<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div><span></span><br></div><div id="yui_3_16_0_1_1422440758418_76672"><span></span><br></div><div dir="ltr"><span>Hi Martin,</span></div><div id="yui_3_16_0_1_1422440758418_76744" dir="ltr"><span></span><br></div><div id="yui_3_16_0_1_1422440758418_76819" dir="ltr"><span id="yui_3_16_0_1_1422440758418_76818">Thank you for your suggestion and reference.</span></div><div id="yui_3_16_0_1_1422440758418_76820" dir="ltr"><span></span><br></div><div id="yui_3_16_0_1_1422440758418_76821" dir="ltr"><span>Regards,</span></div><div id="yui_3_16_0_1_1422440758418_76822" dir="ltr"><span>Chinmaya</span></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"> <font face="Arial" size="2"> On Wednesday, January 28, 2015 4:36 PM, Martin Willi <martin@strongswan.org> wrote:<br> </font> </div>  <br><br> <div class="y_msg_container">Hi,<br clear="none"><br clear="none">> Since I have bypassed the kernel , Can I do the followings in install<br clear="none">> function (defined in child_sa.c) for rekeying of Child SA ? <br clear="none">       <br clear="none">> job = (job_t*)rekey_child_sa_job_create(this->reqid,proto_ike2ip(this->protocol), spi);<br clear="none">> lib->scheduler->schedule_job(lib->scheduler, job,soft_add_expires_seconds * 1000);<br clear="none"><br clear="none">If your IPsec backend does not raise expire events, you can use the<br clear="none">scheduler to trigger them. However, you shouldn't directly queue the<br clear="none">jobs, but instead call the expire() handler on the kernel interface,<br clear="none">which does all that for you.<br clear="none"><br clear="none">For a clean code separation, that code should go to your custom kernel<br clear="none">backend, not the CHILD_SA. The kernel-wfp backend for example uses the<br clear="none">scheduler to trigger expire events, refer to [1] for the implementation<br clear="none">details.<br clear="none"><br clear="none">Regards<br clear="none">Martin<div class="yqt6610336827" id="yqtfd36981"><br clear="none"><br clear="none">[1]</div><a href="http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c;h=39e37b1c;hb=HEAD#l2085" target="_blank" shape="rect">http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c;h=39e37b1c;hb=HEAD#l2085</a><div class="yqt6610336827" id="yqtfd67242"><br clear="none"><br clear="none"></div><br><br></div>  </div> </div>  </div> </div></body></html>