Return to rekey_ike_sa_job.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / processing / jobs |
1.1 misho 1: /* 2: * Copyright (C) 2006 Martin Willi 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: #include "rekey_ike_sa_job.h" 17: 18: #include <daemon.h> 19: 20: typedef struct private_rekey_ike_sa_job_t private_rekey_ike_sa_job_t; 21: 22: /** 23: * Private data of an rekey_ike_sa_job_t object. 24: */ 25: struct private_rekey_ike_sa_job_t { 26: /** 27: * Public rekey_ike_sa_job_t interface. 28: */ 29: rekey_ike_sa_job_t public; 30: 31: /** 32: * ID of the IKE_SA to rekey 33: */ 34: ike_sa_id_t *ike_sa_id; 35: 36: /** 37: * force reauthentication of the peer (full IKE_SA setup) 38: */ 39: bool reauth; 40: }; 41: 42: METHOD(job_t, destroy, void, 43: private_rekey_ike_sa_job_t *this) 44: { 45: this->ike_sa_id->destroy(this->ike_sa_id); 46: free(this); 47: } 48: 49: /** 50: * Check if we should delay a reauth, and by how many seconds 51: */ 52: static uint32_t get_retry_delay(ike_sa_t *ike_sa) 53: { 54: enumerator_t *enumerator; 55: child_sa_t *child_sa; 56: uint32_t retry = 0; 57: 58: /* avoid reauth collisions for certain IKE_SA/CHILD_SA states */ 59: if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED) 60: { 61: retry = RETRY_INTERVAL - (random() % RETRY_JITTER); 62: DBG1(DBG_IKE, "unable to reauthenticate in %N state, delaying for %us", 63: ike_sa_state_names, ike_sa->get_state(ike_sa), retry); 64: } 65: else 66: { 67: enumerator = ike_sa->create_child_sa_enumerator(ike_sa); 68: while (enumerator->enumerate(enumerator, &child_sa)) 69: { 70: if (child_sa->get_state(child_sa) != CHILD_INSTALLED && 71: child_sa->get_state(child_sa) != CHILD_REKEYED) 72: { 73: retry = RETRY_INTERVAL - (random() % RETRY_JITTER); 74: DBG1(DBG_IKE, "unable to reauthenticate in CHILD_SA %N state, " 75: "delaying for %us", child_sa_state_names, 76: child_sa->get_state(child_sa), retry); 77: break; 78: } 79: } 80: enumerator->destroy(enumerator); 81: } 82: return retry; 83: } 84: 85: METHOD(job_t, execute, job_requeue_t, 86: private_rekey_ike_sa_job_t *this) 87: { 88: ike_sa_t *ike_sa; 89: status_t status = SUCCESS; 90: uint32_t retry = 0; 91: 92: ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, 93: this->ike_sa_id); 94: if (ike_sa == NULL) 95: { 96: DBG2(DBG_JOB, "IKE_SA to rekey not found"); 97: } 98: else 99: { 100: if (this->reauth) 101: { 102: retry = get_retry_delay(ike_sa); 103: if (!retry) 104: { 105: status = ike_sa->reauth(ike_sa); 106: } 107: } 108: else 109: { 110: status = ike_sa->rekey(ike_sa); 111: } 112: 113: if (status == DESTROY_ME) 114: { 115: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, 116: ike_sa); 117: } 118: else 119: { 120: charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); 121: } 122: } 123: if (retry) 124: { 125: return JOB_RESCHEDULE(retry); 126: } 127: return JOB_REQUEUE_NONE; 128: } 129: 130: METHOD(job_t, get_priority, job_priority_t, 131: private_rekey_ike_sa_job_t *this) 132: { 133: return JOB_PRIO_MEDIUM; 134: } 135: 136: /* 137: * Described in header 138: */ 139: rekey_ike_sa_job_t *rekey_ike_sa_job_create(ike_sa_id_t *ike_sa_id, bool reauth) 140: { 141: private_rekey_ike_sa_job_t *this; 142: 143: INIT(this, 144: .public = { 145: .job_interface = { 146: .execute = _execute, 147: .get_priority = _get_priority, 148: .destroy = _destroy, 149: }, 150: }, 151: .ike_sa_id = ike_sa_id->clone(ike_sa_id), 152: .reauth = reauth, 153: ); 154: 155: return &(this->public); 156: }