View | Details | Raw Unified | Return to bug 200283
Collapse All | Expand All

(-)sys/netipsec/key.c (-13 / +1 lines)
Lines 4247-4265 Link Here
4247
			if (sav->lft_s->addtime != 0 &&
4247
			if (sav->lft_s->addtime != 0 &&
4248
			    now - sav->created > sav->lft_s->addtime) {
4248
			    now - sav->created > sav->lft_s->addtime) {
4249
				key_sa_chgstate(sav, SADB_SASTATE_DYING);
4249
				key_sa_chgstate(sav, SADB_SASTATE_DYING);
4250
				/* 
4250
				key_expire(sav, 0);
4251
				 * Actually, only send expire message if
4252
				 * SA has been used, as it was done before,
4253
				 * but should we always send such message,
4254
				 * and let IKE daemon decide if it should be
4255
				 * renegotiated or not ?
4256
				 * XXX expire message will actually NOT be
4257
				 * sent if SA is only used after soft
4258
				 * lifetime has been reached, see below
4259
				 * (DYING state)
4260
				 */
4261
				if (sav->lft_c->usetime != 0)
4262
					key_expire(sav, 0);
4263
			}
4251
			}
4264
			/* check SOFT lifetime by bytes */
4252
			/* check SOFT lifetime by bytes */
4265
			/*
4253
			/*

Return to bug 200283