Version bump to 5.9.0
[strongswan.git] / src / libcharon / processing / jobs / rekey_ike_sa_job.c
1 /*
2 * Copyright (C) 2006 Martin Willi
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "rekey_ike_sa_job.h"
17
18 #include <daemon.h>
19
20 typedef struct private_rekey_ike_sa_job_t private_rekey_ike_sa_job_t;
21
22 /**
23 * Private data of an rekey_ike_sa_job_t object.
24 */
25 struct private_rekey_ike_sa_job_t {
26 /**
27 * Public rekey_ike_sa_job_t interface.
28 */
29 rekey_ike_sa_job_t public;
30
31 /**
32 * ID of the IKE_SA to rekey
33 */
34 ike_sa_id_t *ike_sa_id;
35
36 /**
37 * force reauthentication of the peer (full IKE_SA setup)
38 */
39 bool reauth;
40 };
41
42 METHOD(job_t, destroy, void,
43 private_rekey_ike_sa_job_t *this)
44 {
45 this->ike_sa_id->destroy(this->ike_sa_id);
46 free(this);
47 }
48
49 /**
50 * Check if we should delay a reauth, and by how many seconds
51 */
52 static uint32_t get_retry_delay(ike_sa_t *ike_sa)
53 {
54 enumerator_t *enumerator;
55 child_sa_t *child_sa;
56 uint32_t retry = 0;
57
58 /* avoid reauth collisions for certain IKE_SA/CHILD_SA states */
59 if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED)
60 {
61 retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
62 DBG1(DBG_IKE, "unable to reauthenticate in %N state, delaying for %us",
63 ike_sa_state_names, ike_sa->get_state(ike_sa), retry);
64 }
65 else
66 {
67 enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
68 while (enumerator->enumerate(enumerator, &child_sa))
69 {
70 if (child_sa->get_state(child_sa) != CHILD_INSTALLED &&
71 child_sa->get_state(child_sa) != CHILD_REKEYED)
72 {
73 retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
74 DBG1(DBG_IKE, "unable to reauthenticate in CHILD_SA %N state, "
75 "delaying for %us", child_sa_state_names,
76 child_sa->get_state(child_sa), retry);
77 break;
78 }
79 }
80 enumerator->destroy(enumerator);
81 }
82 return retry;
83 }
84
85 METHOD(job_t, execute, job_requeue_t,
86 private_rekey_ike_sa_job_t *this)
87 {
88 ike_sa_t *ike_sa;
89 status_t status = SUCCESS;
90 uint32_t retry = 0;
91
92 ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
93 this->ike_sa_id);
94 if (ike_sa == NULL)
95 {
96 DBG2(DBG_JOB, "IKE_SA to rekey not found");
97 }
98 else
99 {
100 if (this->reauth)
101 {
102 retry = get_retry_delay(ike_sa);
103 if (!retry)
104 {
105 status = ike_sa->reauth(ike_sa);
106 }
107 }
108 else
109 {
110 status = ike_sa->rekey(ike_sa);
111 }
112
113 if (status == DESTROY_ME)
114 {
115 charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
116 ike_sa);
117 }
118 else
119 {
120 charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
121 }
122 }
123 if (retry)
124 {
125 return JOB_RESCHEDULE(retry);
126 }
127 return JOB_REQUEUE_NONE;
128 }
129
130 METHOD(job_t, get_priority, job_priority_t,
131 private_rekey_ike_sa_job_t *this)
132 {
133 return JOB_PRIO_MEDIUM;
134 }
135
136 /*
137 * Described in header
138 */
139 rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth)
140 {
141 private_rekey_ike_sa_job_t *this;
142
143 INIT(this,
144 .public = {
145 .job_interface = {
146 .execute = _execute,
147 .get_priority = _get_priority,
148 .destroy = _destroy,
149 },
150 },
151 .ike_sa_id = ike_sa_id->clone(ike_sa_id),
152 .reauth = reauth,
153 );
154
155 return &(this->public);
156 }