|
Lines 55-60
Link Here
|
| 55 |
#include <sys/malloc.h> |
55 |
#include <sys/malloc.h> |
| 56 |
#include <sys/endian.h> |
56 |
#include <sys/endian.h> |
| 57 |
#include <sys/errno.h> |
57 |
#include <sys/errno.h> |
|
|
58 |
#include <sys/sysctl.h> |
| 58 |
#include <sys/syslog.h> |
59 |
#include <sys/syslog.h> |
| 59 |
|
60 |
|
| 60 |
#include <netgraph/ng_message.h> |
61 |
#include <netgraph/ng_message.h> |
|
Lines 107-112
Link Here
|
| 107 |
*/ |
108 |
*/ |
| 108 |
#define MPPE_MAX_REKEY 1000 |
109 |
#define MPPE_MAX_REKEY 1000 |
| 109 |
|
110 |
|
|
|
111 |
SYSCTL_NODE(_net_graph, OID_AUTO, mppe, CTLFLAG_RW, 0, "MPPE"); |
| 112 |
|
| 113 |
static int mppe_block_on_max_rekey = 0; |
| 114 |
TUNABLE_INT("net.graph.mppe.block_on_max_rekey", &mppe_block_on_max_rekey); |
| 115 |
SYSCTL_INT(_net_graph_mppe, OID_AUTO, block_on_max_rekey, CTLFLAG_RW, |
| 116 |
&mppe_block_on_max_rekey, 0, "Block node on max MPPE key re-calculations"); |
| 117 |
|
| 118 |
static int mppe_log_max_rekey = 1; |
| 119 |
TUNABLE_INT("net.graph.mppe.log_max_rekey", &mppe_log_max_rekey); |
| 120 |
SYSCTL_INT(_net_graph_mppe, OID_AUTO, log_max_rekey, CTLFLAG_RW, |
| 121 |
&mppe_log_max_rekey, 0, "Log max MPPE key re-calculations event"); |
| 122 |
|
| 123 |
static int mppe_max_rekey = MPPE_MAX_REKEY; |
| 124 |
TUNABLE_INT("net.graph.mppe.max_rekey", &mppe_max_rekey); |
| 125 |
SYSCTL_INT(_net_graph_mppe, OID_AUTO, max_rekey, CTLFLAG_RW, |
| 126 |
&mppe_max_rekey, 0, "Maximum number of MPPE key re-calculations"); |
| 127 |
|
| 110 |
/* MPPC packet header bits */ |
128 |
/* MPPC packet header bits */ |
| 111 |
#define MPPC_FLAG_FLUSHED 0x8000 /* xmitter reset state */ |
129 |
#define MPPC_FLAG_FLUSHED 0x8000 /* xmitter reset state */ |
| 112 |
#define MPPC_FLAG_RESTART 0x4000 /* compress history restart */ |
130 |
#define MPPC_FLAG_RESTART 0x4000 /* compress history restart */ |
|
Lines 651-662
Link Here
|
| 651 |
/* How many times are we going to have to re-key? */ |
669 |
/* How many times are we going to have to re-key? */ |
| 652 |
rekey = ((d->cfg.bits & MPPE_STATELESS) != 0) ? |
670 |
rekey = ((d->cfg.bits & MPPE_STATELESS) != 0) ? |
| 653 |
numLost : (numLost / (MPPE_UPDATE_MASK + 1)); |
671 |
numLost : (numLost / (MPPE_UPDATE_MASK + 1)); |
| 654 |
if (rekey > MPPE_MAX_REKEY) { |
672 |
if (rekey > mppe_max_rekey) { |
| 655 |
log(LOG_ERR, "%s: too many (%d) packets" |
673 |
if (mppe_block_on_max_rekey) { |
| 656 |
" dropped, disabling node %p!", |
674 |
if (mppe_log_max_rekey) { |
| 657 |
__func__, numLost, node); |
675 |
log(LOG_ERR, "%s: too many (%d) packets" |
|
|
676 |
" dropped, disabling node %p!\n", |
| 677 |
__func__, numLost, node); |
| 678 |
} |
| 658 |
priv->recv.cfg.enable = 0; |
679 |
priv->recv.cfg.enable = 0; |
| 659 |
goto failed; |
680 |
goto failed; |
|
|
681 |
} else { |
| 682 |
if (mppe_log_max_rekey) { |
| 683 |
log(LOG_ERR, "%s: %d packets" |
| 684 |
" dropped, node %p\n", |
| 685 |
__func__, numLost, node); |
| 686 |
} |
| 687 |
goto failed; |
| 688 |
} |
| 660 |
} |
689 |
} |
| 661 |
|
690 |
|
| 662 |
/* Re-key as necessary to catch up to peer */ |
691 |
/* Re-key as necessary to catch up to peer */ |