kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqid
authorMartin Willi <martin@revosec.ch>
Mon, 27 Oct 2014 14:07:05 +0000 (15:07 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 20 Feb 2015 12:34:50 +0000 (13:34 +0100)
20 files changed:
src/conftest/actions.c
src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c
src/libcharon/kernel/kernel_handler.c
src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
src/libcharon/plugins/stroke/stroke_control.c
src/libcharon/processing/jobs/delete_child_sa_job.c
src/libcharon/processing/jobs/delete_child_sa_job.h
src/libcharon/processing/jobs/rekey_child_sa_job.c
src/libcharon/processing/jobs/rekey_child_sa_job.h
src/libcharon/sa/ikev2/tasks/child_rekey.c
src/libhydra/kernel/kernel_interface.c
src/libhydra/kernel/kernel_interface.h
src/libhydra/kernel/kernel_listener.h
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
src/libipsec/ipsec_event_listener.h
src/libipsec/ipsec_event_relay.c
src/libipsec/ipsec_event_relay.h
src/libipsec/ipsec_sa.c

index 3f937b1..474672c 100644 (file)
@@ -117,19 +117,20 @@ static job_requeue_t rekey_child(char *config)
        enumerator_t *enumerator, *children;
        ike_sa_t *ike_sa;
        child_sa_t *child_sa;
-       u_int32_t reqid = 0, spi = 0;
-       protocol_id_t proto = PROTO_ESP;
+       u_int32_t spi, proto;
+       host_t *dst = NULL;
 
        enumerator = charon->controller->create_ike_sa_enumerator(
                                                                                                        charon->controller, TRUE);
        while (enumerator->enumerate(enumerator, &ike_sa))
        {
                children = ike_sa->create_child_sa_enumerator(ike_sa);
-               while (children->enumerate(children, (void**)&child_sa))
+               while (children->enumerate(children, &child_sa))
                {
                        if (streq(config, child_sa->get_name(child_sa)))
                        {
-                               reqid = child_sa->get_reqid(child_sa);
+                               dst = ike_sa->get_my_host(ike_sa);
+                               dst = dst->clone(dst);
                                proto = child_sa->get_protocol(child_sa);
                                spi = child_sa->get_spi(child_sa, TRUE);
                                break;
@@ -138,11 +139,12 @@ static job_requeue_t rekey_child(char *config)
                children->destroy(children);
        }
        enumerator->destroy(enumerator);
-       if (reqid)
+       if (dst)
        {
                DBG1(DBG_CFG, "starting rekey of CHILD_SA '%s'", config);
                lib->processor->queue_job(lib->processor,
-                                               (job_t*)rekey_child_sa_job_create(reqid, proto, spi));
+                                               (job_t*)rekey_child_sa_job_create(proto, spi, dst));
+               dst->destroy(dst);
        }
        else
        {
index 6516607..a0aefaa 100644 (file)
@@ -40,10 +40,10 @@ struct private_kernel_android_ipsec_t {
 /**
  * Callback registrered with libipsec.
  */
-void expire(u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard)
+static void expire(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard)
 {
-       hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol,
-                                                                       spi, hard);
+       hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
+                                                                       spi, dst, hard);
 }
 
 METHOD(kernel_ipsec_t, get_spi, status_t,
index 059124e..a6656e7 100644 (file)
@@ -72,23 +72,23 @@ METHOD(kernel_listener_t, acquire, bool,
 }
 
 METHOD(kernel_listener_t, expire, bool,
-       private_kernel_handler_t *this, u_int32_t reqid, u_int8_t protocol,
-       u_int32_t spi, bool hard)
+       private_kernel_handler_t *this, u_int8_t protocol, u_int32_t spi,
+       host_t *dst, bool hard)
 {
        protocol_id_t proto = proto_ip2ike(protocol);
 
-       DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%u}",
-                hard ? "delete" : "rekey", protocol_id_names, proto, ntohl(spi), reqid);
+       DBG1(DBG_KNL, "creating %s job for CHILD_SA %N/0x%08x/%H",
+                hard ? "delete" : "rekey", protocol_id_names, proto, ntohl(spi), dst);
 
        if (hard)
        {
                lib->processor->queue_job(lib->processor,
-                               (job_t*)delete_child_sa_job_create(reqid, proto, spi, hard));
+                               (job_t*)delete_child_sa_job_create(proto, spi, dst, hard));
        }
        else
        {
                lib->processor->queue_job(lib->processor,
-                               (job_t*)rekey_child_sa_job_create(reqid, proto, spi));
+                               (job_t*)rekey_child_sa_job_create(proto, spi, dst));
        }
        return TRUE;
 }
index 362b327..e6c5d6a 100644 (file)
@@ -222,10 +222,10 @@ static inline bool policy_entry_equals(policy_entry_t *a,
 /**
  * Expiration callback
  */
-static void expire(u_int32_t reqid, u_int8_t protocol, u_int32_t spi, bool hard)
+static void expire(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard)
 {
-       hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol,
-                                                                       spi, hard);
+       hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
+                                                                       spi, dst, hard);
 }
 
 METHOD(kernel_ipsec_t, get_features, kernel_feature_t,
index 9fd6541..86db9e6 100644 (file)
@@ -2032,9 +2032,8 @@ static void expire_data_destroy(expire_data_t *data)
 static job_requeue_t expire_job(expire_data_t *data)
 {
        private_kernel_wfp_ipsec_t *this = data->this;
-       u_int32_t reqid = 0;
        u_int8_t protocol;
-       entry_t *entry;
+       entry_t *entry = NULL;
        sa_entry_t key = {
                .spi = data->spi,
                .dst = data->dst,
@@ -2048,7 +2047,6 @@ static job_requeue_t expire_job(expire_data_t *data)
                if (entry)
                {
                        protocol = entry->isa.protocol;
-                       reqid = entry->reqid;
                        if (entry->osa.dst)
                        {
                                key.dst = entry->osa.dst;
@@ -2065,15 +2063,14 @@ static job_requeue_t expire_job(expire_data_t *data)
                if (entry)
                {
                        protocol = entry->isa.protocol;
-                       reqid = entry->reqid;
                }
                this->mutex->unlock(this->mutex);
        }
 
-       if (reqid)
+       if (entry)
        {
-               hydra->kernel_interface->expire(hydra->kernel_interface,
-                                                                               reqid, protocol, data->spi, data->hard);
+               hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
+                                                                               data->spi, data->dst, data->hard);
        }
 
        return JOB_REQUEUE_NONE;
index 99d07f5..0084fbf 100644 (file)
@@ -432,13 +432,13 @@ METHOD(stroke_control_t, rekey, void,
                        while (children->enumerate(children, (void**)&child_sa))
                        {
                                if ((name && streq(name, child_sa->get_name(child_sa))) ||
-                                       (id && id == child_sa->get_reqid(child_sa)))
+                                       (id && id == child_sa->get_unique_id(child_sa)))
                                {
                                        lib->processor->queue_job(lib->processor,
                                                (job_t*)rekey_child_sa_job_create(
-                                                               child_sa->get_reqid(child_sa),
                                                                child_sa->get_protocol(child_sa),
-                                                               child_sa->get_spi(child_sa, TRUE)));
+                                                               child_sa->get_spi(child_sa, TRUE),
+                                                               ike_sa->get_my_host(ike_sa)));
                                        if (!all)
                                        {
                                                finished = TRUE;
index 9afbac0..0d85883 100644 (file)
@@ -31,11 +31,6 @@ struct private_delete_child_sa_job_t {
        delete_child_sa_job_t public;
 
        /**
-        * reqid of the CHILD_SA
-        */
-       u_int32_t reqid;
-
-       /**
         * protocol of the CHILD_SA (ESP/AH)
         */
        protocol_id_t protocol;
@@ -46,6 +41,11 @@ struct private_delete_child_sa_job_t {
        u_int32_t spi;
 
        /**
+        * SA destination address
+        */
+       host_t *dst;
+
+       /**
         * Delete for an expired CHILD_SA
         */
        bool expired;
@@ -54,6 +54,7 @@ struct private_delete_child_sa_job_t {
 METHOD(job_t, destroy, void,
        private_delete_child_sa_job_t *this)
 {
+       this->dst->destroy(this->dst);
        free(this);
 }
 
@@ -62,12 +63,12 @@ METHOD(job_t, execute, job_requeue_t,
 {
        ike_sa_t *ike_sa;
 
-       ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
-                                                                                                       this->reqid, TRUE);
+       ike_sa = charon->child_sa_manager->checkout(charon->child_sa_manager,
+                                                                       this->protocol, this->spi, this->dst, NULL);
        if (ike_sa == NULL)
        {
-               DBG1(DBG_JOB, "CHILD_SA with reqid %d not found for delete",
-                        this->reqid);
+               DBG1(DBG_JOB, "CHILD_SA %N/0x%08x/%H not found for delete",
+                        protocol_id_names, this->protocol, htonl(this->spi), this->dst);
        }
        else
        {
@@ -87,8 +88,8 @@ METHOD(job_t, get_priority, job_priority_t,
 /*
  * Described in header
  */
-delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid,
-                                                       protocol_id_t protocol, u_int32_t spi, bool expired)
+delete_child_sa_job_t *delete_child_sa_job_create(protocol_id_t protocol,
+                                                                       u_int32_t spi, host_t *dst, bool expired)
 {
        private_delete_child_sa_job_t *this;
 
@@ -100,12 +101,11 @@ delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid,
                                .destroy = _destroy,
                        },
                },
-               .reqid = reqid,
                .protocol = protocol,
                .spi = spi,
+               .dst = dst->clone(dst),
                .expired = expired,
        );
 
        return &this->public;
 }
-
index be6d578..6fa5364 100644 (file)
@@ -44,16 +44,13 @@ struct delete_child_sa_job_t {
 /**
  * Creates a job of type DELETE_CHILD_SA.
  *
- * The CHILD_SA is identified by its reqid, protocol (AH/ESP) and its
- * inbound SPI.
- *
- * @param reqid                reqid of the CHILD_SA, as used in kernel
  * @param protocol     protocol of the CHILD_SA
  * @param spi          security parameter index of the CHILD_SA
+ * @param dst          SA destination address
  * @param expired      TRUE if CHILD_SA already expired
  * @return                     delete_child_sa_job_t object
  */
-delete_child_sa_job_t *delete_child_sa_job_create(u_int32_t reqid,
-                                                       protocol_id_t protocol, u_int32_t spi, bool expired);
+delete_child_sa_job_t *delete_child_sa_job_create(protocol_id_t protocol,
+                                                                       u_int32_t spi, host_t *dst, bool expired);
 
 #endif /** DELETE_CHILD_SA_JOB_H_ @}*/
index 1bf8dc0..8f17d39 100644 (file)
@@ -24,17 +24,13 @@ typedef struct private_rekey_child_sa_job_t private_rekey_child_sa_job_t;
  * Private data of an rekey_child_sa_job_t object.
  */
 struct private_rekey_child_sa_job_t {
+
        /**
         * Public rekey_child_sa_job_t interface.
         */
        rekey_child_sa_job_t public;
 
        /**
-        * reqid of the child to rekey
-        */
-       u_int32_t reqid;
-
-       /**
         * protocol of the CHILD_SA (ESP/AH)
         */
        protocol_id_t protocol;
@@ -43,11 +39,17 @@ struct private_rekey_child_sa_job_t {
         * inbound SPI of the CHILD_SA
         */
        u_int32_t spi;
+
+       /**
+        * SA destination address
+        */
+       host_t *dst;
 };
 
 METHOD(job_t, destroy, void,
        private_rekey_child_sa_job_t *this)
 {
+       this->dst->destroy(this->dst);
        free(this);
 }
 
@@ -56,12 +58,12 @@ METHOD(job_t, execute, job_requeue_t,
 {
        ike_sa_t *ike_sa;
 
-       ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager,
-                                                                                                       this->reqid, TRUE);
+       ike_sa = charon->child_sa_manager->checkout(charon->child_sa_manager,
+                                                                       this->protocol, this->spi, this->dst, NULL);
        if (ike_sa == NULL)
        {
-               DBG2(DBG_JOB, "CHILD_SA with reqid %d not found for rekeying",
-                        this->reqid);
+               DBG1(DBG_JOB, "CHILD_SA %N/0x%08x/%H not found for rekey",
+                        protocol_id_names, this->protocol, htonl(this->spi), this->dst);
        }
        else
        {
@@ -80,9 +82,8 @@ METHOD(job_t, get_priority, job_priority_t,
 /*
  * Described in header
  */
-rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid,
-                                                                                               protocol_id_t protocol,
-                                                                                               u_int32_t spi)
+rekey_child_sa_job_t *rekey_child_sa_job_create(protocol_id_t protocol,
+                                                                                               u_int32_t spi, host_t *dst)
 {
        private_rekey_child_sa_job_t *this;
 
@@ -94,9 +95,9 @@ rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid,
                                .destroy = _destroy,
                        },
                },
-               .reqid = reqid,
                .protocol = protocol,
                .spi = spi,
+               .dst = dst->clone(dst),
        );
 
        return &this->public;
index fcbe65a..364bb5a 100644 (file)
@@ -43,15 +43,11 @@ struct rekey_child_sa_job_t {
 /**
  * Creates a job of type REKEY_CHILD_SA.
  *
- * The CHILD_SA is identified by its protocol (AH/ESP) and its
- * inbound SPI.
- *
- * @param reqid                reqid of the CHILD_SA to rekey
  * @param protocol     protocol of the CHILD_SA
  * @param spi          security parameter index of the CHILD_SA
+ * @param dst          SA destination address
  * @return                     rekey_child_sa_job_t object
  */
-rekey_child_sa_job_t *rekey_child_sa_job_create(u_int32_t reqid,
-                                                                                               protocol_id_t protocol,
-                                                                                               u_int32_t spi);
+rekey_child_sa_job_t *rekey_child_sa_job_create(protocol_id_t protocol,
+                                                                                               u_int32_t spi, host_t *dst);
 #endif /** REKEY_CHILD_SA_JOB_H_ @}*/
index 213155a..c806e19 100644 (file)
@@ -96,9 +96,9 @@ static void schedule_delayed_rekey(private_child_rekey_t *this)
 
        retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
        job = (job_t*)rekey_child_sa_job_create(
-                                               this->child_sa->get_reqid(this->child_sa),
                                                this->child_sa->get_protocol(this->child_sa),
-                                               this->child_sa->get_spi(this->child_sa, TRUE));
+                                               this->child_sa->get_spi(this->child_sa, TRUE),
+                                               this->ike_sa->get_my_host(this->ike_sa));
        DBG1(DBG_IKE, "CHILD_SA rekeying failed, trying again in %d seconds", retry);
        this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
        lib->scheduler->schedule_job(lib->scheduler, job, retry);
index 28821fc..b5ade37 100644 (file)
@@ -815,17 +815,18 @@ METHOD(kernel_interface_t, acquire, void,
 }
 
 METHOD(kernel_interface_t, expire, void,
-       private_kernel_interface_t *this, u_int32_t reqid, u_int8_t protocol,
-       u_int32_t spi, bool hard)
+       private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+       host_t *dst, bool hard)
 {
        kernel_listener_t *listener;
        enumerator_t *enumerator;
+
        this->mutex->lock(this->mutex);
        enumerator = this->listeners->create_enumerator(this->listeners);
        while (enumerator->enumerate(enumerator, &listener))
        {
                if (listener->expire &&
-                       !listener->expire(listener, reqid, protocol, spi, hard))
+                       !listener->expire(listener, protocol, spi, dst, hard))
                {
                        this->listeners->remove_at(this->listeners, enumerator);
                }
index 9a86e78..2db53f5 100644 (file)
@@ -559,13 +559,13 @@ struct kernel_interface_t {
        /**
         * Raise an expire event.
         *
-        * @param reqid                 reqid of the expired SA
         * @param protocol              protocol of the expired SA
         * @param spi                   spi of the expired SA
+        * @param dst                   destination address of expired SA
         * @param hard                  TRUE if it is a hard expire, FALSE otherwise
         */
-       void (*expire)(kernel_interface_t *this, u_int32_t reqid,
-                                  u_int8_t protocol, u_int32_t spi, bool hard);
+       void (*expire)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi,
+                                  host_t *dst, bool hard);
 
        /**
         * Raise a mapping event.
index 4382a43..122453f 100644 (file)
@@ -49,14 +49,14 @@ struct kernel_listener_t {
        /**
         * Hook called if an exire event for an IPsec SA is received.
         *
-        * @param reqid                 reqid of the expired SA
         * @param protocol              protocol of the expired SA
         * @param spi                   spi of the expired SA
+        * @param dst                   destination address of expired SA
         * @param hard                  TRUE if it is a hard expire, FALSE otherwise
         * @return                              TRUE to remain registered, FALSE to unregister
         */
-       bool (*expire)(kernel_listener_t *this, u_int32_t reqid,
-                                  u_int8_t protocol, u_int32_t spi, bool hard);
+       bool (*expire)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi,
+                                  host_t *dst, bool hard);
 
        /**
         * Hook called if the NAT mappings of an IPsec SA changed.
index 31bb4f6..f8077d8 100644 (file)
@@ -870,25 +870,26 @@ static void process_expire(private_kernel_netlink_ipsec_t *this,
                                                   struct nlmsghdr *hdr)
 {
        struct xfrm_user_expire *expire;
-       u_int32_t spi, reqid;
+       u_int32_t spi;
        u_int8_t protocol;
+       host_t *dst;
 
        expire = NLMSG_DATA(hdr);
        protocol = expire->state.id.proto;
        spi = expire->state.id.spi;
-       reqid = expire->state.reqid;
 
        DBG2(DBG_KNL, "received a XFRM_MSG_EXPIRE");
 
-       if (protocol != IPPROTO_ESP && protocol != IPPROTO_AH)
+       if (protocol == IPPROTO_ESP || protocol == IPPROTO_AH)
        {
-               DBG2(DBG_KNL, "ignoring XFRM_MSG_EXPIRE for SA with SPI %.8x and "
-                                         "reqid {%u} which is not a CHILD_SA", ntohl(spi), reqid);
-               return;
+               dst = xfrm2host(expire->state.family, &expire->state.id.daddr, 0);
+               if (dst)
+               {
+                       hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
+                                                                                       spi, dst, expire->hard != 0);
+                       dst->destroy(dst);
+               }
        }
-
-       hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol,
-                                                                       spi, expire->hard != 0);
 }
 
 /**
index 348549b..9b84686 100644 (file)
@@ -1296,7 +1296,8 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this,
 {
        pfkey_msg_t response;
        u_int8_t protocol;
-       u_int32_t spi, reqid;
+       u_int32_t spi;
+       host_t *dst;
        bool hard;
 
        DBG2(DBG_KNL, "received an SADB_EXPIRE");
@@ -1309,18 +1310,18 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this,
 
        protocol = satype2proto(msg->sadb_msg_satype);
        spi = response.sa->sadb_sa_spi;
-       reqid = response.x_sa2->sadb_x_sa2_reqid;
        hard = response.lft_hard != NULL;
 
-       if (protocol != IPPROTO_ESP && protocol != IPPROTO_AH)
+       if (protocol == IPPROTO_ESP || protocol == IPPROTO_AH)
        {
-               DBG2(DBG_KNL, "ignoring SADB_EXPIRE for SA with SPI %.8x and "
-                                         "reqid {%u} which is not a CHILD_SA", ntohl(spi), reqid);
-               return;
+               dst = host_create_from_sockaddr((sockaddr_t*)(response.dst + 1));
+               if (dst)
+               {
+                       hydra->kernel_interface->expire(hydra->kernel_interface, protocol,
+                                                                                       spi, dst, hard);
+                       dst->destroy(dst);
+               }
        }
-
-       hydra->kernel_interface->expire(hydra->kernel_interface, reqid, protocol,
-                                                                       spi, hard);
 }
 
 #ifdef SADB_X_MIGRATE
index c5c39b0..f15f6fe 100644 (file)
@@ -35,14 +35,12 @@ struct ipsec_event_listener_t {
        /**
         * Called when the lifetime of an IPsec SA expired
         *
-        * @param reqid                 reqid of the expired SA
         * @param protocol              protocol of the expired SA
         * @param spi                   spi of the expired SA
+        * @param dst                   destination address of expired SA
         * @param hard                  TRUE if this is a hard expire, FALSE otherwise
         */
-       void (*expire)(u_int32_t reqid, u_int8_t protocol, u_int32_t spi,
-                                  bool hard);
-
+       void (*expire)(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard);
 };
 
 #endif /** IPSEC_EVENT_LISTENER_H_ @}*/
index c6b2a55..0480630 100644 (file)
@@ -65,9 +65,9 @@ typedef struct {
        } type;
 
        /**
-        * Reqid of the SA, if any
+        * Protocol of the SA
         */
-       u_int32_t reqid;
+       u_int8_t protocol;
 
        /**
         * SPI of the SA, if any
@@ -75,13 +75,16 @@ typedef struct {
        u_int32_t spi;
 
        /**
+        * SA destination address
+        */
+       host_t *dst;
+
+       /**
         * Additional data for specific event types
         */
        union {
 
                struct {
-                       /** Protocol of the SA */
-                       u_int8_t protocol;
                        /** TRUE in case of a hard expire */
                        bool hard;
                } expire;
@@ -91,6 +94,15 @@ typedef struct {
 } ipsec_event_t;
 
 /**
+ * Destroy IPsec event data
+ */
+static void ipsec_event_destroy(ipsec_event_t *event)
+{
+       event->dst->destroy(event->dst);
+       free(event);
+}
+
+/**
  * Dequeue events and relay them to listeners
  */
 static job_requeue_t handle_events(private_ipsec_event_relay_t *this)
@@ -110,31 +122,31 @@ static job_requeue_t handle_events(private_ipsec_event_relay_t *this)
                        case IPSEC_EVENT_EXPIRE:
                                if (current->expire)
                                {
-                                       current->expire(event->reqid, event->data.expire.protocol,
-                                                                       event->spi, event->data.expire.hard);
+                                       current->expire(event->protocol, event->spi, event->dst,
+                                                                       event->data.expire.hard);
                                }
                                break;
                }
        }
        enumerator->destroy(enumerator);
        this->lock->unlock(this->lock);
-       free(event);
+       ipsec_event_destroy(event);
        return JOB_REQUEUE_DIRECT;
 }
 
 METHOD(ipsec_event_relay_t, expire, void,
-       private_ipsec_event_relay_t *this, u_int32_t reqid, u_int8_t protocol,
-       u_int32_t spi, bool hard)
+       private_ipsec_event_relay_t *this, u_int8_t protocol, u_int32_t spi,
+       host_t *dst, bool hard)
 {
        ipsec_event_t *event;
 
        INIT(event,
                .type = IPSEC_EVENT_EXPIRE,
-               .reqid = reqid,
+               .protocol = protocol,
                .spi = spi,
+               .dst = dst->clone(dst),
                .data = {
                        .expire = {
-                               .protocol = protocol,
                                .hard = hard,
                        },
                },
index c6935d5..1dddf12 100644 (file)
@@ -38,13 +38,13 @@ struct ipsec_event_relay_t {
        /**
         * Raise an expire event.
         *
-        * @param reqid                 reqid of the expired IPsec SA
         * @param protocol              protocol (e.g ESP) of the expired SA
         * @param spi                   SPI of the expired SA
+        * @param dst                   destination address of expired SA
         * @param hard                  TRUE for a hard expire, FALSE otherwise
         */
-       void (*expire)(ipsec_event_relay_t *this, u_int32_t reqid,
-                                  u_int8_t protocol, u_int32_t spi, bool hard);
+       void (*expire)(ipsec_event_relay_t *this, u_int8_t protocol, u_int32_t spi,
+                                  host_t *dst, bool hard);
 
        /**
         * Register a listener to events raised by this manager
index 3d0bbe1..ccbbb1b 100644 (file)
@@ -194,8 +194,8 @@ METHOD(ipsec_sa_t, expire, void,
                if (!this->hard_expired)
                {
                        this->hard_expired = TRUE;
-                       ipsec->events->expire(ipsec->events, this->reqid, this->protocol,
-                                                                 this->spi, TRUE);
+                       ipsec->events->expire(ipsec->events, this->protocol, this->spi,
+                                                                 this->dst, TRUE);
                }
        }
        else
@@ -203,8 +203,8 @@ METHOD(ipsec_sa_t, expire, void,
                if (!this->hard_expired && !this->soft_expired)
                {
                        this->soft_expired = TRUE;
-                       ipsec->events->expire(ipsec->events, this->reqid, this->protocol,
-                                                                 this->spi, FALSE);
+                       ipsec->events->expire(ipsec->events, this->protocol, this->spi,
+                                                                 this->dst, FALSE);
                }
        }
 }