freeswan/klips/net/ipsec/ipsec_life.c

   1 /*
   2  * @(#) lifetime structure utilities
   3  *
   4  * Copyright (C) 2001  Richard Guy Briggs  <rgb@freeswan.org>
   5  *                 and Michael Richardson  <mcr@freeswan.org>
   6  *
   7  * This program is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by the
   9  * Free Software Foundation; either version 2 of the License, or (at your
  10  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  11  *
  12  * This program is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  14  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  15  * for more details.
  16  *
  17  * RCSID $Id: ipsec_life.c,v 1.4 2002/01/29 17:17:55 mcr Exp $
  18  *
  19  */
  20
  21 /*
  22  * This provides series of utility functions for dealing with lifetime
  23  * structures.
  24  *
  25  * ipsec_check_lifetime - returns -1    hard lifetime exceeded
  26  *                                 0    soft lifetime exceeded
  27  *                                 1    everything is okay
  28  *                        based upon whether or not the count exceeds hard/soft
  29  *
  30  */
  31
  32 #define __NO_VERSION__
  33 #include <linux/module.h>
  34 #include <linux/config.h>       /* for CONFIG_IP_FORWARD */
  35 #include <linux/version.h>
  36 #include <linux/kernel.h> /* printk() */
  37
  38 #include "ipsec_param.h"
  39
  40 #include <linux/netdevice.h>   /* struct device, struct net_device_stats and other headers */
  41 #include <linux/etherdevice.h> /* eth_type_trans */
  42 #include <linux/skbuff.h>
  43 #include <freeswan.h>
  44
  45 #include "radij.h"
  46 #include "ipsec_life.h"
  47 #include "ipsec_xform.h"
  48 #include "ipsec_eroute.h"
  49 #include "ipsec_encap.h"
  50 #include "ipsec_radij.h"
  51
  52 #include "ipsec_netlink.h"
  53 #include "ipsec_sa.h"
  54 #include "ipsec_tunnel.h"
  55 #include "ipsec_ipe4.h"
  56 #include "ipsec_ah.h"
  57 #include "ipsec_esp.h"
  58
  59 #ifdef CONFIG_IPSEC_IPCOMP
  60 #include "ipcomp.h"
  61 #endif /* CONFIG_IPSEC_IPCOMP */
  62
  63 #include <pfkeyv2.h>
  64 #include <pfkey.h>
  65
  66 #include "ipsec_proto.h"
  67
  68
  69 enum ipsec_life_alive
  70 ipsec_lifetime_check(struct ipsec_lifetime64 *il64,
  71                      const char *lifename,
  72                      const char *saname,
  73                      enum ipsec_life_type ilt,
  74                      enum ipsec_direction idir,
  75                      struct ipsec_sa *ips)
  76 {
  77         __u64 count;
  78         const char *dir;
  79
  80         if(saname == NULL) {
  81                 saname = "unknown-SA";
  82         }
  83
  84         if(idir == ipsec_incoming) {
  85                 dir = "incoming";
  86         } else {
  87                 dir = "outgoing";
  88         }
  89
  90
  91         if(ilt == ipsec_life_timebased) {
  92                 count = jiffies/HZ - il64->ipl_count;
  93         } else {
  94                 count = il64->ipl_count;
  95         }
  96
  97         if(il64->ipl_hard &&
  98            (count > il64->ipl_hard)) {
  99                 KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
 100                             "klips_debug:ipsec_tunnel_start_xmit: "
 101                             "hard %s lifetime of SA:<%s%s%s> %s has been reached, SA expired, "
 102                             "%s packet dropped.\n",
 103                             lifename,
 104                             IPS_XFORM_NAME(ips),
 105                             saname,
 106                             dir);
 107
 108                 pfkey_expire(ips, 1);
 109                 return ipsec_life_harddied;
 110         }
 111
 112         if(il64->ipl_soft &&
 113            (count > il64->ipl_soft)) {
 114                 KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
 115                             "klips_debug:ipsec_tunnel_start_xmit: "
 116                             "soft %s lifetime of SA:<%s%s%s> %s has been reached, SA expiring, "
 117                             "soft expire message sent up, %s packet still processed.\n",
 118                             lifename,
 119                             IPS_XFORM_NAME(ips),
 120                             saname,
 121                             dir);
 122
 123                 if(ips->ips_state != SADB_SASTATE_DYING) {
 124                         pfkey_expire(ips, 0);
 125                 }
 126                 ips->ips_state = SADB_SASTATE_DYING;
 127
 128                 return ipsec_life_softdied;
 129         }
 130         return ipsec_life_okay;
 131 }
 132
 133
 134 /*
 135  * This function takes a buffer (with length), a lifetime name and type,
 136  * and formats a string to represent the current values of the lifetime.
 137  *
 138  * It returns the number of bytes that the format took.
 139  * This is used in /proc routines and in debug output.
 140  */
 141 int
 142 ipsec_lifetime_format(char *buffer,
 143                       int   buflen,
 144                       char *lifename,
 145                       enum ipsec_life_type timebaselife,
 146                       struct ipsec_lifetime64 *lifetime)
 147 {
 148         int len = 0;
 149         __u64 count;
 150
 151         if(timebaselife == ipsec_life_timebased) {
 152                 count = jiffies/HZ - lifetime->ipl_count;
 153         } else {
 154                 count = lifetime->ipl_count;
 155         }
 156
 157         if(lifetime->ipl_count > 1 ||
 158            lifetime->ipl_soft      ||
 159            lifetime->ipl_hard) {
 160 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0))
 161                 len = snprintf(buffer, buflen,
 162                                "%s(%Lu,%Lu,%Lu)",
 163                                lifename,
 164                                lifetime->ipl_count,
 165                                lifetime->ipl_soft,
 166                                lifetime->ipl_hard);
 167 #else /* XXX high 32 bits are not displayed */
 168                 len = snprintf(buffer, buflen,
 169                                 "%s(%lu,%lu,%lu)",
 170                                 lifename,
 171                                 (unsigned long)lifetime->ipl_count,
 172                                 (unsigned long)lifetime->ipl_soft,
 173                                 (unsigned long)lifetime->ipl_hard);
 174 #endif
 175         }
 176
 177         return len;
 178 }
 179
 180 void
 181 ipsec_lifetime_update_hard(struct ipsec_lifetime64 *lifetime,
 182                           __u64 newvalue)
 183 {
 184         if(newvalue &&
 185            (!lifetime->ipl_hard ||
 186             (newvalue < lifetime->ipl_hard))) {
 187                 lifetime->ipl_hard = newvalue;
 188
 189                 if(!lifetime->ipl_soft &&
 190                    (lifetime->ipl_hard < lifetime->ipl_soft)) {
 191                         lifetime->ipl_soft = lifetime->ipl_hard;
 192                 }
 193         }
 194 }
 195
 196 void
 197 ipsec_lifetime_update_soft(struct ipsec_lifetime64 *lifetime,
 198                           __u64 newvalue)
 199 {
 200         if(newvalue &&
 201            (!lifetime->ipl_soft ||
 202             (newvalue < lifetime->ipl_soft))) {
 203                 lifetime->ipl_soft = newvalue;
 204
 205                 if(lifetime->ipl_hard &&
 206                    (lifetime->ipl_hard < lifetime->ipl_soft)) {
 207                         lifetime->ipl_soft = lifetime->ipl_hard;
 208                 }
 209         }
 210 }
 211
 212
 213 /*
 214  * $Log: ipsec_life.c,v $
 215  * Revision 1.4  2002/01/29 17:17:55  mcr
 216  *      moved include of ipsec_param.h to after include of linux/kernel.h
 217  *      otherwise, it seems that some option that is set in ipsec_param.h
 218  *      screws up something subtle in the include path to kernel.h, and
 219  *      it complains on the snprintf() prototype.
 220  *
 221  * Revision 1.3  2002/01/29 02:13:17  mcr
 222  *      introduction of ipsec_kversion.h means that include of
 223  *      ipsec_param.h must preceed any decisions about what files to
 224  *      include to deal with differences in kernel source.
 225  *
 226  * Revision 1.2  2001/11/26 09:16:14  rgb
 227  * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
 228  *
 229  * Revision 1.1.2.1  2001/09/25 02:25:57  mcr
 230  *      lifetime structure created and common functions created.
 231  *
 232  * Local variables:
 233  * c-file-style: "linux"
 234  * End:
 235  *
 236  */