2
* @(#) lifetime structure utilities
4
* Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
5
* and Michael Richardson <mcr@freeswan.org>
7
* This program is free software; you can redistribute it and/or modify it
8
* under the terms of the GNU General Public License as published by the
9
* Free Software Foundation; either version 2 of the License, or (at your
10
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12
* This program is distributed in the hope that it will be useful, but
13
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17
* RCSID $Id: ipsec_life.c,v 1.9.6.2 2004/05/01 04:36:05 ken Exp $
22
* This provides series of utility functions for dealing with lifetime
25
* ipsec_check_lifetime - returns -1 hard lifetime exceeded
26
* 0 soft lifetime exceeded
27
* 1 everything is okay
28
* based upon whether or not the count exceeds hard/soft
32
#define __NO_VERSION__
33
#include <linux/module.h>
34
#include <linux/config.h> /* for CONFIG_IP_FORWARD */
35
#include <linux/version.h>
36
#include <linux/kernel.h> /* printk() */
38
#include "freeswan/ipsec_param.h"
40
#include <linux/netdevice.h> /* struct device, struct net_device_stats and other headers */
41
#include <linux/etherdevice.h> /* eth_type_trans */
42
#include <linux/skbuff.h>
45
#include "freeswan/radij.h"
46
#include "freeswan/ipsec_life.h"
47
#include "freeswan/ipsec_xform.h"
48
#include "freeswan/ipsec_eroute.h"
49
#include "freeswan/ipsec_encap.h"
50
#include "freeswan/ipsec_radij.h"
52
#include "freeswan/ipsec_sa.h"
53
#include "freeswan/ipsec_tunnel.h"
54
#include "freeswan/ipsec_ipe4.h"
55
#include "freeswan/ipsec_ah.h"
56
#include "freeswan/ipsec_esp.h"
58
#ifdef CONFIG_IPSEC_IPCOMP
59
#include "freeswan/ipcomp.h"
60
#endif /* CONFIG_IPSEC_IPCOMP */
65
#include "freeswan/ipsec_proto.h"
69
ipsec_lifetime_check(struct ipsec_lifetime64 *il64,
72
enum ipsec_life_type ilt,
73
enum ipsec_direction idir,
80
saname = "unknown-SA";
83
if(idir == ipsec_incoming) {
90
if(ilt == ipsec_life_timebased) {
91
count = jiffies/HZ - il64->ipl_count;
93
count = il64->ipl_count;
97
(count > il64->ipl_hard)) {
98
KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
99
"klips_debug:ipsec_lifetime_check: "
100
"hard %s lifetime of SA:<%s%s%s> %s has been reached, SA expired, "
101
"%s packet dropped.\n",
107
pfkey_expire(ips, 1);
108
return ipsec_life_harddied;
112
(count > il64->ipl_soft)) {
113
KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
114
"klips_debug:ipsec_lifetime_check: "
115
"soft %s lifetime of SA:<%s%s%s> %s has been reached, SA expiring, "
116
"soft expire message sent up, %s packet still processed.\n",
122
if(ips->ips_state != SADB_SASTATE_DYING) {
123
pfkey_expire(ips, 0);
125
ips->ips_state = SADB_SASTATE_DYING;
127
return ipsec_life_softdied;
129
return ipsec_life_okay;
134
* This function takes a buffer (with length), a lifetime name and type,
135
* and formats a string to represent the current values of the lifetime.
137
* It returns the number of bytes that the format took (or would take,
138
* if the buffer were large enough: snprintf semantics).
139
* This is used in /proc routines and in debug output.
142
ipsec_lifetime_format(char *buffer,
145
enum ipsec_life_type timebaselife,
146
struct ipsec_lifetime64 *lifetime)
151
if(timebaselife == ipsec_life_timebased) {
152
count = jiffies/HZ - lifetime->ipl_count;
154
count = lifetime->ipl_count;
157
if(lifetime->ipl_count > 1 ||
158
lifetime->ipl_soft ||
159
lifetime->ipl_hard) {
160
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0))
161
len = ipsec_snprintf(buffer, buflen,
167
#else /* XXX high 32 bits are not displayed */
168
len = ipsec_snprintf(buffer, buflen,
171
(unsigned long)count,
172
(unsigned long)lifetime->ipl_soft,
173
(unsigned long)lifetime->ipl_hard);
181
ipsec_lifetime_update_hard(struct ipsec_lifetime64 *lifetime,
185
(!lifetime->ipl_hard ||
186
(newvalue < lifetime->ipl_hard))) {
187
lifetime->ipl_hard = newvalue;
189
if(!lifetime->ipl_soft &&
190
(lifetime->ipl_hard < lifetime->ipl_soft)) {
191
lifetime->ipl_soft = lifetime->ipl_hard;
197
ipsec_lifetime_update_soft(struct ipsec_lifetime64 *lifetime,
201
(!lifetime->ipl_soft ||
202
(newvalue < lifetime->ipl_soft))) {
203
lifetime->ipl_soft = newvalue;
205
if(lifetime->ipl_hard &&
206
(lifetime->ipl_hard < lifetime->ipl_soft)) {
207
lifetime->ipl_soft = lifetime->ipl_hard;
214
* $Log: ipsec_life.c,v $
215
* Revision 1.9.6.2 2004/05/01 04:36:05 ken
216
* Pulling minor comment change from HEAD
218
* Revision 1.9.6.1 2004/04/09 16:04:48 ken
219
* Pullin snprintf fixes from HEAD
221
* Revision 1.11 2004/04/06 02:49:26 mcr
222
* pullup of algo code from alg-branch.
224
* Revision 1.10 2004/03/30 11:03:10 paul
225
* two more occurances of snprintf, found by Sam from a users oops msg.
227
* Revision 1.9 2003/10/31 02:27:55 mcr
228
* pulled up port-selector patches and sa_id elimination.
230
* Revision 1.8.4.1 2003/10/29 01:30:41 mcr
231
* elimited "struct sa_id".
233
* Revision 1.8 2003/02/06 02:00:10 rgb
234
* Fixed incorrect debugging text label
236
* Revision 1.7 2002/05/23 07:16:26 rgb
237
* Fixed absolute/relative reference to lifetime count printout.
239
* Revision 1.6 2002/04/24 07:55:32 mcr
240
* #include patches and Makefiles for post-reorg compilation.
242
* Revision 1.5 2002/04/24 07:36:28 mcr
243
* Moved from ./klips/net/ipsec/ipsec_life.c,v
245
* Revision 1.4 2002/01/29 17:17:55 mcr
246
* moved include of ipsec_param.h to after include of linux/kernel.h
247
* otherwise, it seems that some option that is set in ipsec_param.h
248
* screws up something subtle in the include path to kernel.h, and
249
* it complains on the snprintf() prototype.
251
* Revision 1.3 2002/01/29 02:13:17 mcr
252
* introduction of ipsec_kversion.h means that include of
253
* ipsec_param.h must preceed any decisions about what files to
254
* include to deal with differences in kernel source.
256
* Revision 1.2 2001/11/26 09:16:14 rgb
257
* Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
259
* Revision 1.1.2.1 2001/09/25 02:25:57 mcr
260
* lifetime structure created and common functions created.
263
* c-file-style: "linux"