![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to rekey_ike_sa_job.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / processing / jobs|
Return to rekey_ike_sa_job.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / processing / jobs |
1.1 misho 1: /*
2: * Copyright (C) 2006 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "rekey_ike_sa_job.h"
17:
18: #include <daemon.h>
19:
20: typedef struct private_rekey_ike_sa_job_t private_rekey_ike_sa_job_t;
21:
22: /**
23: * Private data of an rekey_ike_sa_job_t object.
24: */
25: struct private_rekey_ike_sa_job_t {
26: /**
27: * Public rekey_ike_sa_job_t interface.
28: */
29: rekey_ike_sa_job_t public;
30:
31: /**
32: * ID of the IKE_SA to rekey
33: */
34: ike_sa_id_t *ike_sa_id;
35:
36: /**
37: * force reauthentication of the peer (full IKE_SA setup)
38: */
39: bool reauth;
40: };
41:
42: METHOD(job_t, destroy, void,
43: private_rekey_ike_sa_job_t *this)
44: {
45: this->ike_sa_id->destroy(this->ike_sa_id);
46: free(this);
47: }
48:
49: /**
50: * Check if we should delay a reauth, and by how many seconds
51: */
52: static uint32_t get_retry_delay(ike_sa_t *ike_sa)
53: {
54: enumerator_t *enumerator;
55: child_sa_t *child_sa;
56: uint32_t retry = 0;
57:
58: /* avoid reauth collisions for certain IKE_SA/CHILD_SA states */
59: if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED)
60: {
61: retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
62: DBG1(DBG_IKE, "unable to reauthenticate in %N state, delaying for %us",
63: ike_sa_state_names, ike_sa->get_state(ike_sa), retry);
64: }
65: else
66: {
67: enumerator = ike_sa->create_child_sa_enumerator(ike_sa);
68: while (enumerator->enumerate(enumerator, &child_sa))
69: {
70: if (child_sa->get_state(child_sa) != CHILD_INSTALLED &&
71: child_sa->get_state(child_sa) != CHILD_REKEYED)
72: {
73: retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
74: DBG1(DBG_IKE, "unable to reauthenticate in CHILD_SA %N state, "
75: "delaying for %us", child_sa_state_names,
76: child_sa->get_state(child_sa), retry);
77: break;
78: }
79: }
80: enumerator->destroy(enumerator);
81: }
82: return retry;
83: }
84:
85: METHOD(job_t, execute, job_requeue_t,
86: private_rekey_ike_sa_job_t *this)
87: {
88: ike_sa_t *ike_sa;
89: status_t status = SUCCESS;
90: uint32_t retry = 0;
91:
92: ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
93: this->ike_sa_id);
94: if (ike_sa == NULL)
95: {
96: DBG2(DBG_JOB, "IKE_SA to rekey not found");
97: }
98: else
99: {
100: if (this->reauth)
101: {
102: retry = get_retry_delay(ike_sa);
103: if (!retry)
104: {
105: status = ike_sa->reauth(ike_sa);
106: }
107: }
108: else
109: {
110: status = ike_sa->rekey(ike_sa);
111: }
112:
113: if (status == DESTROY_ME)
114: {
115: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager,
116: ike_sa);
117: }
118: else
119: {
120: charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
121: }
122: }
123: if (retry)
124: {
125: return JOB_RESCHEDULE(retry);
126: }
127: return JOB_REQUEUE_NONE;
128: }
129:
130: METHOD(job_t, get_priority, job_priority_t,
131: private_rekey_ike_sa_job_t *this)
132: {
133: return JOB_PRIO_MEDIUM;
134: }
135:
136: /*
137: * Described in header
138: */
139: rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth)
140: {
141: private_rekey_ike_sa_job_t *this;
142:
143: INIT(this,
144: .public = {
145: .job_interface = {
146: .execute = _execute,
147: .get_priority = _get_priority,
148: .destroy = _destroy,
149: },
150: },
151: .ike_sa_id = ike_sa_id->clone(ike_sa_id),
152: .reauth = reauth,
153: );
154:
155: return &(this->public);
156: }