diff options
Diffstat (limited to 'src/libcharon/sa/ike_sa.h')
| -rw-r--r-- | src/libcharon/sa/ike_sa.h | 48 |
1 files changed, 31 insertions, 17 deletions
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 836360e3c..6f5040d7c 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -1,9 +1,9 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -58,12 +58,12 @@ typedef struct ike_sa_t ike_sa_t; /** * After which time rekeying should be retried if it failed, in seconds. */ -#define RETRY_INTERVAL 30 +#define RETRY_INTERVAL 15 /** * Jitter to subtract from RETRY_INTERVAL to randomize rekey retry. */ -#define RETRY_JITTER 20 +#define RETRY_JITTER 10 /** * Number of redirects allowed within REDIRECT_LOOP_DETECT_PERIOD. @@ -309,6 +309,11 @@ enum ike_sa_state_t { IKE_REKEYING, /** + * IKE_SA has been rekeyed (or is redundant) + */ + IKE_REKEYED, + + /** * IKE_SA is in progress of deletion */ IKE_DELETING, @@ -353,7 +358,7 @@ struct ike_sa_t { * * @return unique ID */ - u_int32_t (*get_unique_id) (ike_sa_t *this); + uint32_t (*get_unique_id) (ike_sa_t *this); /** * Get the state of the IKE_SA. @@ -382,7 +387,7 @@ struct ike_sa_t { * @param kind kind of requested value * @return value as integer */ - u_int32_t (*get_statistic)(ike_sa_t *this, statistic_t kind); + uint32_t (*get_statistic)(ike_sa_t *this, statistic_t kind); /** * Set statistic value of the IKE_SA. @@ -390,7 +395,7 @@ struct ike_sa_t { * @param kind kind of value to update * @param value value as integer */ - void (*set_statistic)(ike_sa_t *this, statistic_t kind, u_int32_t value); + void (*set_statistic)(ike_sa_t *this, statistic_t kind, uint32_t value); /** * Get the own host address. @@ -557,7 +562,7 @@ struct ike_sa_t { * @param initiate TRUE to set message ID for initiating * @param mid message id to set */ - void (*set_message_id)(ike_sa_t *this, bool initiate, u_int32_t mid); + void (*set_message_id)(ike_sa_t *this, bool initiate, uint32_t mid); /** * Add an additional address for the peer. @@ -630,14 +635,14 @@ struct ike_sa_t { * * @return number of pending updates */ - u_int32_t (*get_pending_updates)(ike_sa_t *this); + uint32_t (*get_pending_updates)(ike_sa_t *this); /** * Set the number of queued MOBIKE address updates. * * @param updates number of pending updates */ - void (*set_pending_updates)(ike_sa_t *this, u_int32_t updates); + void (*set_pending_updates)(ike_sa_t *this, uint32_t updates); #ifdef ME /** @@ -752,7 +757,7 @@ struct ike_sa_t { * - DESTROY_ME if initialization failed */ status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg, - u_int32_t reqid, traffic_selector_t *tsi, + uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr); /** @@ -850,7 +855,7 @@ struct ike_sa_t { * - SUCCESS * - NOT_FOUND if request doesn't have to be retransmited */ - status_t (*retransmit) (ike_sa_t *this, u_int32_t message_id); + status_t (*retransmit) (ike_sa_t *this, uint32_t message_id); /** * Sends a DPD request to the peer. @@ -924,7 +929,7 @@ struct ike_sa_t { * @return child_sa, or NULL if none found */ child_sa_t* (*get_child_sa) (ike_sa_t *this, protocol_id_t protocol, - u_int32_t spi, bool inbound); + uint32_t spi, bool inbound); /** * Get the number of CHILD_SAs. @@ -958,7 +963,7 @@ struct ike_sa_t { * - NOT_FOUND, if IKE_SA has no such CHILD_SA * - SUCCESS, if rekeying initiated */ - status_t (*rekey_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi); + status_t (*rekey_child_sa) (ike_sa_t *this, protocol_id_t protocol, uint32_t spi); /** * Close the CHILD SA with the specified protocol/SPI. @@ -975,7 +980,7 @@ struct ike_sa_t { * - SUCCESS, if delete message sent */ status_t (*delete_child_sa)(ike_sa_t *this, protocol_id_t protocol, - u_int32_t spi, bool expired); + uint32_t spi, bool expired); /** * Destroy a CHILD SA with the specified protocol/SPI. @@ -988,7 +993,7 @@ struct ike_sa_t { * - NOT_FOUND, if IKE_SA has no such CHILD_SA * - SUCCESS */ - status_t (*destroy_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi); + status_t (*destroy_child_sa) (ike_sa_t *this, protocol_id_t protocol, uint32_t spi); /** * Rekey the IKE_SA. @@ -1028,7 +1033,7 @@ struct ike_sa_t { * @param lifetime lifetime in seconds * @return DESTROY_ME to destroy the IKE_SA */ - status_t (*set_auth_lifetime)(ike_sa_t *this, u_int32_t lifetime); + status_t (*set_auth_lifetime)(ike_sa_t *this, uint32_t lifetime); /** * Add a virtual IP to use for this IKE_SA and its children. @@ -1119,6 +1124,15 @@ struct ike_sa_t { void (*queue_task)(ike_sa_t *this, task_t *task); /** + * Queue a task in the manager, but delay its initiation for at least the + * given number of seconds. + * + * @param task task to queue + * @param delay minimum delay in s before initiating the task + */ + void (*queue_task_delayed)(ike_sa_t *this, task_t *task, uint32_t delay); + + /** * Inherit required attributes to new SA before rekeying. * * Some properties of the SA must be applied before starting IKE_SA |