From e57264d692dbee1f6b87a0930a9b461ad7727fae Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Wed, 20 Jul 2011 17:46:37 +0100 Subject: [PATCH] Mobile sites: Use different default tuning parameters Links involving mobile peers are best served by somewhat different tuning parameters. So make the defaults vary accordingly. Signed-off-by: Ian Jackson --- README | 21 +++++++++++++++------ site.c | 10 +++++++++- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/README b/README index 7e40edf..96114f0 100644 --- a/README +++ b/README @@ -281,16 +281,18 @@ site: dict argument transform (transform closure): how to mangle packets sent between sites dh (dh closure) hash (hash closure) - key-lifetime (integer): max lifetime of a session key, in ms [one hour] + key-lifetime (integer): max lifetime of a session key, in ms + [one hour; mobile: 2 days] setup-retries (integer): max number of times to transmit a key negotiation - packet [5] + packet [5; mobile: 30] setup-timeout (integer): time between retransmissions of key negotiation - packets, in ms [2000] + packets, in ms [2000; mobile: 1000] wait-time (integer): after failed key setup, wait this long (in ms) before - allowing another attempt [20000] + allowing another attempt [20000; mobile: 10000] renegotiate-time (integer): if we see traffic on the link after this time then renegotiate another session key immediately (in ms) - [half key-lifetime, or key-lifetime minus 5 mins, whichever is longer]. + [half key-lifetime, or key-lifetime minus 5 mins (mobile: 12 hours), + whichever is longer]. keepalive (bool): if True then attempt always to keep a valid session key. Not actually currently implemented. [false] log-events (string list): types of events to log for this site @@ -327,7 +329,14 @@ site: dict argument for us have "mobile True" (and if we find a site configuration for ourselves in the config, we insist on this). The effect is to check that there are no links both ends of which are allegedly - mobile (which is not supported, so those links are ignored). [false] + mobile (which is not supported, so those links are ignored) and + to change some of the tuning parameter defaults. [false] + +Links involving mobile peers have some different tuning parameter +default values, which are generally more aggressive about retrying key +setup but more relaxed about using old keys. These are noted with +"mobile:", above, and apply whether the mobile peer is local or +remote. ** transform diff --git a/site.c b/site.c index 8be5523..ed9e803 100644 --- a/site.c +++ b/site.c @@ -32,6 +32,13 @@ #define DEFAULT_SETUP_RETRIES 5 #define DEFAULT_SETUP_RETRY_INTERVAL (2*1000) /* [ms] */ #define DEFAULT_WAIT_TIME (20*1000) /* [ms] */ + +#define DEFAULT_MOBILE_KEY_LIFETIME (2*24*3600*1000) /* [ms] */ +#define DEFAULT_MOBILE_KEY_RENEGOTIATE_GAP (12*3600*1000) /* [ms] */ +#define DEFAULT_MOBILE_SETUP_RETRIES 30 +#define DEFAULT_MOBILE_SETUP_RETRY_INTERVAL (1*1000) /* [ms] */ +#define DEFAULT_MOBILE_WAIT_TIME (10*1000) /* [ms] */ + #define DEFAULT_MOBILE_PEER_EXPIRY (2*60) /* [s] */ #define DEFAULT_MOBILE_PEERS_MAX 3 /* send at most this many copies (default) */ @@ -1346,7 +1353,8 @@ static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context, st->dh=find_cl_if(dict,"dh",CL_DH,True,"site",loc); st->hash=find_cl_if(dict,"hash",CL_HASH,True,"site",loc); -#define DEFAULT(D) DEFAULT_##D +#define DEFAULT(D) (st->peer_mobile || local_mobile \ + ? DEFAULT_MOBILE_##D : DEFAULT_##D) #define CFG_NUMBER(k,D) dict_read_number(dict,(k),False,"site",loc,DEFAULT(D)); st->key_lifetime= CFG_NUMBER("key-lifetime", KEY_LIFETIME); -- 2.11.0