Annotation of embedaddon/strongswan/src/libcharon/processing/jobs/rekey_ike_sa_job.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2006 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "rekey_ike_sa_job.h"
! 17:
! 18: #include <daemon.h>
! 19:
! 20: typedef struct private_rekey_ike_sa_job_t private_rekey_ike_sa_job_t;
! 21:
! 22: /**
! 23: * Private data of an rekey_ike_sa_job_t object.
! 24: */
! 25: struct private_rekey_ike_sa_job_t {
! 26: /**
! 27: * Public rekey_ike_sa_job_t interface.
! 28: */
! 29: rekey_ike_sa_job_t public;
! 30:
! 31: /**
! 32: * ID of the IKE_SA to rekey
! 33: */
! 34: ike_sa_id_t *ike_sa_id;
! 35:
! 36: /**
! 37: * force reauthentication of the peer (full IKE_SA setup)
! 38: */
! 39: bool reauth;
! 40: };
! 41:
! 42: METHOD(job_t, destroy, void,
! 43: private_rekey_ike_sa_job_t *this)
! 44: {
! 45: this->ike_sa_id->destroy(this->ike_sa_id);
! 46: free(this);
! 47: }
! 48:
! 49: /**
! 50: * Check if we should delay a reauth, and by how many seconds
! 51: */
! 52: static uint32_t get_retry_delay(ike_sa_t *ike_sa)
! 53: {
! 54: enumerator_t *enumerator;
! 55: child_sa_t *child_sa;
! 56: uint32_t retry = 0;
! 57:
! 58: /* avoid reauth collisions for certain IKE_SA/CHILD_SA states */
! 59: if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED)
! 60: {
! 61: retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
! 62: DBG1(DBG_IKE, "unable to reauthenticate in %N state, delaying for %us",
! 63: ike_sa_state_names, ike_sa->get_state(ike_sa), retry);
! 64: }
! 65: else
! 66: {
! 67: enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
! 68: while (enumerator->enumerate(enumerator, &child_sa))
! 69: {
! 70: if (child_sa->get_state(child_sa) != CHILD_INSTALLED &&
! 71: child_sa->get_state(child_sa) != CHILD_REKEYED)
! 72: {
! 73: retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
! 74: DBG1(DBG_IKE, "unable to reauthenticate in CHILD_SA %N state, "
! 75: "delaying for %us", child_sa_state_names,
! 76: child_sa->get_state(child_sa), retry);
! 77: break;
! 78: }
! 79: }
! 80: enumerator->destroy(enumerator);
! 81: }
! 82: return retry;
! 83: }
! 84:
! 85: METHOD(job_t, execute, job_requeue_t,
! 86: private_rekey_ike_sa_job_t *this)
! 87: {
! 88: ike_sa_t *ike_sa;
! 89: status_t status = SUCCESS;
! 90: uint32_t retry = 0;
! 91:
! 92: ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
! 93: this->ike_sa_id);
! 94: if (ike_sa == NULL)
! 95: {
! 96: DBG2(DBG_JOB, "IKE_SA to rekey not found");
! 97: }
! 98: else
! 99: {
! 100: if (this->reauth)
! 101: {
! 102: retry = get_retry_delay(ike_sa);
! 103: if (!retry)
! 104: {
! 105: status = ike_sa->reauth(ike_sa);
! 106: }
! 107: }
! 108: else
! 109: {
! 110: status = ike_sa->rekey(ike_sa);
! 111: }
! 112:
! 113: if (status == DESTROY_ME)
! 114: {
! 115: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
! 116: ike_sa);
! 117: }
! 118: else
! 119: {
! 120: charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
! 121: }
! 122: }
! 123: if (retry)
! 124: {
! 125: return JOB_RESCHEDULE(retry);
! 126: }
! 127: return JOB_REQUEUE_NONE;
! 128: }
! 129:
! 130: METHOD(job_t, get_priority, job_priority_t,
! 131: private_rekey_ike_sa_job_t *this)
! 132: {
! 133: return JOB_PRIO_MEDIUM;
! 134: }
! 135:
! 136: /*
! 137: * Described in header
! 138: */
! 139: rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth)
! 140: {
! 141: private_rekey_ike_sa_job_t *this;
! 142:
! 143: INIT(this,
! 144: .public = {
! 145: .job_interface = {
! 146: .execute = _execute,
! 147: .get_priority = _get_priority,
! 148: .destroy = _destroy,
! 149: },
! 150: },
! 151: .ike_sa_id = ike_sa_id->clone(ike_sa_id),
! 152: .reauth = reauth,
! 153: );
! 154:
! 155: return &(this->public);
! 156: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>