Attachment #156880 for bug #200282




	const struct sadb_msghdr *);
static int key_register(struct socket *, struct mbuf *,
	const struct sadb_msghdr *);
static int key_expire(struct secasvar *, int);
static int key_flush(struct socket *, struct mbuf *,
	const struct sadb_msghdr *);
static int key_dump(struct socket *, struct mbuf *,

				continue;
			}

			/* check HARD lifetime */
			if ((sav->lft_h->addtime != 0 &&
			    now - sav->created > sav->lft_h->addtime) ||
			    (sav->lft_h->bytes != 0 &&
			    sav->lft_h->bytes < sav->lft_c->bytes)) {
				/*
				 * RFC 2367:
				 * HARD lifetimes MUST take precedence over
				 * SOFT lifetimes, meaning if the HARD and
				 * SOFT lifetimes are the same, the HARD
				 * lifetime will appear on the EXPIRE message.
				 */
				key_sa_chgstate(sav, SADB_SASTATE_DEAD);
				key_expire(sav, 1);
				KEY_FREESAV(&sav);
			}
			/* check SOFT lifetime */
			else if (sav->lft_s->addtime != 0 &&
			    now - sav->created > sav->lft_s->addtime) {
				key_sa_chgstate(sav, SADB_SASTATE_DYING);
				/* 

				 * (DYING state)
				 */
				if (sav->lft_c->usetime != 0)
					key_expire(sav, 0);
			}
			/* check SOFT lifetime by bytes */
			/*

				 * message in the status of
				 * DYING. Do remove below code.
				 */
				key_expire(sav, 0);
			}
		}



			if (sav->lft_h->addtime != 0 &&
			    now - sav->created > sav->lft_h->addtime) {
				key_expire(sav, 1);
				key_sa_chgstate(sav, SADB_SASTATE_DEAD);
				KEY_FREESAV(&sav);
			}

				 * If there is no SA then sending
				 * expire message.
				 */
				key_expire(sav, 0);
			}
#endif
			/* check HARD lifetime by bytes */
			else if (sav->lft_h->bytes != 0 &&
			    sav->lft_h->bytes < sav->lft_c->bytes) {
				key_expire(sav, 1);
				key_sa_chgstate(sav, SADB_SASTATE_DEAD);
				KEY_FREESAV(&sav);
			}

 *	others	: error number
 */
static int
key_expire(struct secasvar *sav, int hard)
{
	int satype;
	struct mbuf *result = NULL, *m;

	lt->sadb_lifetime_usetime = sav->lft_c->usetime;
	lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
	lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
	if (hard) {
		lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
		lt->sadb_lifetime_allocations = sav->lft_h->allocations;
		lt->sadb_lifetime_bytes = sav->lft_h->bytes;
		lt->sadb_lifetime_addtime = sav->lft_h->addtime;
		lt->sadb_lifetime_usetime = sav->lft_h->usetime;
	} else {
		lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
		lt->sadb_lifetime_allocations = sav->lft_s->allocations;
		lt->sadb_lifetime_bytes = sav->lft_s->bytes;
		lt->sadb_lifetime_addtime = sav->lft_s->addtime;
		lt->sadb_lifetime_usetime = sav->lft_s->usetime;
	}
	m_cat(result, m);

	/* set sadb_address for source */

Return to bug 200282

Lines 537-543 static int key_acquire2(struct socket *, struct mb Link Here

(-)head/sys/netipsec/key.c (-11 / +37 lines)
537	const struct sadb_msghdr *);	537	const struct sadb_msghdr *);
538	static int key_register(struct socket , struct mbuf ,	538	static int key_register(struct socket , struct mbuf ,
539	const struct sadb_msghdr *);	539	const struct sadb_msghdr *);
540	static int key_expire(struct secasvar *);	540	static int key_expire(struct secasvar *, int);
541	static int key_flush(struct socket , struct mbuf ,	541	static int key_flush(struct socket , struct mbuf ,
542	const struct sadb_msghdr *);	542	const struct sadb_msghdr *);
543	static int key_dump(struct socket , struct mbuf ,	543	static int key_dump(struct socket , struct mbuf ,
Lines 4243-4250 key_flush_sad(time_t now) Link Here
4243	continue;	4243	continue;
4244	}	4244	}
4245		4245
		4246	/* check HARD lifetime */
		4247	if ((sav->lft_h->addtime != 0 &&
		4248	now - sav->created > sav->lft_h->addtime) \|\|
		4249	(sav->lft_h->bytes != 0 &&
		4250	sav->lft_h->bytes < sav->lft_c->bytes)) {
		4251	/*
		4252	* RFC 2367:
		4253	* HARD lifetimes MUST take precedence over
		4254	* SOFT lifetimes, meaning if the HARD and
		4255	* SOFT lifetimes are the same, the HARD
		4256	* lifetime will appear on the EXPIRE message.
		4257	*/
		4258	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
		4259	key_expire(sav, 1);
		4260	KEY_FREESAV(&sav);
		4261	}
4246	/* check SOFT lifetime */	4262	/* check SOFT lifetime */
4247	if (sav->lft_s->addtime != 0 &&	4263	else if (sav->lft_s->addtime != 0 &&
4248	now - sav->created > sav->lft_s->addtime) {	4264	now - sav->created > sav->lft_s->addtime) {
4249	key_sa_chgstate(sav, SADB_SASTATE_DYING);	4265	key_sa_chgstate(sav, SADB_SASTATE_DYING);
4250	/*	4266	/*
Lines 4259-4265 key_flush_sad(time_t now) Link Here
4259	* (DYING state)	4275	* (DYING state)
4260	*/	4276	*/
4261	if (sav->lft_c->usetime != 0)	4277	if (sav->lft_c->usetime != 0)
4262	key_expire(sav);	4278	key_expire(sav, 0);
4263	}	4279	}
4264	/* check SOFT lifetime by bytes */	4280	/* check SOFT lifetime by bytes */
4265	/*	4281	/*
Lines 4276-4282 key_flush_sad(time_t now) Link Here
4276	* message in the status of	4292	* message in the status of
4277	* DYING. Do remove below code.	4293	* DYING. Do remove below code.
4278	*/	4294	*/
4279	key_expire(sav);	4295	key_expire(sav, 0);
4280	}	4296	}
4281	}	4297	}
4282		4298
Lines 4295-4300 key_flush_sad(time_t now) Link Here
4295		4311
4296	if (sav->lft_h->addtime != 0 &&	4312	if (sav->lft_h->addtime != 0 &&
4297	now - sav->created > sav->lft_h->addtime) {	4313	now - sav->created > sav->lft_h->addtime) {
		4314	key_expire(sav, 1);
4298	key_sa_chgstate(sav, SADB_SASTATE_DEAD);	4315	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4299	KEY_FREESAV(&sav);	4316	KEY_FREESAV(&sav);
4300	}	4317	}
Lines 4311-4322 key_flush_sad(time_t now) Link Here
4311	* If there is no SA then sending	4328	* If there is no SA then sending
4312	* expire message.	4329	* expire message.
4313	*/	4330	*/
4314	key_expire(sav);	4331	key_expire(sav, 0);
4315	}	4332	}
4316	#endif	4333	#endif
4317	/* check HARD lifetime by bytes */	4334	/* check HARD lifetime by bytes */
4318	else if (sav->lft_h->bytes != 0 &&	4335	else if (sav->lft_h->bytes != 0 &&
4319	sav->lft_h->bytes < sav->lft_c->bytes) {	4336	sav->lft_h->bytes < sav->lft_c->bytes) {
		4337	key_expire(sav, 1);
4320	key_sa_chgstate(sav, SADB_SASTATE_DEAD);	4338	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4321	KEY_FREESAV(&sav);	4339	KEY_FREESAV(&sav);
4322	}	4340	}
Lines 6721-6727 key_freereg(struct socket *so) Link Here
6721	* others : error number	6739	* others : error number
6722	*/	6740	*/
6723	static int	6741	static int
6724	key_expire(struct secasvar *sav)	6742	key_expire(struct secasvar *sav, int hard)
6725	{	6743	{
6726	int satype;	6744	int satype;
6727	struct mbuf result = NULL, m;	6745	struct mbuf result = NULL, m;
Lines 6779-6789 static int Link Here
6779	lt->sadb_lifetime_usetime = sav->lft_c->usetime;	6797	lt->sadb_lifetime_usetime = sav->lft_c->usetime;
6780	lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);	6798	lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
6781	lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));	6799	lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
6782	lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;	6800	if (hard) {
6783	lt->sadb_lifetime_allocations = sav->lft_s->allocations;	6801	lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
6784	lt->sadb_lifetime_bytes = sav->lft_s->bytes;	6802	lt->sadb_lifetime_allocations = sav->lft_h->allocations;
6785	lt->sadb_lifetime_addtime = sav->lft_s->addtime;	6803	lt->sadb_lifetime_bytes = sav->lft_h->bytes;
6786	lt->sadb_lifetime_usetime = sav->lft_s->usetime;	6804	lt->sadb_lifetime_addtime = sav->lft_h->addtime;
		6805	lt->sadb_lifetime_usetime = sav->lft_h->usetime;
		6806	} else {
		6807	lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
		6808	lt->sadb_lifetime_allocations = sav->lft_s->allocations;
		6809	lt->sadb_lifetime_bytes = sav->lft_s->bytes;
		6810	lt->sadb_lifetime_addtime = sav->lft_s->addtime;
		6811	lt->sadb_lifetime_usetime = sav->lft_s->usetime;
		6812	}
6787	m_cat(result, m);	6813	m_cat(result, m);
6788		6814
6789	/* set sadb_address for source */	6815	/* set sadb_address for source */