hard and soft limits for SPI's per absolute timer, relative since establish,

relative since first use timers, packet and byte counters. notify key mgmt
on soft limits. key mgmt can now specify limits. new encap messages:
EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI

1 files changed, 16 insertions, 1 deletions

diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c
index cd550282775..d012fbdeba8 100644
--- a/sys/netinet/ip_ah.c
+++ b/sys/netinet/ip_ah.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_ah.c,v 1.5 1997/06/24 12:15:19 provos Exp $	*/
+/*	$OpenBSD: ip_ah.c,v 1.6 1997/06/25 07:53:21 provos Exp $	*/
 
 /*
  * The author of this code is John Ioannidis, ji@tla.org,
@@ -123,6 +123,17 @@ ah_input(register struct mbuf *m, int iphlen)
 	return;
     }
 
+    if (tdbp->tdb_flags & TDBF_INVALID)
+    {
+#ifdef ENCDEBUG
+	if (encdebug)
+	  printf("ah_input: spi=%x is no longer/yet valid\n", ahp->ah_spi);
+#endif /* ENCDEBUG */
+	m_freem(m);
+	ahstat.ahs_invalid++;
+	return;
+    }
+
     if (tdbp->tdb_xform == NULL)
     {
 #ifdef ENCDEBUG
@@ -136,6 +147,10 @@ ah_input(register struct mbuf *m, int iphlen)
 
     m->m_pkthdr.rcvif = tdbp->tdb_rcvif;
 
+    /* Register first use */
+    if (tdbp->tdb_first_use == 0)
+      tdbp->tdb_first_use = time.tv_sec;
+
     m = (*(tdbp->tdb_xform->xf_input))(m, tdbp);
 	
     if (m == NULL)