Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 23 Mar 2009 20:37:37 +0000 (UTC)
From:      VANHULLEBUS Yvan <vanhu@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
Subject:   svn commit: r190334 - in stable/7/sys: . contrib/pf dev/ath/ath_hal dev/cxgb netipsec
Message-ID:  <200903232037.n2NKbb8M021051@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: vanhu
Date: Mon Mar 23 20:37:37 2009
New Revision: 190334
URL: http://svn.freebsd.org/changeset/base/190334

Log:
  SAs are valid (but dying) when they reached soft lifetime,
  even if they have never been used.
  
  Approved by:	gnn(mentor)

Modified:
  stable/7/sys/   (props changed)
  stable/7/sys/contrib/pf/   (props changed)
  stable/7/sys/dev/ath/ath_hal/   (props changed)
  stable/7/sys/dev/cxgb/   (props changed)
  stable/7/sys/netipsec/key.c

Modified: stable/7/sys/netipsec/key.c
==============================================================================
--- stable/7/sys/netipsec/key.c	Mon Mar 23 20:29:54 2009	(r190333)
+++ stable/7/sys/netipsec/key.c	Mon Mar 23 20:37:37 2009	(r190334)
@@ -4109,22 +4109,20 @@ key_flush_sad(time_t now)
 			/* check SOFT lifetime */
 			if (sav->lft_s->addtime != 0 &&
 			    now - sav->created > sav->lft_s->addtime) {
-				/*
-				 * check SA to be used whether or not.
-				 * when SA hasn't been used, delete it.
+				key_sa_chgstate(sav, SADB_SASTATE_DYING);
+				/* 
+				 * Actually, only send expire message if
+				 * SA has been used, as it was done before,
+				 * but should we always send such message,
+				 * and let IKE daemon decide if it should be
+				 * renegotiated or not ?
+				 * XXX expire message will actually NOT be
+				 * sent if SA is only used after soft
+				 * lifetime has been reached, see below
+				 * (DYING state)
 				 */
-				if (sav->lft_c->usetime == 0) {
-					key_sa_chgstate(sav, SADB_SASTATE_DEAD);
-					KEY_FREESAV(&sav);
-				} else {
-					key_sa_chgstate(sav, SADB_SASTATE_DYING);
-					/*
-					 * XXX If we keep to send expire
-					 * message in the status of
-					 * DYING. Do remove below code.
-					 */
+				if (sav->lft_c->usetime != 0)
 					key_expire(sav);
-				}
 			}
 			/* check SOFT lifetime by bytes */
 			/*

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200903232037.n2NKbb8M021051>