bool use_ipcomp;
/**
+ * Inactivity timeout
+ */
+ u_int32_t inactivity;
+
+ /**
* set up IPsec transport SA in MIPv6 proxy mode
*/
bool proxy_mode;
}
/**
+ * Implementation of child_cfg_t.get_inactivity.
+ */
+static u_int32_t get_inactivity(private_child_cfg_t *this)
+{
+ return this->inactivity;
+}
+
+/**
* Implementation of child_cfg_t.set_mipv6_options.
*/
static void set_mipv6_options(private_child_cfg_t *this, bool proxy_mode,
child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
char *updown, bool hostaccess,
ipsec_mode_t mode, action_t dpd_action,
- action_t close_action, bool ipcomp)
+ action_t close_action, bool ipcomp,
+ u_int32_t inactivity)
{
private_child_cfg_t *this = malloc_thing(private_child_cfg_t);
this->public.get_dh_group = (diffie_hellman_group_t(*)(child_cfg_t*)) get_dh_group;
this->public.set_mipv6_options = (void (*) (child_cfg_t*,bool,bool))set_mipv6_options;
this->public.use_ipcomp = (bool (*) (child_cfg_t *))use_ipcomp;
+ this->public.get_inactivity = (u_int32_t (*) (child_cfg_t *))get_inactivity;
this->public.use_proxy_mode = (bool (*) (child_cfg_t *))use_proxy_mode;
this->public.install_policy = (bool (*) (child_cfg_t *))install_policy;
this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref;
this->dpd_action = dpd_action;
this->close_action = close_action;
this->use_ipcomp = ipcomp;
+ this->inactivity = inactivity;
this->proxy_mode = FALSE;
this->install_policy = TRUE;
this->refcount = 1;
bool (*use_ipcomp)(child_cfg_t *this);
/**
+ * Get the inactivity timeout value.
+ *
+ * @return inactivity timeout in s
+ */
+ u_int32_t (*get_inactivity)(child_cfg_t *this);
+
+ /**
* Sets two options needed for Mobile IPv6 interoperability
*
* @param proxy_mode use IPsec transport proxy mode (default FALSE)
* @param dpd_action DPD action
* @param close_action close action
* @param ipcomp use IPComp, if peer supports it
+ * @param inactivity inactivity timeout in s before closing a CHILD_SA
* @return child_cfg_t object
*/
child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
char *updown, bool hostaccess,
ipsec_mode_t mode, action_t dpd_action,
- action_t close_action, bool ipcomp);
+ action_t close_action, bool ipcomp,
+ u_int32_t inactivity);
#endif /** CHILD_CFG_H_ @}*/
}
child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE,
- MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
+ MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE, 0);
proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
child_cfg->add_proposal(child_cfg, proposal);
ts = traffic_selector_create_dynamic(0, 0, 65535);
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE,
- MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
+ MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE, 0);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
this->current->add_auth_cfg(this->current, auth, FALSE);
child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
- ACTION_NONE, ACTION_NONE, FALSE);
+ ACTION_NONE, ACTION_NONE, FALSE, 0);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
child_cfg = child_cfg_create(priv->name, &lifetime,
NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
- ACTION_NONE, ACTION_NONE, ipcomp);
+ ACTION_NONE, ACTION_NONE, ipcomp, 0);
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
ts = traffic_selector_create_dynamic(0, 0, 65535);
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
.time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter }
};
child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode,
- dpd, close, ipcomp);
+ dpd, close, ipcomp, 0);
/* TODO: read proposal from db */
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
add_traffic_selectors(this, child_cfg, id);
child_cfg = child_cfg_create(
msg->add_conn.name, &lifetime,
msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
- msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp);
+ msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp, 0);
child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
msg->add_conn.install_policy);
add_ts(this, &msg->add_conn.me, child_cfg, TRUE);
this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL,
- ACTION_NONE, ACTION_NONE, FALSE);
+ ACTION_NONE, ACTION_NONE, FALSE, 0);
child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
/**
* Schedule inactivity timeout for CHILD_SA with reqid, if enabled
*/
-static void schedule_inactivity_timeout(u_int32_t reqid)
+static void schedule_inactivity_timeout(private_child_create_t *this)
{
- time_t timeout;
+ u_int32_t timeout;
bool close_ike;
- timeout = lib->settings->get_time(lib->settings,
- "charon.inactivity_timeout", 0);
+ timeout = this->config->get_inactivity(this->config);
if (timeout)
{
close_ike = lib->settings->get_bool(lib->settings,
"charon.inactivity_close_ike", FALSE);
- charon->scheduler->schedule_job(charon->scheduler,
- (job_t*)inactivity_job_create(reqid, timeout, close_ike), timeout);
+ charon->scheduler->schedule_job(charon->scheduler, (job_t*)
+ inactivity_job_create(this->child_sa->get_reqid(this->child_sa),
+ timeout, close_ike), timeout);
}
}
if (!this->rekey)
{ /* a rekeyed SA uses the same reqid, no need for a new job */
- schedule_inactivity_timeout(this->child_sa->get_reqid(this->child_sa));
+ schedule_inactivity_timeout(this);
}
return SUCCESS;
}