FreeBSD Bugzilla – Attachment 156874 Details for
Bug 200282
[ipsec] [patch] Send SADB_EXPIRE message to keying daemons when hard lifetimes of IPsec SAs are reached
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Send hard expires when SAs are destroyed
01-freebsd-send-hard-expire.patch (text/plain), 2.71 KB, created by
Tobias Brunner
on 2015-05-18 14:14:47 UTC
(
hide
)
Description:
Send hard expires when SAs are destroyed
Filename:
MIME Type:
Creator:
Tobias Brunner
Created:
2015-05-18 14:14:47 UTC
Size:
2.71 KB
patch
obsolete
>Index: sys/netipsec/key.c >=================================================================== >--- sys/netipsec/key.c (revision 282863) >+++ sys/netipsec/key.c (working copy) >@@ -537,7 +537,7 @@ > const struct sadb_msghdr *); > static int key_register(struct socket *, struct mbuf *, > const struct sadb_msghdr *); >-static int key_expire(struct secasvar *); >+static int key_expire(struct secasvar *, int); > static int key_flush(struct socket *, struct mbuf *, > const struct sadb_msghdr *); > static int key_dump(struct socket *, struct mbuf *, >@@ -4259,7 +4259,7 @@ > * (DYING state) > */ > if (sav->lft_c->usetime != 0) >- key_expire(sav); >+ key_expire(sav, 0); > } > /* check SOFT lifetime by bytes */ > /* >@@ -4276,7 +4276,7 @@ > * message in the status of > * DYING. Do remove below code. > */ >- key_expire(sav); >+ key_expire(sav, 0); > } > } > >@@ -4295,6 +4295,7 @@ > > if (sav->lft_h->addtime != 0 && > now - sav->created > sav->lft_h->addtime) { >+ key_expire(sav, 1); > key_sa_chgstate(sav, SADB_SASTATE_DEAD); > KEY_FREESAV(&sav); > } >@@ -4311,12 +4312,13 @@ > * If there is no SA then sending > * expire message. > */ >- key_expire(sav); >+ key_expire(sav, 0); > } > #endif > /* check HARD lifetime by bytes */ > else if (sav->lft_h->bytes != 0 && > sav->lft_h->bytes < sav->lft_c->bytes) { >+ key_expire(sav, 1); > key_sa_chgstate(sav, SADB_SASTATE_DEAD); > KEY_FREESAV(&sav); > } >@@ -6721,7 +6723,7 @@ > * others : error number > */ > static int >-key_expire(struct secasvar *sav) >+key_expire(struct secasvar *sav, int hard) > { > int satype; > struct mbuf *result = NULL, *m; >@@ -6779,11 +6781,19 @@ > lt->sadb_lifetime_usetime = sav->lft_c->usetime; > lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); > lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); >- lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; >- lt->sadb_lifetime_allocations = sav->lft_s->allocations; >- lt->sadb_lifetime_bytes = sav->lft_s->bytes; >- lt->sadb_lifetime_addtime = sav->lft_s->addtime; >- lt->sadb_lifetime_usetime = sav->lft_s->usetime; >+ if (hard) { >+ lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; >+ lt->sadb_lifetime_allocations = sav->lft_h->allocations; >+ lt->sadb_lifetime_bytes = sav->lft_h->bytes; >+ lt->sadb_lifetime_addtime = sav->lft_h->addtime; >+ lt->sadb_lifetime_usetime = sav->lft_h->usetime; >+ } else { >+ lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; >+ lt->sadb_lifetime_allocations = sav->lft_s->allocations; >+ lt->sadb_lifetime_bytes = sav->lft_s->bytes; >+ lt->sadb_lifetime_addtime = sav->lft_s->addtime; >+ lt->sadb_lifetime_usetime = sav->lft_s->usetime; >+ } > m_cat(result, m); > > /* set sadb_address for source */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=156874">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 200282
: 156874 |
156880