diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2003-07-08 06:55:20 +1000 |
|---|---|---|
| committer | David S. Miller <davem@nuts.ninka.net> | 2003-07-08 06:55:20 +1000 |
| commit | e3e5d274657342c7b195b1fb9086ef85018854ac (patch) | |
| tree | ed592989e40a62714e0a9ae7cefde29af2abeb5a /include/linux | |
| parent | 62859d8263638edaf58d7828206e69c2476af89f (diff) | |
[IPSEC] Add policy expiration
This patch finally adds policy expiration.
Note that it resends soft policy expire messages every 30 seconds. This
is needed as when "soft use expire" is used for dead peer detection,
a lost message could lead to a dead peer that isn't discovered until the
SAs expire.
I've only implemented notification for XFRM as I didn't want to just add
another PFKEY extension in case it collides with something else. Of
course it could be easily done for PFKEY with an extension too.
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/xfrm.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h index 45de6f510fc2..d660c5f97c58 100644 --- a/include/linux/xfrm.h +++ b/include/linux/xfrm.h @@ -119,7 +119,9 @@ enum #define XFRM_MSG_UPDPOLICY (XFRM_MSG_BASE + 9) #define XFRM_MSG_UPDSA (XFRM_MSG_BASE + 10) -#define XFRM_MSG_MAX (XFRM_MSG_UPDSA+1) +#define XFRM_MSG_POLEXPIRE (XFRM_MSG_BASE + 11) + +#define XFRM_MSG_MAX (XFRM_MSG_POLEXPIRE+1) struct xfrm_user_tmpl { struct xfrm_id id; @@ -217,6 +219,11 @@ struct xfrm_user_expire { __u8 hard; }; +struct xfrm_user_polexpire { + struct xfrm_userpolicy_info pol; + __u8 hard; +}; + #define XFRMGRP_ACQUIRE 1 #define XFRMGRP_EXPIRE 2 |