diff options
author | Martin Willi <martin@strongswan.org> | 2009-08-31 17:59:00 +0200 |
---|---|---|
committer | Martin Willi <martin@strongswan.org> | 2009-08-31 18:00:28 +0200 |
commit | 6180a55852afaf7fee4086a45dccbff9d7f7dfa8 (patch) | |
tree | 61968edccb4b5b5e39a045b16067299f1e5cda02 /src/charon | |
parent | de5784452b31af3c7342269127a12d352edc0b4e (diff) | |
download | strongswan-6180a55852afaf7fee4086a45dccbff9d7f7dfa8.tar.bz2 strongswan-6180a55852afaf7fee4086a45dccbff9d7f7dfa8.tar.xz |
use time_monotonic() instead of time() for statistics and time difference calculations
Diffstat (limited to 'src/charon')
-rw-r--r-- | src/charon/kernel/kernel_ipsec.h | 7 | ||||
-rw-r--r-- | src/charon/network/receiver.c | 8 | ||||
-rw-r--r-- | src/charon/plugins/kernel_klips/kernel_klips_ipsec.c | 2 | ||||
-rw-r--r-- | src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 11 | ||||
-rw-r--r-- | src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 13 | ||||
-rw-r--r-- | src/charon/plugins/load_tester/load_tester_ipsec.c | 2 | ||||
-rw-r--r-- | src/charon/plugins/stroke/stroke_list.c | 17 | ||||
-rw-r--r-- | src/charon/sa/child_sa.c | 2 | ||||
-rw-r--r-- | src/charon/sa/ike_sa.c | 25 | ||||
-rw-r--r-- | src/charon/sa/tasks/ike_auth_lifetime.c | 2 |
10 files changed, 56 insertions, 33 deletions
diff --git a/src/charon/kernel/kernel_ipsec.h b/src/charon/kernel/kernel_ipsec.h index d6438c197..4abe3bf54 100644 --- a/src/charon/kernel/kernel_ipsec.h +++ b/src/charon/kernel/kernel_ipsec.h @@ -228,13 +228,14 @@ struct kernel_ipsec_t { /** * Query the use time of a policy. * - * The use time of a policy is the time the policy was used - * for the last time. + * The use time of a policy is the time the policy was used for the last + * time. It is not the system time, but a monotonic timestamp as returned + * by time_monotonic. * * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_IN, POLICY_OUT, POLICY_FWD - * @param[out] use_time the time of this SA's last use + * @param[out] use_time the monotonic timestamp of this SA's last use * @return SUCCESS if operation completed */ status_t (*query_policy) (kernel_ipsec_t *this, diff --git a/src/charon/network/receiver.c b/src/charon/network/receiver.c index ab4d6d592..5c24a6270 100644 --- a/src/charon/network/receiver.c +++ b/src/charon/network/receiver.c @@ -168,7 +168,7 @@ static bool cookie_verify(private_receiver_t *this, message_t *message, chunk_t reference; chunk_t secret; - now = time(NULL); + now = time_monotonic(NULL); t = *(u_int32_t*)cookie.ptr; if (cookie.len != sizeof(u_int32_t) + @@ -296,9 +296,9 @@ static job_requeue_t receive_packets(private_receiver_t *this) /* check for cookies */ if (this->cookie_threshold && cookie_required(this, message)) { - u_int32_t now = time(NULL); + u_int32_t now = time_monotonic(NULL); chunk_t cookie = cookie_build(this, message, now - this->secret_offset, - chunk_from_thing(this->secret)); + chunk_from_thing(this->secret)); DBG2(DBG_NET, "received packet from: %#H to %#H", message->get_source(message), @@ -352,7 +352,7 @@ static void destroy(private_receiver_t *this) receiver_t *receiver_create() { private_receiver_t *this = malloc_thing(private_receiver_t); - u_int32_t now = time(NULL); + u_int32_t now = time_monotonic(NULL); this->public.destroy = (void(*)(receiver_t*)) destroy; diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c index 9a903d027..0a355463a 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c @@ -2382,7 +2382,7 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, break; } - *use_time = time(NULL) - idle_time; + *use_time = time_monotonic(NULL) - idle_time; status = SUCCESS; break; } diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 63a968371..edad7f700 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1774,7 +1774,16 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, free(out); return FAILED; } - *use_time = (time_t)policy->curlft.use_time; + + if (policy->curlft.use_time) + { + /* we need the monotonic time, but the kernel returns system time. */ + *use_time = time_monotonic(NULL) - (time(NULL) - policy->curlft.use_time); + } + else + { + *use_time = 0; + } free(out); return SUCCESS; diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 1f83e8f39..7674654c9 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1911,9 +1911,16 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, free(out); return FAILED; } - - *use_time = response.lft_current->sadb_lifetime_usetime; - + /* we need the monotonic time, but the kernel returns system time. */ + if (response.lft_current->sadb_lifetime_usetime) + { + *use_time = time_monotonic(NULL) - + (time(NULL) - response.lft_current->sadb_lifetime_usetime); + } + else + { + *use_time = 0; + } free(out); return SUCCESS; diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.c b/src/charon/plugins/load_tester/load_tester_ipsec.c index e463d2adc..76652d3bb 100644 --- a/src/charon/plugins/load_tester/load_tester_ipsec.c +++ b/src/charon/plugins/load_tester/load_tester_ipsec.c @@ -126,7 +126,7 @@ static status_t query_policy(private_load_tester_ipsec_t *this, traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { - *use_time = time(NULL); + *use_time = time_monotonic(NULL); return SUCCESS; } diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/charon/plugins/stroke/stroke_list.c index 001165761..d6754482f 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/charon/plugins/stroke/stroke_list.c @@ -58,7 +58,7 @@ struct private_stroke_list_t { static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) { ike_sa_id_t *id = ike_sa->get_id(ike_sa); - time_t now = time(NULL); + time_t now = time_monotonic(NULL); fprintf(out, "%12s[%d]: %N", ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa), @@ -146,11 +146,12 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) */ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { - time_t use_in, use_out, rekey, now = time(NULL); + time_t use_in, use_out, rekey, now; u_int64_t bytes_in, bytes_out; proposal_t *proposal; child_cfg_t *config = child_sa->get_config(child_sa); + fprintf(out, "%12s{%d}: %N, %N%s", child_sa->get_name(child_sa), child_sa->get_reqid(child_sa), child_sa_state_names, child_sa->get_state(child_sa), @@ -205,7 +206,8 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) } } } - + + now = time_monotonic(NULL); child_sa->get_usestats(child_sa, TRUE, &use_in, &bytes_in); fprintf(out, ", %llu bytes_i", bytes_in); if (use_in) @@ -367,11 +369,14 @@ static void status(private_stroke_list_t *this, stroke_msg_t *msg, FILE *out, bo char *plugin, *pool; host_t *host; u_int32_t dpd; - time_t now = time(NULL); + time_t since, now; u_int size, online, offline; + now = time_monotonic(NULL); + since = time(NULL) - (now - this->uptime); + fprintf(out, "Status of IKEv2 charon daemon (strongSwan "VERSION"):\n"); - fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &this->uptime, FALSE); + fprintf(out, " uptime: %V, since %T\n", &now, &this->uptime, &since, FALSE); fprintf(out, " worker threads: %d idle of %d,", charon->processor->get_idle_threads(charon->processor), charon->processor->get_total_threads(charon->processor)); @@ -1113,7 +1118,7 @@ stroke_list_t *stroke_list_create(stroke_attribute_t *attribute) this->public.leases = (void(*)(stroke_list_t*, stroke_msg_t *msg, FILE *out))leases; this->public.destroy = (void(*)(stroke_list_t*))destroy; - this->uptime = time(NULL); + this->uptime = time_monotonic(NULL); this->attribute = attribute; return &this->public; diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c index 28c513683..ed7df6513 100644 --- a/src/charon/sa/child_sa.c +++ b/src/charon/sa/child_sa.c @@ -593,7 +593,7 @@ static status_t install(private_child_sa_t *this, chunk_t encr, chunk_t integ, inbound ? soft : 0, hard, enc_alg, encr, int_alg, integ, this->mode, this->ipcomp, cpi, this->encap, update); - now = time(NULL); + now = time_monotonic(NULL); if (soft) { this->rekey_time = now + soft; diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index d2ab41e0b..712c022bc 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -428,7 +428,7 @@ static void send_keepalive(private_ike_sa_t *this) } last_out = get_use_time(this, FALSE); - now = time(NULL); + now = time_monotonic(NULL); diff = now - last_out; @@ -570,7 +570,7 @@ static status_t send_dpd(private_ike_sa_t *this) /* check if there was any inbound traffic */ time_t last_in, now; last_in = get_use_time(this, TRUE); - now = time(NULL); + now = time_monotonic(NULL); diff = now - last_in; if (diff >= delay) { @@ -632,7 +632,7 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state) u_int32_t t; /* calculate rekey, reauth and lifetime */ - this->stats[STAT_ESTABLISHED] = time(NULL); + this->stats[STAT_ESTABLISHED] = time_monotonic(NULL); /* schedule rekeying if we have a time which is smaller than * an already scheduled rekeying */ @@ -895,7 +895,7 @@ static void update_hosts(private_ike_sa_t *this, host_t *me, host_t *other) static status_t generate_message(private_ike_sa_t *this, message_t *message, packet_t **packet) { - this->stats[STAT_OUTBOUND] = time(NULL); + this->stats[STAT_OUTBOUND] = time_monotonic(NULL); message->set_ike_sa_id(message, this->ike_sa_id); return message->generate(message, this->keymat->get_crypter(this->keymat, FALSE), @@ -1290,7 +1290,7 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) charon->scheduler->schedule_job(charon->scheduler, job, HALF_OPEN_IKE_SA_TIMEOUT); } - this->stats[STAT_INBOUND] = time(NULL); + this->stats[STAT_INBOUND] = time_monotonic(NULL); /* check if message is trustworthy, and update host information */ if (this->state == IKE_CREATED || this->state == IKE_CONNECTING || message->get_exchange_type(message) != IKE_SA_INIT) @@ -1514,7 +1514,7 @@ static status_t reauth(private_ike_sa_t *this) #endif /* ME */ ) { - time_t now = time(NULL); + time_t now = time_monotonic(NULL); DBG1(DBG_IKE, "IKE_SA will timeout in %V", &now, &this->stats[STAT_DELETE]); @@ -1668,7 +1668,7 @@ static status_t reestablish(private_ike_sa_t *this) */ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id) { - this->stats[STAT_OUTBOUND] = time(NULL); + this->stats[STAT_OUTBOUND] = time_monotonic(NULL); if (this->task_manager->retransmit(this->task_manager, message_id) != SUCCESS) { /* send a proper signal to brief interested bus listeners */ @@ -1710,7 +1710,7 @@ static status_t retransmit(private_ike_sa_t *this, u_int32_t message_id) static void set_auth_lifetime(private_ike_sa_t *this, u_int32_t lifetime) { u_int32_t reduction = this->peer_cfg->get_over_time(this->peer_cfg); - u_int32_t reauth_time = time(NULL) + lifetime - reduction; + u_int32_t reauth_time = time_monotonic(NULL) + lifetime - reduction; if (lifetime < reduction) { @@ -1731,8 +1731,9 @@ static void set_auth_lifetime(private_ike_sa_t *this, u_int32_t lifetime) } else { - DBG1(DBG_IKE, "received AUTH_LIFETIME of %ds, reauthentication already " - "scheduled in %ds", lifetime, this->stats[STAT_REAUTH] - time(NULL)); + DBG1(DBG_IKE, "received AUTH_LIFETIME of %ds, " + "reauthentication already scheduled in %ds", lifetime, + this->stats[STAT_REAUTH] - time_monotonic(NULL)); } } @@ -1923,7 +1924,7 @@ static status_t inherit(private_ike_sa_t *this, private_ike_sa_t *other) /* reauthentication timeout survives a rekeying */ if (other->stats[STAT_REAUTH]) { - time_t reauth, delete, now = time(NULL); + time_t reauth, delete, now = time_monotonic(NULL); this->stats[STAT_REAUTH] = other->stats[STAT_REAUTH]; reauth = this->stats[STAT_REAUTH] - now; @@ -2113,7 +2114,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->keepalive_interval = lib->settings->get_time(lib->settings, "charon.keep_alive", KEEPALIVE_INTERVAL); memset(this->stats, 0, sizeof(this->stats)); - this->stats[STAT_INBOUND] = this->stats[STAT_OUTBOUND] = time(NULL); + this->stats[STAT_INBOUND] = this->stats[STAT_OUTBOUND] = time_monotonic(NULL); this->ike_cfg = NULL; this->peer_cfg = NULL; this->my_auth = auth_cfg_create(); diff --git a/src/charon/sa/tasks/ike_auth_lifetime.c b/src/charon/sa/tasks/ike_auth_lifetime.c index a047e6b81..4b926a9f5 100644 --- a/src/charon/sa/tasks/ike_auth_lifetime.c +++ b/src/charon/sa/tasks/ike_auth_lifetime.c @@ -50,7 +50,7 @@ static void add_auth_lifetime(private_ike_auth_lifetime_t *this, message_t *mess lifetime = this->ike_sa->get_statistic(this->ike_sa, STAT_REAUTH); if (lifetime) { - lifetime -= time(NULL); + lifetime -= time_monotonic(NULL); chunk = chunk_from_thing(lifetime); *(u_int32_t*)chunk.ptr = htonl(lifetime); message->add_notify(message, FALSE, AUTH_LIFETIME, chunk); |