-long lines - it's not fair to require <=80 for
> everything in this diff when big parts of iked already exceed this,
> but some of the longer ones need reining in e.g.
> 
> > Index: sbin/iked/iked.h
> ..
>    
> |------------------------------------------------------------------------------|
> > +#define IKED_FRAG_TOTAL_MAX        111                     /* upper limit 
> > of frag_total (64kB / 576B) */
> ...#define IKED_FRAG_TOTAL_MAX        111     /* upper limit of frag_total 
> (64kB / 576B) */
> 
> >  struct iked_message *
> >      ikev2_msg_lookup(struct iked *, struct iked_msgqueue *,
> >         struct iked_message *, struct ike_header *);
> > +void        ikev2_msg_lookup_dispose_all(struct iked *env, struct 
> > iked_msgqueue *queue,
> > +       struct iked_message *msg, struct ike_header *hdr);
> > +int         ikev2_msg_lookup_retransmit_all(struct iked *env, struct 
> > iked_msgqueue *queue,
> > +       struct iked_message *msg, struct ike_header *hdr, struct iked_sa 
> > *sa);
> ...(split onto another line)
> 
> > Index: sbin/iked/ikev2.c
> ..
> > -           if ((m = ikev2_msg_lookup(env, &sa->sa_responses, msg, hdr))) {
> > -                   if (ikev2_msg_retransmit_response(env, sa, m)) {
> > +           if ((r = ikev2_msg_lookup_retransmit_all(env, 
> > &sa->sa_responses, msg, hdr, sa)) != 0) {
> > +                   if (r == -1) {
> ...(and here)
> 
> I've done that in my tree.

Nice reminder to copy my vimrc to the machine next time, thx.

> Ha, nice :)

You're welcome ;)

Reply via email to