aboutsummaryrefslogtreecommitdiffstats
path: root/src/libipsec/ipsec_sa.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/libipsec/ipsec_sa.h')
-rw-r--r--src/libipsec/ipsec_sa.h14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h
index 9b77c8040..5e69f18cf 100644
--- a/src/libipsec/ipsec_sa.h
+++ b/src/libipsec/ipsec_sa.h
@@ -127,8 +127,20 @@ struct ipsec_sa_t {
void (*update_usestats)(ipsec_sa_t *this, u_int32_t bytes);
/**
+ * Expire this SA, soft or hard.
+ *
+ * A soft expire triggers a rekey, a hard expire blocks the SA and
+ * triggers a delete for the SA.
+ *
+ * @param hard TRUE for hard, FALSE for soft
+ */
+ void (*expire)(ipsec_sa_t *this, bool hard);
+
+ /**
* Check if this SA matches all given parameters
*
+ * Only matches if the SA has not yet expired.
+ *
* @param spi SPI
* @param dst destination address
* @return TRUE if this SA matches all parameters, FALSE otherwise
@@ -149,6 +161,8 @@ struct ipsec_sa_t {
/**
* Check if this SA matches all given parameters
*
+ * Only matches if the SA has not yet expired.
+ *
* @param reqid reqid
* @param inbound TRUE for inbound SA, FALSE for outbound
* @return TRUE if this SA matches all parameters, FALSE otherwise
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-20 04:03:37 +0000