Date: Thu, 5 Mar 2009 16:22:32 +0000 (UTC) From: VANHULLEBUS Yvan <vanhu@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r189406 - head/sys/netipsec Message-ID: <200903051622.n25GMWee090858@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: vanhu Date: Thu Mar 5 16:22:32 2009 New Revision: 189406 URL: http://svn.freebsd.org/changeset/base/189406 Log: SAs are valid (but dying) when they reached soft lifetime, even if they have never been used. Approved by: gnn(mentor) MFC after: 2 weeks Modified: head/sys/netipsec/key.c Modified: head/sys/netipsec/key.c ============================================================================== --- head/sys/netipsec/key.c Thu Mar 5 16:15:07 2009 (r189405) +++ head/sys/netipsec/key.c Thu Mar 5 16:22:32 2009 (r189406) @@ -4154,22 +4154,15 @@ key_flush_sad(time_t now) /* check SOFT lifetime */ if (sav->lft_s->addtime != 0 && now - sav->created > sav->lft_s->addtime) { - /* - * check SA to be used whether or not. - * when SA hasn't been used, delete it. + key_sa_chgstate(sav, SADB_SASTATE_DYING); + /* Actually, only send expire message if SA has been used, as it + * was done before, but should we always send such message, and let IKE + * daemon decide if it should be renegociated or not ? + * XXX expire message will actually NOT be sent if SA is only used + * after soft lifetime has been reached, see below (DYING state) */ - if (sav->lft_c->usetime == 0) { - key_sa_chgstate(sav, SADB_SASTATE_DEAD); - KEY_FREESAV(&sav); - } else { - key_sa_chgstate(sav, SADB_SASTATE_DYING); - /* - * XXX If we keep to send expire - * message in the status of - * DYING. Do remove below code. - */ + if (sav->lft_c->usetime != 0) key_expire(sav); - } } /* check SOFT lifetime by bytes */ /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200903051622.n25GMWee090858>