From b539e010b8c87d3fd5a26fa1406dbdee9314d600 Mon Sep 17 00:00:00 2001
From: Fabian Mauchle <fabian.mauchle@switch.ch>
Date: Tue, 16 May 2017 17:45:56 +0200
Subject: [PATCH] add config option for tcpKeepalive (client and server)

---
 radsecproxy.c | 2 ++
 radsecproxy.h | 1 +
 tcp.c         | 5 ++++-
 tls.c         | 7 +++++--
 4 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/radsecproxy.c b/radsecproxy.c
index fe76f7c..cf24d01 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2716,6 +2716,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
 #endif
 	    "DuplicateInterval", CONF_LINT, &dupinterval,
 	    "addTTL", CONF_LINT, &addttl,
+        "tcpKeepalive", CONF_BLN, &conf->keepalive,
 	    "rewrite", CONF_STR, &rewriteinalias,
 	    "rewriteIn", CONF_STR, &conf->confrewritein,
 	    "rewriteOut", CONF_STR, &conf->confrewriteout,
@@ -2899,6 +2900,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
 			  "CertificateNameCheck", CONF_BLN, &conf->certnamecheck,
 #endif
 			  "addTTL", CONF_LINT, &addttl,
+              "tcpKeepalive", CONF_BLN, &conf->keepalive,
 			  "rewrite", CONF_STR, &rewriteinalias,
 			  "rewriteIn", CONF_STR, &conf->confrewritein,
 			  "rewriteOut", CONF_STR, &conf->confrewriteout,
diff --git a/radsecproxy.h b/radsecproxy.h
index 244eb5c..bbee5b9 100644
--- a/radsecproxy.h
+++ b/radsecproxy.h
@@ -132,6 +132,7 @@ struct clsrvconf {
     uint8_t dupinterval;
     uint8_t certnamecheck;
     uint8_t addttl;
+    uint8_t keepalive;
     uint8_t loopprevention;
     struct rewrite *rewritein;
     struct rewrite *rewriteout;
diff --git a/tcp.c b/tcp.c
index 4e1883c..d52edff 100644
--- a/tcp.c
+++ b/tcp.c
@@ -119,7 +119,8 @@ int tcpconnect(struct server *server, struct timeval *when, int timeout, char *t
 	if (server->sock >= 0)
 	    close(server->sock);
 	if ((server->sock = connecttcphostlist(server->conf->hostports, srcres)) >= 0) {
-	    enable_keepalive(server->sock);
+        if (server->conf->keepalive)
+            enable_keepalive(server->sock);
 	    break;
 	}
     }
@@ -335,6 +336,8 @@ void *tcpservernew(void *arg) {
     if (conf) {
 	client = addclient(conf, 1);
 	if (client) {
+        if(conf->keepalive)
+            enable_keepalive(s);
 	    client->sock = s;
 	    client->addr = addr_copy((struct sockaddr *)&from);
 	    tcpserverrd(client);
diff --git a/tls.c b/tls.c
index 7b18232..2932b7b 100644
--- a/tls.c
+++ b/tls.c
@@ -130,7 +130,8 @@ int tlsconnect(struct server *server, struct timeval *when, int timeout, char *t
 	if ((server->sock = connecttcphostlist(server->conf->hostports, srcres)) < 0)
 	    continue;
 
-    enable_keepalive(server->sock);
+    if (server->conf->keepalive)
+        enable_keepalive(server->sock);
 
 	SSL_free(server->ssl);
 	server->ssl = NULL;
@@ -424,7 +425,7 @@ void *tlsservernew(void *arg) {
 	cert = verifytlscert(ssl);
 	if (!cert)
 	    goto exit;
-        accepted_tls = conf->tlsconf;
+    accepted_tls = conf->tlsconf;
     }
 
     while (conf) {
@@ -432,6 +433,8 @@ void *tlsservernew(void *arg) {
             X509_free(cert);
             client = addclient(conf, 1);
             if (client) {
+                if (conf->keepalive)
+                    enable_keepalive(s);
                 client->ssl = ssl;
                 client->addr = addr_copy((struct sockaddr *)&from);
                 tlsserverrd(client);