aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/kernel_klips
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/plugins/kernel_klips')
-rw-r--r--src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c31
1 files changed, 10 insertions, 21 deletions
diff --git a/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c
index d21da6f9e..390d90651 100644
--- a/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -33,8 +33,6 @@
#include <threading/thread.h>
#include <threading/mutex.h>
#include <processing/jobs/callback_job.h>
-#include <processing/jobs/rekey_child_sa_job.h>
-#include <processing/jobs/delete_child_sa_job.h>
#include <processing/jobs/update_sa_job.h>
/** default timeout for generated SPIs (in seconds) */
@@ -1418,12 +1416,14 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this)
process_acquire(this, msg);
break;
case SADB_EXPIRE:
- /* SADB_EXPIRE events in KLIPS are only triggered by traffic (even for
- * the time based limits). So if there is no traffic for a longer
- * period than configured as hard limit, we wouldn't be able to rekey
- * the SA and just receive the hard expire and thus delete the SA.
- * To avoid this behavior and to make charon behave as with the other
- * kernel plugins, we implement the expiration of SAs ourselves. */
+ /* SADB_EXPIRE events in KLIPS are only triggered by traffic (even
+ * for the time based limits). So if there is no traffic for a
+ * longer period than configured as hard limit, we wouldn't be able
+ * to rekey the SA and just receive the hard expire and thus delete
+ * the SA.
+ * To avoid this behavior and to make charon behave as with the
+ * other kernel plugins, we implement the expiration of SAs
+ * ourselves. */
break;
case SADB_X_NAT_T_NEW_MAPPING:
process_mapping(this, msg);
@@ -1470,7 +1470,6 @@ static job_requeue_t sa_expires(sa_expire_t *expire)
bool hard = expire->type != EXPIRE_TYPE_SOFT;
sa_entry_t *cached_sa;
linked_list_t *list;
- job_t *job;
/* for an expired SPI we first check whether the CHILD_SA got installed
* in the meantime, for expired SAs we check whether they are still installed */
@@ -1496,18 +1495,8 @@ static job_requeue_t sa_expires(sa_expire_t *expire)
DBG2(DBG_KNL, "%N CHILD_SA with SPI %.8x and reqid {%d} expired",
protocol_id_names, protocol, ntohl(spi), reqid);
- DBG1(DBG_KNL, "creating %s job for %N CHILD_SA with SPI %.8x and reqid {%d}",
- hard ? "delete" : "rekey", protocol_id_names,
- protocol, ntohl(spi), reqid);
- if (hard)
- {
- job = (job_t*)delete_child_sa_job_create(reqid, protocol, spi);
- }
- else
- {
- job = (job_t*)rekey_child_sa_job_create(reqid, protocol, spi);
- }
- hydra->processor->queue_job(hydra->processor, job);
+ charon->kernel_interface->expire(charon->kernel_interface, reqid, protocol,
+ spi, hard);
return JOB_REQUEUE_NONE;
}