#include <hydra.h>
#include <daemon.h>
#include <processing/jobs/acquire_job.h>
+#include <processing/jobs/rekey_child_sa_job.h>
+#include <processing/jobs/delete_child_sa_job.h>
typedef struct private_kernel_handler_t private_kernel_handler_t;
return TRUE;
}
+METHOD(kernel_listener_t, expire, bool,
+ private_kernel_handler_t *this, u_int32_t reqid, protocol_id_t protocol,
+ u_int32_t spi, bool hard)
+{
+ job_t *job;
+ DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x "
+ "and reqid {%u}", hard ? "delete" : "rekey",
+ protocol_id_names, protocol, ntohl(spi), reqid);
+ if (hard)
+ {
+ job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi);
+ }
+ else
+ {
+ job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi);
+ }
+ hydra->processor->queue_job(hydra->processor, job);
+ return TRUE;
+}
+
METHOD(kernel_handler_t, destroy, void,
private_kernel_handler_t *this)
{
.public = {
.listener = {
.acquire = _acquire,
+ .expire = _expire,
},
.destroy = _destroy,
},
#include <threading/thread.h>
#include <threading/mutex.h>
#include <processing/jobs/callback_job.h>
-#include <processing/jobs/rekey_child_sa_job.h>
-#include <processing/jobs/delete_child_sa_job.h>
#include <processing/jobs/update_sa_job.h>
/** default timeout for generated SPIs (in seconds) */
process_acquire(this, msg);
break;
case SADB_EXPIRE:
- /* SADB_EXPIRE events in KLIPS are only triggered by traffic (even for
- * the time based limits). So if there is no traffic for a longer
- * period than configured as hard limit, we wouldn't be able to rekey
- * the SA and just receive the hard expire and thus delete the SA.
- * To avoid this behavior and to make charon behave as with the other
- * kernel plugins, we implement the expiration of SAs ourselves. */
+ /* SADB_EXPIRE events in KLIPS are only triggered by traffic (even
+ * for the time based limits). So if there is no traffic for a
+ * longer period than configured as hard limit, we wouldn't be able
+ * to rekey the SA and just receive the hard expire and thus delete
+ * the SA.
+ * To avoid this behavior and to make charon behave as with the
+ * other kernel plugins, we implement the expiration of SAs
+ * ourselves. */
break;
case SADB_X_NAT_T_NEW_MAPPING:
process_mapping(this, msg);
bool hard = expire->type != EXPIRE_TYPE_SOFT;
sa_entry_t *cached_sa;
linked_list_t *list;
- job_t *job;
/* for an expired SPI we first check whether the CHILD_SA got installed
* in the meantime, for expired SAs we check whether they are still installed */
DBG2(DBG_KNL, "%N CHILD_SA with SPI %.8x and reqid {%d} expired",
protocol_id_names, protocol, ntohl(spi), reqid);
- DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}",
- hard ? "delete" : "rekey", protocol_id_names,
- protocol, ntohl(spi), reqid);
- if (hard)
- {
- job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi);
- }
- else
- {
- job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi);
- }
- hydra->processor->queue_job(hydra->processor, job);
+ charon->kernel_interface->expire(charon->kernel_interface, reqid, protocol,
+ spi, hard);
return JOB_REQUEUE_NONE;
}
#include <utils/hashtable.h>
#include <processing/jobs/callback_job.h>
#include <processing/jobs/migrate_job.h>
-#include <processing/jobs/rekey_child_sa_job.h>
-#include <processing/jobs/delete_child_sa_job.h>
#include <processing/jobs/update_sa_job.h>
/** required for Linux 2.6.26 kernel and later */
*/
static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr *hdr)
{
- job_t *job;
protocol_id_t protocol;
u_int32_t spi, reqid;
struct xfrm_user_expire *expire;
if (protocol != PROTO_ESP && protocol != PROTO_AH)
{
- DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and reqid {%u} "
- "which is not a CHILD_SA", ntohl(spi), reqid);
+ DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and "
+ "reqid {%u} which is not a CHILD_SA", ntohl(spi), reqid);
return;
}
- DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}",
- expire->hard ? "delete" : "rekey", protocol_id_names,
- protocol, ntohl(spi), reqid);
- if (expire->hard)
- {
- job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi);
- }
- else
- {
- job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi);
- }
- hydra->processor->queue_job(hydra->processor, job);
+ charon->kernel_interface->expire(charon->kernel_interface, reqid, protocol,
+ spi, expire->hard != 0);
}
/**
#include <threading/mutex.h>
#include <processing/jobs/callback_job.h>
#include <processing/jobs/migrate_job.h>
-#include <processing/jobs/rekey_child_sa_job.h>
-#include <processing/jobs/delete_child_sa_job.h>
#include <processing/jobs/update_sa_job.h>
/** non linux specific */
protocol_id_t protocol;
u_int32_t spi, reqid;
bool hard;
- job_t *job;
DBG2(DBG_KNL, "received an SADB_EXPIRE");
return;
}
- DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%u}",
- hard ? "delete" : "rekey", protocol_id_names,
- protocol, ntohl(spi), reqid);
- if (hard)
- {
- job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi);
- }
- else
- {
- job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi);
- }
- hydra->processor->queue_job(hydra->processor, job);
+ charon->kernel_interface->expire(charon->kernel_interface, reqid, protocol,
+ spi, hard);
}
#ifdef SADB_X_MIGRATE