From: Martin Willi <martin@revosec.ch>
Date: Wed, 13 Mar 2013 14:52:16 +0000 (+0100)
Subject: Raise an alert if an IKE_SA could not have been reauthenticated and expires
X-Git-Tag: 5.0.3rc1~52^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c45cf9048e1ccc8ca7b52c761a67adefa3994267;p=thirdparty%2Fstrongswan.git

Raise an alert if an IKE_SA could not have been reauthenticated and expires
---

diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 4645bbde6b..67673d9be4 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -130,6 +130,8 @@ enum alert_t {
 	ALERT_VIP_FAILURE,
 	/** an authorize() hook failed, no argument */
 	ALERT_AUTHORIZATION_FAILED,
+	/** IKE_SA hit the hard lifetime limit before it could be rekeyed */
+	ALERT_IKE_SA_EXPIRED,
 };
 
 /**
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 45920d1cf7..8c4dabd810 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1445,6 +1445,10 @@ METHOD(ike_sa_t, delete_, status_t,
 			}
 			/* FALL */
 		case IKE_ESTABLISHED:
+			if (time_monotonic(NULL) >= this->stats[STAT_DELETE])
+			{	/* IKE_SA hard lifetime hit */
+				charon->bus->alert(charon->bus, ALERT_IKE_SA_EXPIRED);
+			}
 			this->task_manager->queue_ike_delete(this->task_manager);
 			return this->task_manager->initiate(this->task_manager);
 		case IKE_CREATED: