strongswan: support child rekey by bytes and packets 18518/head
authorJoel Low <joel@joelsplace.sg>
Tue, 26 Apr 2022 10:59:17 +0000 (18:59 +0800)
committerJoel Low <joel@joelsplace.sg>
Wed, 11 May 2022 23:09:16 +0000 (07:09 +0800)
This adds support for the child SA to be rekeyed through the byte/packet
threshold. The default is blank (which disables the byte/packet thresholds).

Signed-off-by: Joel Low <joel@joelsplace.sg>
(cherry picked from commit 5c8af06c94330a895f9df5ccc47fdfe29a1838ed)

net/strongswan/files/swanctl.init

index 2156e073090ea4c0f63d98fb9c613650c6000f1a..14b56e838c1708729fa396eca77411fd1cf36881 100644 (file)
@@ -233,6 +233,10 @@ config_child() {
        local startaction
        local if_id
        local rekeytime
+       local rekeybytes
+       local lifebytes
+       local rekeypackets
+       local lifepackets
 
        config_get startaction "$1" startaction "route"
        config_get local_nat "$1" local_nat ""
@@ -247,6 +251,10 @@ config_child() {
        config_get interface "$1" interface ""
        config_get hw_offload "$1" hw_offload ""
        config_get priority "$1" priority ""
+       config_get rekeybytes "$1" rekeybytes ""
+       config_get lifebytes "$1" lifebytes ""
+       config_get rekeypackets "$1" rekeypackets ""
+       config_get lifepackets "$1" lifepackets ""
 
        config_list_foreach "$1" local_subnet append_var local_subnet ","
        config_list_foreach "$1" remote_subnet append_var remote_subnet ","
@@ -339,6 +347,18 @@ config_child() {
                swanctl_xappend4 "life_time = $(seconds2time $(((110 * $(time2seconds $rekeytime)) / 100)))"
        fi
        [ -n "$rekeytime" ] && swanctl_xappend4 "rekey_time = $rekeytime"
+       if [ -n "$lifebytes" ]; then
+               swanctl_xappend4 "life_bytes = $lifebytes"
+       elif [ -n "$rekeybytes" ]; then
+               swanctl_xappend4 "life_bytes = $(((110 * rekeybytes) / 100))"
+       fi
+       [ -n "$rekeybytes" ] && swanctl_xappend4 "rekey_bytes = $rekeybytes"
+       if [ -n "$lifepackets" ]; then
+               swanctl_xappend4 "life_packets = $lifepackets"
+       elif [ -n "$rekeypackets" ]; then
+               swanctl_xappend4 "life_packets = $(((110 * rekeypackets) / 100))"
+       fi
+       [ -n "$rekeypackets" ] && swanctl_xappend4 "rekey_packets = $rekeypackets"
        [ -n "$inactivity" ] && swanctl_xappend4 "inactivity = $inactivity"
 
        [ -n "$updown" ] && swanctl_xappend4 "updown = $updown"