diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-01-10 04:37:43 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2000-01-10 04:37:43 +0000 |
| commit | 907b9be609e1fa1832654da6335113c749cf01d1 (patch) | |
| tree | 1b7304f70b3fad8a3632e44a15d073d65e73290a /sys/netinet/ip_ipsp.c | |
| parent | 16cac8a8e5fc1fb0ab66b6556a3a202a1e023e7f (diff) | |
Only setup an expiration for embryonic SAs if
net.inet.ip.ipsec-invalid-life >=0
Diffstat (limited to 'sys/netinet/ip_ipsp.c')
| -rw-r--r-- | sys/netinet/ip_ipsp.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index a7d0d82809c..04df85da61e 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.66 2000/01/10 04:30:52 angelos Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.67 2000/01/10 04:37:42 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -500,10 +500,13 @@ reserve_spi(u_int32_t sspi, u_int32_t tspi, union sockaddr_union *src, puttdb(tdbp); /* Setup a "silent" expiration (since TDBF_INVALID's set) */ - tdbp->tdb_flags |= TDBF_TIMER; - tdbp->tdb_exp_timeout = time.tv_sec + ipsec_keep_invalid; - tdb_expiration(tdbp, TDBEXP_EARLY | TDBEXP_TIMEOUT); - + if (ipsec_keep_invalid > 0) + { + tdbp->tdb_flags |= TDBF_TIMER; + tdbp->tdb_exp_timeout = time.tv_sec + ipsec_keep_invalid; + tdb_expiration(tdbp, TDBEXP_EARLY | TDBEXP_TIMEOUT); + } + return spi; } |