From 1646a22ddba9215f370af1474f98b079b916606a Mon Sep 17 00:00:00 2001 From: Joel Low Date: Tue, 26 Apr 2022 18:59:17 +0800 Subject: [PATCH] strongswan: support child rekey by bytes and packets This adds support for the child SA to be rekeyed through the byte/packet threshold. The default is blank (which disables the byte/packet thresholds). Signed-off-by: Joel Low (cherry picked from commit 5c8af06c94330a895f9df5ccc47fdfe29a1838ed) --- net/strongswan/files/swanctl.init | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/net/strongswan/files/swanctl.init b/net/strongswan/files/swanctl.init index 2156e07309..14b56e838c 100644 --- a/net/strongswan/files/swanctl.init +++ b/net/strongswan/files/swanctl.init @@ -233,6 +233,10 @@ config_child() { local startaction local if_id local rekeytime + local rekeybytes + local lifebytes + local rekeypackets + local lifepackets config_get startaction "$1" startaction "route" config_get local_nat "$1" local_nat "" @@ -247,6 +251,10 @@ config_child() { config_get interface "$1" interface "" config_get hw_offload "$1" hw_offload "" config_get priority "$1" priority "" + config_get rekeybytes "$1" rekeybytes "" + config_get lifebytes "$1" lifebytes "" + config_get rekeypackets "$1" rekeypackets "" + config_get lifepackets "$1" lifepackets "" config_list_foreach "$1" local_subnet append_var local_subnet "," config_list_foreach "$1" remote_subnet append_var remote_subnet "," @@ -339,6 +347,18 @@ config_child() { swanctl_xappend4 "life_time = $(seconds2time $(((110 * $(time2seconds $rekeytime)) / 100)))" fi [ -n "$rekeytime" ] && swanctl_xappend4 "rekey_time = $rekeytime" + if [ -n "$lifebytes" ]; then + swanctl_xappend4 "life_bytes = $lifebytes" + elif [ -n "$rekeybytes" ]; then + swanctl_xappend4 "life_bytes = $(((110 * rekeybytes) / 100))" + fi + [ -n "$rekeybytes" ] && swanctl_xappend4 "rekey_bytes = $rekeybytes" + if [ -n "$lifepackets" ]; then + swanctl_xappend4 "life_packets = $lifepackets" + elif [ -n "$rekeypackets" ]; then + swanctl_xappend4 "life_packets = $(((110 * rekeypackets) / 100))" + fi + [ -n "$rekeypackets" ] && swanctl_xappend4 "rekey_packets = $rekeypackets" [ -n "$inactivity" ] && swanctl_xappend4 "inactivity = $inactivity" [ -n "$updown" ] && swanctl_xappend4 "updown = $updown" -- 2.30.2