Raise an alert if an IKE_SA could not have been reauthenticated and expires

diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 4645bbde6b00804c0b9a1f08c943539944f98267..67673d9be409ece3e434cca5eb1356e48f605b9f 100644 (file)
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -130,6 +130,8 @@ enum alert_t {
        ALERT_VIP_FAILURE,
        /** an authorize() hook failed, no argument */
        ALERT_AUTHORIZATION_FAILED,
+       /** IKE_SA hit the hard lifetime limit before it could be rekeyed */
+       ALERT_IKE_SA_EXPIRED,
 };
 
 /**

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 45920d1cf7de0fb37fef9a28ed97a12fb18b3178..8c4dabd810443ef5c3ac1a86595063d0127f8a71 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1445,6 +1445,10 @@ METHOD(ike_sa_t, delete_, status_t,
                        }
                        /* FALL */
                case IKE_ESTABLISHED:
+                       if (time_monotonic(NULL) >= this->stats[STAT_DELETE])
+                       {       /* IKE_SA hard lifetime hit */
+                               charon->bus->alert(charon->bus, ALERT_IKE_SA_EXPIRED);
+                       }
                        this->task_manager->queue_ike_delete(this->task_manager);
                        return this->task_manager->initiate(this->task_manager);
                case IKE_CREATED: