diff options
| author | Michael Shalayeff <mickey@cvs.openbsd.org> | 2001-06-24 21:50:52 +0000 |
|---|---|---|
| committer | Michael Shalayeff <mickey@cvs.openbsd.org> | 2001-06-24 21:50:52 +0000 |
| commit | e94a96fdee652ded43a48a642b0637ded3c47e66 (patch) | |
| tree | 37433faf3446882c593fdbad04ff4775af39f53d /sys/netinet/ip_spd.c | |
| parent | c0ca3424bc3e0b405495e912c2b8ae4aacfec92f (diff) | |
use new timeouts for spd expirations; ho@ ok
Diffstat (limited to 'sys/netinet/ip_spd.c')
| -rw-r--r-- | sys/netinet/ip_spd.c | 44 |
1 files changed, 8 insertions, 36 deletions
diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index 33b697736dd..64bcc0ff6a3 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.23 2001/06/08 03:13:14 angelos Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.24 2001/06/24 21:50:51 mickey Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) @@ -8,7 +8,7 @@ * Permission to use, copy, and modify this software without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or - * modification of this software. + * modification of this software. * You may use this code under the GNU public license if you so wish. Please * contribute changes back to the authors under this freer than GPL license * so that we may further the use of strong encryption without limitations to @@ -645,8 +645,11 @@ ipsec_add_policy(struct sockaddr_encap *dst, struct sockaddr_encap *mask, * Delete a pending ACQUIRE record. */ void -ipsp_delete_acquire(struct ipsec_acquire *ipa) +ipsp_delete_acquire(void *v) { + struct ipsec_acquire *ipa = v; + + timeout_del(&ipa->ipa_timeout); TAILQ_REMOVE(&ipsec_acquire_head, ipa, ipa_next); if (ipa->ipa_packet) m_freem(ipa->ipa_packet); @@ -748,34 +751,6 @@ ipsp_clear_acquire(struct tdb *tdb) } /* - * Expire old acquire requests to key management. - */ -void -ipsp_acquire_expirations(void *arg) -{ - struct ipsec_acquire *ipa; - - for (ipa = TAILQ_FIRST(&ipsec_acquire_head); - ipa; - ipa = TAILQ_FIRST(&ipsec_acquire_head)) - { - if (ipa->ipa_expire <= time.tv_sec) - ipsp_delete_acquire(ipa); /* Delete */ - else - { - /* Schedule us for another expiration */ - timeout(ipsp_acquire_expirations, (void *) NULL, - hz * (ipa->ipa_expire - time.tv_sec)); - return; - } - } - - /* If there's no request pending, we don't need to schedule us */ - - return; -} - -/* * Find out if there's an ACQUIRE pending. * XXX Need a better structure. */ @@ -829,6 +804,7 @@ ipsp_acquire_sa(struct ipsec_policy *ipo, union sockaddr_union *gw, bzero(ipa, sizeof(struct ipsec_acquire)); bcopy(gw, &ipa->ipa_addr, sizeof(union sockaddr_union)); + timeout_set(&ipa->ipa_timeout, ipsp_delete_acquire, ipa); ipa->ipa_info.sen_len = ipa->ipa_mask.sen_len = SENT_LEN; ipa->ipa_info.sen_family = ipa->ipa_mask.sen_family = PF_KEY; @@ -941,13 +917,9 @@ ipsp_acquire_sa(struct ipsec_policy *ipo, union sockaddr_union *gw, if (m) ipa->ipa_packet = m_copym2(m, 0, M_COPYALL, M_DONTWAIT); - ipa->ipa_expire = time.tv_sec + ipsec_expire_acquire; + timeout_add(&ipa->ipa_timeout, ipsec_expire_acquire * hz); TAILQ_INSERT_TAIL(&ipsec_acquire_head, ipa, ipa_next); - if (TAILQ_FIRST(&ipsec_acquire_head) == ipa) - timeout(ipsp_acquire_expirations, (void *) NULL, - hz * (ipa->ipa_expire - time.tv_sec)); - /* PF_KEYv2 notification message */ return pfkeyv2_acquire(ipo, gw, laddr, &ipa->ipa_seq, ddst); } |