summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2000-12-15 06:34:55 +0000
committerNiels Provos <provos@cvs.openbsd.org>2000-12-15 06:34:55 +0000
commitbaeddd03f061221dbd8cc8ee9530709f0a5820a6 (patch)
tree99e24bbee27c16aa1eee78369cae99e9b97464b4
parent68fb1c4233a616bcb4d96afef2d345ea4752e9ac (diff)
only create new exchange on SA expires, when there has been used.
okay angelos@
-rw-r--r--sbin/isakmpd/pf_key_v2.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 62249110291..0e4b971c5a3 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.40 2000/12/12 01:46:55 niklas Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.41 2000/12/15 06:34:54 provos Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -1928,7 +1928,7 @@ pf_key_v2_expire (struct pf_key_v2_msg *pmsg)
struct sadb_sa *ssa;
struct sadb_address *dst;
struct sockaddr *dstaddr;
- struct sadb_lifetime *life;
+ struct sadb_lifetime *life, *lifecurrent;
struct sa *sa;
struct pf_key_v2_node *lifenode, *ext;
@@ -1958,6 +1958,14 @@ pf_key_v2_expire (struct pf_key_v2_msg *pmsg)
}
life = lifenode->seg;
+ lifenode = pf_key_v2_find_ext (pmsg, SADB_EXT_LIFETIME_CURRENT);
+ if (!lifenode)
+ {
+ log_print ("pf_key_v2_expire: no current lifetime extension found");
+ return;
+ }
+ lifecurrent = lifenode->seg;
+
/* XXX IPv4 specific. */
LOG_DBG ((LOG_SYSDEP, 20, "pf_key_v2_expire: %s dst %s SPI %x sproto %d",
life->sadb_lifetime_exttype == SADB_EXT_LIFETIME_SOFT ? "SOFT"
@@ -1988,9 +1996,11 @@ pf_key_v2_expire (struct pf_key_v2_msg *pmsg)
/*
* If we got a notification, try to renegotiate the SA -- unless of
* course it has already been replaced by another.
- * Also, ignore SAs that were not dynamically established.
+ * Also, ignore SAs that were not dynamically established, or that
+ * did not see any use.
*/
- if (!(sa->flags & SA_FLAG_REPLACED) && (sa->flags & SA_FLAG_ONDEMAND))
+ if (!(sa->flags & SA_FLAG_REPLACED) && (sa->flags & SA_FLAG_ONDEMAND) &&
+ lifecurrent->sadb_lifetime_bytes)
exchange_establish (sa->name, 0, 0);
if (life->sadb_lifetime_exttype == SADB_EXT_LIFETIME_HARD)