Raise an alert if an IKE_SA could not have been reauthenticated and expires
authorMartin Willi <martin@revosec.ch>
Wed, 13 Mar 2013 14:52:16 +0000 (15:52 +0100)
committerMartin Willi <martin@revosec.ch>
Thu, 14 Mar 2013 13:20:54 +0000 (14:20 +0100)
src/libcharon/bus/bus.h
src/libcharon/sa/ike_sa.c

index 4645bbd..67673d9 100644 (file)
@@ -130,6 +130,8 @@ enum alert_t {
        ALERT_VIP_FAILURE,
        /** an authorize() hook failed, no argument */
        ALERT_AUTHORIZATION_FAILED,
+       /** IKE_SA hit the hard lifetime limit before it could be rekeyed */
+       ALERT_IKE_SA_EXPIRED,
 };
 
 /**
index 45920d1..8c4dabd 100644 (file)
@@ -1445,6 +1445,10 @@ METHOD(ike_sa_t, delete_, status_t,
                        }
                        /* FALL */
                case IKE_ESTABLISHED:
+                       if (time_monotonic(NULL) >= this->stats[STAT_DELETE])
+                       {       /* IKE_SA hard lifetime hit */
+                               charon->bus->alert(charon->bus, ALERT_IKE_SA_EXPIRED);
+                       }
                        this->task_manager->queue_ike_delete(this->task_manager);
                        return this->task_manager->initiate(this->task_manager);
                case IKE_CREATED: