diff options
| -rw-r--r-- | src/charon/config/child_cfg.c | 18 | ||||
| -rw-r--r-- | src/charon/config/child_cfg.h | 11 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/load_tester_config.c | 2 | ||||
| -rw-r--r-- | src/charon/plugins/medcli/medcli_config.c | 4 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_service.c | 2 | ||||
| -rw-r--r-- | src/charon/plugins/sql/sql_config.c | 2 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_config.c | 2 | ||||
| -rw-r--r-- | src/charon/plugins/uci/uci_config.c | 2 | ||||
| -rw-r--r-- | src/charon/sa/tasks/child_create.c | 14 |
9 files changed, 41 insertions, 16 deletions
diff --git a/src/charon/config/child_cfg.c b/src/charon/config/child_cfg.c index 350a5a99e..8410b3fe5 100644 --- a/src/charon/config/child_cfg.c +++ b/src/charon/config/child_cfg.c @@ -107,6 +107,11 @@ struct private_child_cfg_t { bool use_ipcomp; /** + * Inactivity timeout + */ + u_int32_t inactivity; + + /** * set up IPsec transport SA in MIPv6 proxy mode */ bool proxy_mode; @@ -433,6 +438,14 @@ static bool use_ipcomp(private_child_cfg_t *this) } /** + * Implementation of child_cfg_t.get_inactivity. + */ +static u_int32_t get_inactivity(private_child_cfg_t *this) +{ + return this->inactivity; +} + +/** * Implementation of child_cfg_t.set_mipv6_options. */ static void set_mipv6_options(private_child_cfg_t *this, bool proxy_mode, @@ -492,7 +505,8 @@ static void destroy(private_child_cfg_t *this) child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, char *updown, bool hostaccess, ipsec_mode_t mode, action_t dpd_action, - action_t close_action, bool ipcomp) + action_t close_action, bool ipcomp, + u_int32_t inactivity) { private_child_cfg_t *this = malloc_thing(private_child_cfg_t); @@ -511,6 +525,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, this->public.get_dh_group = (diffie_hellman_group_t(*)(child_cfg_t*)) get_dh_group; this->public.set_mipv6_options = (void (*) (child_cfg_t*,bool,bool))set_mipv6_options; this->public.use_ipcomp = (bool (*) (child_cfg_t *))use_ipcomp; + this->public.get_inactivity = (u_int32_t (*) (child_cfg_t *))get_inactivity; this->public.use_proxy_mode = (bool (*) (child_cfg_t *))use_proxy_mode; this->public.install_policy = (bool (*) (child_cfg_t *))install_policy; this->public.get_ref = (child_cfg_t* (*) (child_cfg_t*))get_ref; @@ -523,6 +538,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, this->dpd_action = dpd_action; this->close_action = close_action; this->use_ipcomp = ipcomp; + this->inactivity = inactivity; this->proxy_mode = FALSE; this->install_policy = TRUE; this->refcount = 1; diff --git a/src/charon/config/child_cfg.h b/src/charon/config/child_cfg.h index f98170d69..c6186ea36 100644 --- a/src/charon/config/child_cfg.h +++ b/src/charon/config/child_cfg.h @@ -232,6 +232,13 @@ struct child_cfg_t { bool (*use_ipcomp)(child_cfg_t *this); /** + * Get the inactivity timeout value. + * + * @return inactivity timeout in s + */ + u_int32_t (*get_inactivity)(child_cfg_t *this); + + /** * Sets two options needed for Mobile IPv6 interoperability * * @param proxy_mode use IPsec transport proxy mode (default FALSE) @@ -291,11 +298,13 @@ struct child_cfg_t { * @param dpd_action DPD action * @param close_action close action * @param ipcomp use IPComp, if peer supports it + * @param inactivity inactivity timeout in s before closing a CHILD_SA * @return child_cfg_t object */ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, char *updown, bool hostaccess, ipsec_mode_t mode, action_t dpd_action, - action_t close_action, bool ipcomp); + action_t close_action, bool ipcomp, + u_int32_t inactivity); #endif /** CHILD_CFG_H_ @}*/ diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/charon/plugins/load_tester/load_tester_config.c index ae3fa8ffa..82f408d45 100644 --- a/src/charon/plugins/load_tester/load_tester_config.c +++ b/src/charon/plugins/load_tester/load_tester_config.c @@ -210,7 +210,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) } child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, - MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); + MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE, 0); proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); child_cfg->add_proposal(child_cfg, proposal); ts = traffic_selector_create_dynamic(0, 0, 65535); diff --git a/src/charon/plugins/medcli/medcli_config.c b/src/charon/plugins/medcli/medcli_config.c index 6f2cd094e..2e49ebbf7 100644 --- a/src/charon/plugins/medcli/medcli_config.c +++ b/src/charon/plugins/medcli/medcli_config.c @@ -181,7 +181,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, - MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); + MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); @@ -259,7 +259,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) this->current->add_auth_cfg(this->current, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, - ACTION_NONE, ACTION_NONE, FALSE); + ACTION_NONE, ACTION_NONE, FALSE, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net)); diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index 04c7b2b12..3cc086764 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -443,7 +443,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, child_cfg = child_cfg_create(priv->name, &lifetime, NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ - ACTION_NONE, ACTION_NONE, ipcomp); + ACTION_NONE, ACTION_NONE, ipcomp, 0); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); diff --git a/src/charon/plugins/sql/sql_config.c b/src/charon/plugins/sql/sql_config.c index 7c76c572d..afee0896c 100644 --- a/src/charon/plugins/sql/sql_config.c +++ b/src/charon/plugins/sql/sql_config.c @@ -134,7 +134,7 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter } }; child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode, - dpd, close, ipcomp); + dpd, close, ipcomp, 0); /* TODO: read proposal from db */ child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); add_traffic_selectors(this, child_cfg, id); diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c index 1f585f72b..dcfae0bdb 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/charon/plugins/stroke/stroke_config.c @@ -786,7 +786,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, child_cfg = child_cfg_create( msg->add_conn.name, &lifetime, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, - msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp); + msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp, 0); child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); diff --git a/src/charon/plugins/uci/uci_config.c b/src/charon/plugins/uci/uci_config.c index d53d05750..a6ee970ad 100644 --- a/src/charon/plugins/uci/uci_config.c +++ b/src/charon/plugins/uci/uci_config.c @@ -195,7 +195,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE); child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, - ACTION_NONE, ACTION_NONE, FALSE); + ACTION_NONE, ACTION_NONE, FALSE, 0); child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net)); diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c index 04f8cc89a..3f002f263 100644 --- a/src/charon/sa/tasks/child_create.c +++ b/src/charon/sa/tasks/child_create.c @@ -251,19 +251,19 @@ static bool allocate_spi(private_child_create_t *this) /** * Schedule inactivity timeout for CHILD_SA with reqid, if enabled */ -static void schedule_inactivity_timeout(u_int32_t reqid) +static void schedule_inactivity_timeout(private_child_create_t *this) { - time_t timeout; + u_int32_t timeout; bool close_ike; - timeout = lib->settings->get_time(lib->settings, - "charon.inactivity_timeout", 0); + timeout = this->config->get_inactivity(this->config); if (timeout) { close_ike = lib->settings->get_bool(lib->settings, "charon.inactivity_close_ike", FALSE); - charon->scheduler->schedule_job(charon->scheduler, - (job_t*)inactivity_job_create(reqid, timeout, close_ike), timeout); + charon->scheduler->schedule_job(charon->scheduler, (job_t*) + inactivity_job_create(this->child_sa->get_reqid(this->child_sa), + timeout, close_ike), timeout); } } @@ -539,7 +539,7 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) if (!this->rekey) { /* a rekeyed SA uses the same reqid, no need for a new job */ - schedule_inactivity_timeout(this->child_sa->get_reqid(this->child_sa)); + schedule_inactivity_timeout(this); } return SUCCESS; } |