2 * @(#) lifetime structure utilities
4 * Copyright (C) 2001 Richard Guy Briggs <rgb@freeswan.org>
5 * and Michael Richardson <mcr@freeswan.org>
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * RCSID $Id: ipsec_life.c,v 1.4 2002/01/29 17:17:55 mcr Exp $
22 * This provides series of utility functions for dealing with lifetime
25 * ipsec_check_lifetime - returns -1 hard lifetime exceeded
26 * 0 soft lifetime exceeded
27 * 1 everything is okay
28 * based upon whether or not the count exceeds hard/soft
32 #define __NO_VERSION__
33 #include <linux/module.h>
34 #include <linux/config.h> /* for CONFIG_IP_FORWARD */
35 #include <linux/version.h>
36 #include <linux/kernel.h> /* printk() */
38 #include "ipsec_param.h"
40 #include <linux/netdevice.h> /* struct device, struct net_device_stats and other headers */
41 #include <linux/etherdevice.h> /* eth_type_trans */
42 #include <linux/skbuff.h>
46 #include "ipsec_life.h"
47 #include "ipsec_xform.h"
48 #include "ipsec_eroute.h"
49 #include "ipsec_encap.h"
50 #include "ipsec_radij.h"
52 #include "ipsec_netlink.h"
54 #include "ipsec_tunnel.h"
55 #include "ipsec_ipe4.h"
57 #include "ipsec_esp.h"
59 #ifdef CONFIG_IPSEC_IPCOMP
61 #endif /* CONFIG_IPSEC_IPCOMP */
66 #include "ipsec_proto.h"
70 ipsec_lifetime_check(struct ipsec_lifetime64 *il64,
73 enum ipsec_life_type ilt,
74 enum ipsec_direction idir,
81 saname = "unknown-SA";
84 if(idir == ipsec_incoming) {
91 if(ilt == ipsec_life_timebased) {
92 count = jiffies/HZ - il64->ipl_count;
94 count = il64->ipl_count;
98 (count > il64->ipl_hard)) {
99 KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
100 "klips_debug:ipsec_tunnel_start_xmit: "
101 "hard %s lifetime of SA:<%s%s%s> %s has been reached, SA expired, "
102 "%s packet dropped.\n",
108 pfkey_expire(ips, 1);
109 return ipsec_life_harddied;
113 (count > il64->ipl_soft)) {
114 KLIPS_PRINT(debug_tunnel & DB_TN_XMIT,
115 "klips_debug:ipsec_tunnel_start_xmit: "
116 "soft %s lifetime of SA:<%s%s%s> %s has been reached, SA expiring, "
117 "soft expire message sent up, %s packet still processed.\n",
123 if(ips->ips_state != SADB_SASTATE_DYING) {
124 pfkey_expire(ips, 0);
126 ips->ips_state = SADB_SASTATE_DYING;
128 return ipsec_life_softdied;
130 return ipsec_life_okay;
135 * This function takes a buffer (with length), a lifetime name and type,
136 * and formats a string to represent the current values of the lifetime.
138 * It returns the number of bytes that the format took.
139 * This is used in /proc routines and in debug output.
142 ipsec_lifetime_format(char *buffer,
145 enum ipsec_life_type timebaselife,
146 struct ipsec_lifetime64 *lifetime)
151 if(timebaselife == ipsec_life_timebased) {
152 count = jiffies/HZ - lifetime->ipl_count;
154 count = lifetime->ipl_count;
157 if(lifetime->ipl_count > 1 ||
158 lifetime->ipl_soft ||
159 lifetime->ipl_hard) {
160 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,0))
161 len = snprintf(buffer, buflen,
167 #else /* XXX high 32 bits are not displayed */
168 len = snprintf(buffer, buflen,
171 (unsigned long)lifetime->ipl_count,
172 (unsigned long)lifetime->ipl_soft,
173 (unsigned long)lifetime->ipl_hard);
181 ipsec_lifetime_update_hard(struct ipsec_lifetime64 *lifetime,
185 (!lifetime->ipl_hard ||
186 (newvalue < lifetime->ipl_hard))) {
187 lifetime->ipl_hard = newvalue;
189 if(!lifetime->ipl_soft &&
190 (lifetime->ipl_hard < lifetime->ipl_soft)) {
191 lifetime->ipl_soft = lifetime->ipl_hard;
197 ipsec_lifetime_update_soft(struct ipsec_lifetime64 *lifetime,
201 (!lifetime->ipl_soft ||
202 (newvalue < lifetime->ipl_soft))) {
203 lifetime->ipl_soft = newvalue;
205 if(lifetime->ipl_hard &&
206 (lifetime->ipl_hard < lifetime->ipl_soft)) {
207 lifetime->ipl_soft = lifetime->ipl_hard;
214 * $Log: ipsec_life.c,v $
215 * Revision 1.4 2002/01/29 17:17:55 mcr
216 * moved include of ipsec_param.h to after include of linux/kernel.h
217 * otherwise, it seems that some option that is set in ipsec_param.h
218 * screws up something subtle in the include path to kernel.h, and
219 * it complains on the snprintf() prototype.
221 * Revision 1.3 2002/01/29 02:13:17 mcr
222 * introduction of ipsec_kversion.h means that include of
223 * ipsec_param.h must preceed any decisions about what files to
224 * include to deal with differences in kernel source.
226 * Revision 1.2 2001/11/26 09:16:14 rgb
227 * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
229 * Revision 1.1.2.1 2001/09/25 02:25:57 mcr
230 * lifetime structure created and common functions created.
233 * c-file-style: "linux"