Hi Martin,
Thank you for your suggestion and reference.
Regards,Chinmaya
On Wednesday, January 28, 2015 4:36 PM, Martin Willi
<[email protected]> wrote:
Hi,
> Since I have bypassed the kernel , Can I do the followings in install
> function (defined in child_sa.c) for rekeying of Child SA ?
> job =
> (job_t*)rekey_child_sa_job_create(this->reqid,proto_ike2ip(this->protocol),
> spi);
> lib->scheduler->schedule_job(lib->scheduler, job,soft_add_expires_seconds *
> 1000);
If your IPsec backend does not raise expire events, you can use the
scheduler to trigger them. However, you shouldn't directly queue the
jobs, but instead call the expire() handler on the kernel interface,
which does all that for you.
For a clean code separation, that code should go to your custom kernel
backend, not the CHILD_SA. The kernel-wfp backend for example uses the
scheduler to trigger expire events, refer to [1] for the implementation
details.
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c;h=39e37b1c;hb=HEAD#l2085
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
