diff options
| -rw-r--r-- | src/charon/config/child_cfg.c | 15 | ||||
| -rw-r--r-- | src/charon/config/child_cfg.h | 60 | ||||
| -rw-r--r-- | src/charon/plugins/kernel_klips/kernel_klips_ipsec.c | 8 | ||||
| -rw-r--r-- | src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 14 | ||||
| -rw-r--r-- | src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 12 | ||||
| -rw-r--r-- | src/charon/plugins/load_tester/load_tester_config.c | 13 | ||||
| -rw-r--r-- | src/charon/plugins/medcli/medcli_config.c | 28 | ||||
| -rw-r--r-- | src/charon/plugins/nm/nm_service.c | 13 | ||||
| -rw-r--r-- | src/charon/plugins/sql/sql_config.c | 7 | ||||
| -rw-r--r-- | src/charon/plugins/stroke/stroke_config.c | 33 | ||||
| -rw-r--r-- | src/charon/plugins/uci/uci_config.c | 13 | ||||
| -rw-r--r-- | src/charon/sa/child_sa.c | 12 |
12 files changed, 104 insertions, 124 deletions
diff --git a/src/charon/config/child_cfg.c b/src/charon/config/child_cfg.c index 6cddd9280..05c47f747 100644 --- a/src/charon/config/child_cfg.c +++ b/src/charon/config/child_cfg.c @@ -99,7 +99,7 @@ struct private_child_cfg_t { /** * CHILD_SA lifetime config */ - lifetime_cfg_t *lifetime; + lifetime_cfg_t lifetime; /** * enable IPComp @@ -363,7 +363,7 @@ static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter) jitter = (jitter == UINT64_MAX) ? jitter : jitter + 1; return rekey - jitter * (random() / (RAND_MAX + 1.0)); } -#define APPLY_JITTER(l, f) l->rekey_##f = apply_jitter(l->rekey_##f, l->jitter_##f) +#define APPLY_JITTER(l) l.rekey = apply_jitter(l.rekey, l.jitter) /** * Implementation of child_cfg_t.get_lifetime. @@ -371,10 +371,10 @@ static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter) static lifetime_cfg_t *get_lifetime(private_child_cfg_t *this) { lifetime_cfg_t *lft = malloc_thing(lifetime_cfg_t); - memcpy(lft, this->lifetime, sizeof(lifetime_cfg_t)); - APPLY_JITTER(lft, time); - APPLY_JITTER(lft, bytes); - APPLY_JITTER(lft, packets); + memcpy(lft, &this->lifetime, sizeof(lifetime_cfg_t)); + APPLY_JITTER(lft->time); + APPLY_JITTER(lft->bytes); + APPLY_JITTER(lft->packets); return lft; } @@ -480,7 +480,6 @@ static void destroy(private_child_cfg_t *this) { free(this->updown); } - free(this->lifetime); free(this->name); free(this); } @@ -517,7 +516,6 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, this->public.destroy = (void (*) (child_cfg_t*))destroy; this->name = strdup(name); - this->lifetime = lifetime; this->updown = updown ? strdup(updown) : NULL; this->hostaccess = hostaccess; this->mode = mode; @@ -530,6 +528,7 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, this->proposals = linked_list_create(); this->my_ts = linked_list_create(); this->other_ts = linked_list_create(); + memcpy(&this->lifetime, lifetime, sizeof(lifetime_cfg_t)); return &this->public; } diff --git a/src/charon/config/child_cfg.h b/src/charon/config/child_cfg.h index ce6a23629..492514eae 100644 --- a/src/charon/config/child_cfg.h +++ b/src/charon/config/child_cfg.h @@ -72,57 +72,17 @@ extern enum_name_t *ipcomp_transform_names; * Set any of these values to 0 to ignore. */ struct lifetime_cfg_t { - /** Time in seconds before the CHILD_SA gets invalid. */ - u_int64_t life_time; - /** Number of bytes transmitted before the CHILD_SA gets invalid. */ - u_int64_t life_bytes; - /** Number of packets transmitted before the CHILD_SA gets invalid. */ - u_int64_t life_packets; - /** Time in seconds before the CHILD_SA gets rekeyed. */ - u_int64_t rekey_time; - /** Number of bytes transmitted before the CHILD_SA gets rekeyed. */ - u_int64_t rekey_bytes; - /** Number of packets transmitted before the CHILD_SA gets rekeyed. */ - u_int64_t rekey_packets; - /** The range of a random value subtracted from rekey_time */ - u_int64_t jitter_time; - /** The range of a random value subtracted from rekey_bytes */ - u_int64_t jitter_bytes; - /** The range of a random value subtracted from rekey_packets */ - u_int64_t jitter_packets; + struct { + /** Limit before the CHILD_SA gets invalid. */ + u_int64_t life; + /** Limit before the CHILD_SA gets rekeyed. */ + u_int64_t rekey; + /** The range of a random value subtracted from rekey. */ + u_int64_t jitter; + } time, bytes, packets; }; /** - * Helper macro to easily set all three values of a specified limit (time, - * bytes, packets). - */ -#define LIFETIME_CFG_SET(l, limit, life, rekey, jitter) do { \ - (l)->life_##limit = (life); \ - (l)->rekey_##limit = (rekey); \ - (l)->jitter_##limit = (jitter); \ -} while(0) - -/** - * Create a new lifetime_cfg_t object. - */ -static inline lifetime_cfg_t* lifetime_cfg_create() { - lifetime_cfg_t *this = malloc_thing(lifetime_cfg_t); - memset(this, 0, sizeof(lifetime_cfg_t)); - return this; -} - -/** - * Special constructor for the (currently) most common case. - */ -static inline lifetime_cfg_t* lifetime_cfg_create_time(u_int64_t life, - u_int64_t rekey, u_int64_t jitter) -{ - lifetime_cfg_t *this = lifetime_cfg_create(); - LIFETIME_CFG_SET(this, time, life, rekey, jitter); - return this; -} - -/** * A child_cfg_t defines the config template for a CHILD_SA. * * After creation, proposals and traffic selectors may be added to the config. @@ -316,9 +276,9 @@ struct child_cfg_t { * * The "name" string gets cloned. * - * The lifetime_cfg_t object gets adopted by this config. + * The lifetime_cfg_t object gets cloned. * To prevent two peers to start rekeying at the same time, a jitter may be - * specified. Rekeying of an SA starts at (rekey_xxx - random(0, jitter_xxx)). + * specified. Rekeying of an SA starts at (x.rekey - random(0, x.jitter)). * * After a call to create, a reference is obtained (refcount = 1). * diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c index 5dc08b26f..f0362c1a4 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c @@ -1844,14 +1844,14 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, /* Although KLIPS supports SADB_EXT_LIFETIME_SOFT/HARD, we handle the lifetime * of SAs manually in the plugin. Refer to the comments in receive_events() * for details. */ - if (lifetime->rekey_time) + if (lifetime->time.rekey) { - schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_SOFT, lifetime->rekey_time); + schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_SOFT, lifetime->time.rekey); } - if (lifetime->life_time) + if (lifetime->time.life) { - schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_HARD, lifetime->life_time); + schedule_expire(this, protocol, spi, reqid, EXPIRE_TYPE_HARD, lifetime->time.life); } return SUCCESS; diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 0758c9632..cdd2436c5 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -941,7 +941,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, * we are in the recursive call below */ if (ipcomp != IPCOMP_NONE && cpi != 0) { - lifetime_cfg_t lft = { 0,0,0,0,0,0,0,0,0 }; + lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}}; add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty, mode, ipcomp, 0, FALSE, inbound); @@ -971,13 +971,13 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, } sa->replay_window = (protocol == IPPROTO_COMP) ? 0 : 32; sa->reqid = reqid; - sa->lft.soft_byte_limit = XFRM_LIMIT(lifetime->rekey_bytes); - sa->lft.hard_byte_limit = XFRM_LIMIT(lifetime->life_bytes); - sa->lft.soft_packet_limit = XFRM_LIMIT(lifetime->rekey_packets); - sa->lft.hard_packet_limit = XFRM_LIMIT(lifetime->life_packets); + sa->lft.soft_byte_limit = XFRM_LIMIT(lifetime->bytes.rekey); + sa->lft.hard_byte_limit = XFRM_LIMIT(lifetime->bytes.life); + sa->lft.soft_packet_limit = XFRM_LIMIT(lifetime->packets.rekey); + sa->lft.hard_packet_limit = XFRM_LIMIT(lifetime->packets.life); /* we use lifetimes since added, not since used */ - sa->lft.soft_add_expires_seconds = lifetime->rekey_time; - sa->lft.hard_add_expires_seconds = lifetime->life_time; + sa->lft.soft_add_expires_seconds = lifetime->time.rekey; + sa->lft.hard_add_expires_seconds = lifetime->time.life; sa->lft.soft_use_expires_seconds = 0; sa->lft.hard_use_expires_seconds = 0; diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 4eff8e259..002e1bee8 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1287,18 +1287,18 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); - lft->sadb_lifetime_allocations = lifetime->rekey_packets; - lft->sadb_lifetime_bytes = lifetime->rekey_bytes; - lft->sadb_lifetime_addtime = lifetime->rekey_time; + lft->sadb_lifetime_allocations = lifetime->packets.rekey; + lft->sadb_lifetime_bytes = lifetime->bytes.rekey; + lft->sadb_lifetime_addtime = lifetime->time.rekey; lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); - lft->sadb_lifetime_allocations = lifetime->life_packets; - lft->sadb_lifetime_bytes = lifetime->life_bytes; - lft->sadb_lifetime_addtime = lifetime->life_time; + lft->sadb_lifetime_allocations = lifetime->packets.life; + lft->sadb_lifetime_bytes = lifetime->bytes.life; + lft->sadb_lifetime_addtime = lifetime->time.life; lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/charon/plugins/load_tester/load_tester_config.c index 537301c1d..aecaf624f 100644 --- a/src/charon/plugins/load_tester/load_tester_config.c +++ b/src/charon/plugins/load_tester/load_tester_config.c @@ -178,10 +178,16 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) { ike_cfg_t *ike_cfg; child_cfg_t *child_cfg; - lifetime_cfg_t *lifetime; peer_cfg_t *peer_cfg; traffic_selector_t *ts; proposal_t *proposal; + lifetime_cfg_t lifetime = { + .time = { + .life = this->child_rekey * 2, + .rekey = this->child_rekey, + .jitter = 0 + } + }; ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote); ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); @@ -203,10 +209,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) generate_auth_cfg(this, this->initiator_auth, peer_cfg, FALSE, num); } - lifetime = lifetime_cfg_create_time(this->child_rekey * 2, - this->child_rekey, 0); - - child_cfg = child_cfg_create("load-test", lifetime, NULL, TRUE, + child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); child_cfg->add_proposal(child_cfg, proposal); diff --git a/src/charon/plugins/medcli/medcli_config.c b/src/charon/plugins/medcli/medcli_config.c index d3b2e38fd..f96f61c28 100644 --- a/src/charon/plugins/medcli/medcli_config.c +++ b/src/charon/plugins/medcli/medcli_config.c @@ -99,8 +99,14 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam ike_cfg_t *ike_cfg; child_cfg_t *child_cfg; chunk_t me, other; - lifetime_cfg_t *lifetime; char *address, *local_net, *remote_net; + lifetime_cfg_t lifetime = { + .time = { + .life = this->rekey * 60 + this->rekey, + .rekey = this->rekey, + .jitter = this->rekey + } + }; /* query mediation server config: * - build ike_cfg/peer_cfg for mediation connection on-the-fly @@ -174,10 +180,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam identification_create_from_encoding(ID_KEY_ID, other)); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - lifetime = lifetime_cfg_create_time(this->rekey * 60 + this->rekey, - this->rekey, this->rekey); - - child_cfg = child_cfg_create(name, lifetime, NULL, TRUE, + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); @@ -220,8 +223,14 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) chunk_t me, other; child_cfg_t *child_cfg; auth_cfg_t *auth; - lifetime_cfg_t *lifetime; - + lifetime_cfg_t lifetime = { + .time = { + .life = this->rekey * 60 + this->rekey, + .rekey = this->rekey + .jitter = this->rekey + } + }; + DESTROY_IF(this->current); if (!this->inner->enumerate(this->inner, &name, &me, &other, &local_net, &remote_net)) @@ -249,10 +258,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) identification_create_from_encoding(ID_KEY_ID, other)); this->current->add_auth_cfg(this->current, auth, FALSE); - lifetime = lifetime_cfg_create_time(this->rekey * 60 + this->rekey, - this->rekey, this->rekey); - - child_cfg = child_cfg_create(name, lifetime, NULL, TRUE, MODE_TUNNEL, + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c index 8df65d7f9..6aa5561f1 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/charon/plugins/nm/nm_service.c @@ -218,7 +218,6 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; - lifetime_cfg_t *lifetime; traffic_selector_t *ts; ike_sa_t *ike_sa; auth_cfg_t *auth; @@ -226,6 +225,13 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, certificate_t *cert = NULL; x509_t *x509; bool agent = FALSE; + lifetime_cfg_t lifetime = { + .time = { + .life = 10800 /* 3h */, + .rekey = 10200 /* 2h50min */, + .jitter = 300 /* 5min */ + } + }; /** * Read parameters @@ -427,10 +433,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth->add(auth, AUTH_RULE_IDENTITY, gateway); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - lifetime = lifetime_cfg_create_time(10800 /* 3h */, 10200 /* 2h50min */, - 300 /* 5min */); - - child_cfg = child_cfg_create(priv->name, lifetime, + child_cfg = child_cfg_create(priv->name, &lifetime, NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ ACTION_NONE, ACTION_NONE, ipcomp); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); diff --git a/src/charon/plugins/sql/sql_config.c b/src/charon/plugins/sql/sql_config.c index 71fb378df..67b5c3b64 100644 --- a/src/charon/plugins/sql/sql_config.c +++ b/src/charon/plugins/sql/sql_config.c @@ -130,9 +130,10 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown, &hostaccess, &mode, &dpd, &close, &ipcomp)) { - lifetime_cfg_t *lft = lifetime_cfg_create_time(lifetime, rekeytime, - jitter); - child_cfg = child_cfg_create(name, lft, updown, hostaccess, mode, + lifetime_cfg_t lft = { + .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter } + }; + child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode, dpd, close, ipcomp); /* TODO: read proposal from db */ child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/charon/plugins/stroke/stroke_config.c index c76fd1622..e5c1471fc 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/charon/plugins/stroke/stroke_config.c @@ -752,8 +752,24 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, stroke_msg_t *msg) { child_cfg_t *child_cfg; - lifetime_cfg_t *lifetime; action_t dpd; + lifetime_cfg_t lifetime = { + .time = { + .life = msg->add_conn.rekey.ipsec_lifetime, + .rekey = msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin, + .jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100 + }, + .bytes = { + .life = msg->add_conn.rekey.life_bytes, + .rekey = msg->add_conn.rekey.life_bytes - msg->add_conn.rekey.margin_bytes, + .jitter = msg->add_conn.rekey.margin_bytes * msg->add_conn.rekey.fuzz / 100 + }, + .packets = { + .life = msg->add_conn.rekey.life_packets, + .rekey = msg->add_conn.rekey.life_packets - msg->add_conn.rekey.margin_packets, + .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100 + } + }; switch (msg->add_conn.dpd.action) { /* map startes magic values to our action type */ @@ -767,22 +783,9 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, dpd = ACTION_NONE; break; } - - lifetime = lifetime_cfg_create_time( - msg->add_conn.rekey.ipsec_lifetime, - msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin, - msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100); - LIFETIME_CFG_SET(lifetime, bytes, - msg->add_conn.rekey.life_bytes, - msg->add_conn.rekey.life_bytes - msg->add_conn.rekey.margin_bytes, - msg->add_conn.rekey.margin_bytes * msg->add_conn.rekey.fuzz / 100); - LIFETIME_CFG_SET(lifetime, packets, - msg->add_conn.rekey.life_packets, - msg->add_conn.rekey.life_packets - msg->add_conn.rekey.margin_packets, - msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100); child_cfg = child_cfg_create( - msg->add_conn.name, lifetime, + msg->add_conn.name, &lifetime, msg->add_conn.me.updown, msg->add_conn.me.hostaccess, msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp); child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, diff --git a/src/charon/plugins/uci/uci_config.c b/src/charon/plugins/uci/uci_config.c index 5c03acbd8..e2b0b294d 100644 --- a/src/charon/plugins/uci/uci_config.c +++ b/src/charon/plugins/uci/uci_config.c @@ -142,9 +142,15 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) char *local_id, *local_addr, *local_net; char *remote_id, *remote_addr, *remote_net; child_cfg_t *child_cfg; - lifetime_cfg_t *lifetime; ike_cfg_t *ike_cfg; auth_cfg_t *auth; + lifetime_cfg_t lifetime = { + .time = { + .life = create_rekey(esp_rekey) + 300, + .rekey = create_rekey(esp_rekey) + .jitter = 300 + } + }; /* defaults */ name = "unnamed"; @@ -187,9 +193,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) identification_create_from_string(remote_id)); } this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE); - lifetime = lifetime_cfg_create_time(create_rekey(esp_rekey) + 300, - create_rekey(esp_rekey), 300); - child_cfg = child_cfg_create(name, lifetime, NULL, TRUE, MODE_TUNNEL, + + child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE); child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net)); diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c index 7eee9c491..a3dfeffa5 100644 --- a/src/charon/sa/child_sa.c +++ b/src/charon/sa/child_sa.c @@ -589,18 +589,18 @@ static status_t install(private_child_sa_t *this, chunk_t encr, chunk_t integ, lifetime = this->config->get_lifetime(this->config); now = time_monotonic(NULL); - if (lifetime->rekey_time) + if (lifetime->time.rekey) { - this->rekey_time = now + lifetime->rekey_time; + this->rekey_time = now + lifetime->time.rekey; } - if (lifetime->life_time) + if (lifetime->time.life) { - this->expire_time = now + lifetime->life_time; + this->expire_time = now + lifetime->time.life; } - if (!lifetime->jitter_time && !inbound) + if (!lifetime->time.jitter && !inbound) { /* avoid triggering multiple rekey events */ - lifetime->rekey_time = 0; + lifetime->time.rekey = 0; } status = charon->kernel_interface->add_sa(charon->kernel_interface, |