svn commit: r189406 - head/sys/netipsec
VANHULLEBUS Yvan
vanhu at FreeBSD.org
Thu Mar 5 08:22:33 PST 2009
Author: vanhu
Date: Thu Mar 5 16:22:32 2009
New Revision: 189406
URL: http://svn.freebsd.org/changeset/base/189406
Log:
SAs are valid (but dying) when they reached soft lifetime,
even if they have never been used.
Approved by: gnn(mentor)
MFC after: 2 weeks
Modified:
head/sys/netipsec/key.c
Modified: head/sys/netipsec/key.c
==============================================================================
--- head/sys/netipsec/key.c Thu Mar 5 16:15:07 2009 (r189405)
+++ head/sys/netipsec/key.c Thu Mar 5 16:22:32 2009 (r189406)
@@ -4154,22 +4154,15 @@ key_flush_sad(time_t now)
/* check SOFT lifetime */
if (sav->lft_s->addtime != 0 &&
now - sav->created > sav->lft_s->addtime) {
- /*
- * check SA to be used whether or not.
- * when SA hasn't been used, delete it.
+ key_sa_chgstate(sav, SADB_SASTATE_DYING);
+ /* Actually, only send expire message if SA has been used, as it
+ * was done before, but should we always send such message, and let IKE
+ * daemon decide if it should be renegociated or not ?
+ * XXX expire message will actually NOT be sent if SA is only used
+ * after soft lifetime has been reached, see below (DYING state)
*/
- if (sav->lft_c->usetime == 0) {
- key_sa_chgstate(sav, SADB_SASTATE_DEAD);
- KEY_FREESAV(&sav);
- } else {
- key_sa_chgstate(sav, SADB_SASTATE_DYING);
- /*
- * XXX If we keep to send expire
- * message in the status of
- * DYING. Do remove below code.
- */
+ if (sav->lft_c->usetime != 0)
key_expire(sav);
- }
}
/* check SOFT lifetime by bytes */
/*
More information about the svn-src-head
mailing list