src - OpenBSD base system

diff options


context:
space:
mode:

author	Niklas Hallqvist <niklas@cvs.openbsd.org>	1999-03-24 17:00:48 +0000
committer	Niklas Hallqvist <niklas@cvs.openbsd.org>	1999-03-24 17:00:48 +0000
commit	b80bafe0d8f1a9085de8d083a14ff60715858dba (patch)
tree	b6137a507e85d0e7ba52a5690e0d70db514efad3 /sys
parent	c9431262f61a02240623605f326aa66eb0668b65 (diff)

Implement lifetime expiration notifications. Fix some typos. Remove statics.

Diffstat (limited to 'sys')

-rw-r--r--

sys/net/pfkeyv2.c

124

-rw-r--r--

sys/net/pfkeyv2.h

-rw-r--r--

sys/netinet/ip_ah_new.c

-rw-r--r--

sys/netinet/ip_ah_old.c

-rw-r--r--

sys/netinet/ip_esp_new.c

-rw-r--r--

sys/netinet/ip_esp_old.c

-rw-r--r--

sys/netinet/ip_ipsp.c

-rw-r--r--

sys/netinet/ip_output.c

8 files changed, 136 insertions, 98 deletions

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 53ee477b6a2..b57ff0f9903 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c

@@ -59,9 +59,7 @@ struct pfkeyv2_socket {

static struct pfkeyv2_socket *pfkeyv2_sockets = NULL;

-#if 0 /* XXX */

static uint32_t pfkeyv2_seq = 1;

-#endif

static int nregistered = 0;

static int npromisc = 0;

@@ -83,16 +81,28 @@ static struct sadb_alg aalgs[] = {

extern int pfkey_register(struct pfkey_version *version);

int pfkey_unregister(struct pfkey_version *version);

int pfkey_sendup(struct socket *socket, struct mbuf *packet, int more);

-int pfkeyv2_parsemessage(void *p, int len, void **headers);

+void export_address(void **, struct sockaddr *);

+void export_identity(void **, struct tdb *, int);

+void export_lifetime(void **, struct tdb *, int);

+void export_sa(void **, struct tdb *);

+void import_address(struct sockaddr *, struct sadb_address *);

+void import_identity(struct tdb *, struct sadb_ident *, int);

+void import_key(struct ipsecinit *, struct sadb_key *, int);

+void import_lifetime(struct tdb *, struct sadb_lifetime *, int);

+void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *);

+int pfdatatopacket(void *, int, struct mbuf **);

int pfkeyv2_acquire(void *);

-int pfkeyv2_init(void);

-int pfkeyv2_cleanup(void);

-int pfkeyv2_expire(struct tdb *);

+int pfkeyv2_create(struct socket *);

+int pfkeyv2_get(struct tdb *, void **, void **);

+int pfkeyv2_release(struct socket *);

+int pfkeyv2_send(struct socket *, void *, int);

+int pfkeyv2_sendmessage(void **, int, struct socket *, u_int8_t, int);

#define EXTLEN(x) (((struct sadb_ext *)(x))->sadb_ext_len * sizeof(uint64_t))

#define PADUP(x) (((x) + sizeof(uint64_t) - 1) & ~(sizeof(uint64_t) - 1))

-static int

+int

pfdatatopacket(void *data, int len, struct mbuf **packet)

{

if (!(*packet = m_devget(data, len, 0, NULL, NULL)))

@@ -101,7 +111,7 @@ pfdatatopacket(void *data, int len, struct mbuf **packet)

return 0;

}

-static int

+int

pfkeyv2_create(struct socket *socket)

{

struct pfkeyv2_socket *pfkeyv2_socket;

@@ -120,7 +130,7 @@ pfkeyv2_create(struct socket *socket)

return 0;

}

-static int

+int

pfkeyv2_release(struct socket *socket)

{

struct pfkeyv2_socket **pp;

@@ -148,7 +158,7 @@ pfkeyv2_release(struct socket *socket)

return 0;

}

-static void

+void

import_sa(struct tdb *tdb, struct sadb_sa *sadb_sa, struct ipsecinit *ii)

{

if (!sadb_sa)

@@ -176,7 +186,7 @@ import_sa(struct tdb *tdb, struct sadb_sa *sadb_sa, struct ipsecinit *ii)

tdb->tdb_flags |= TDBF_INVALID;

}

-static void

+void

export_sa(void **p, struct tdb *tdb)

{

struct sadb_sa *sadb_sa = (struct sadb_sa *)*p;

@@ -207,7 +217,7 @@ export_sa(void **p, struct tdb *tdb)

*p += sizeof(struct sadb_sa);

}

-static void

+void

import_lifetime(struct tdb *tdb, struct sadb_lifetime *sadb_lifetime, int type)

{

struct expiration *exp;

@@ -288,7 +298,7 @@ import_lifetime(struct tdb *tdb, struct sadb_lifetime *sadb_lifetime, int type)

}

-static void

+void

export_lifetime(void **p, struct tdb *tdb, int type)

{

struct sadb_lifetime *sadb_lifetime = (struct sadb_lifetime *)*p;

@@ -340,7 +350,7 @@ export_lifetime(void **p, struct tdb *tdb, int type)

*p += sizeof(struct sadb_lifetime);

}

-static void

+void

import_address(struct sockaddr *sa, struct sadb_address *sadb_address)

{

int salen;

@@ -370,7 +380,7 @@ import_address(struct sockaddr *sa, struct sadb_address *sadb_address)

sa->sa_len = salen;

}

-static void

+void

export_address(void **p, struct sockaddr *sa)

{

struct sadb_address *sadb_address = (struct sadb_address *)*p;

@@ -384,7 +394,7 @@ export_address(void **p, struct sockaddr *sa)

*p += PADUP(SA_LEN(sa));

}

-static void

+void

import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type)

{

if (!sadb_ident)

@@ -409,7 +419,7 @@ import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type)

}

-static void

+void

export_identity(void **p, struct tdb *tdb, int type)

{

struct sadb_ident *sadb_ident = (struct sadb_ident *)*p;

@@ -429,7 +439,7 @@ export_identity(void **p, struct tdb *tdb, int type)

}

-static void

+void

import_key(struct ipsecinit *ii, struct sadb_key *sadb_key, int type)

{

if (!sadb_key)

@@ -444,7 +454,7 @@ import_key(struct ipsecinit *ii, struct sadb_key *sadb_key, int type)

}

-static int

+int

pfkeyv2_sendmessage(void **headers, int mode, struct socket *socket,

u_int8_t satype, int count)

{

@@ -555,7 +565,7 @@ ret:

extern uint32_t sadb_exts_allowed_out[SADB_MAX+1];

extern uint32_t sadb_exts_required_out[SADB_MAX+1];

-static int

+int

pfkeyv2_get(struct tdb *sa, void **headers, void **buffer)

{

int rval, i;

@@ -646,7 +656,7 @@ struct dump_state {

};

#if 0 /* XXX Need to add a tdb_walk routine for this to work */

-static int

+int

pfkeyv2_dump_walker(struct tdb *sa, void *state)

{

struct dump_state *dump_state = (struct dump_state *)state;

@@ -670,7 +680,7 @@ pfkeyv2_dump_walker(struct tdb *sa, void *state)

}

#endif /* 0 */

-static int

+int

pfkeyv2_send(struct socket *socket, void *message, int len)

{

void *headers[SADB_EXT_MAX + 1];

@@ -1521,10 +1531,74 @@ ret:

}

int

-pfkeyv2_expire(struct tdb *sa)

+pfkeyv2_expire(struct tdb *sa, u_int16_t type)

{

- /* XXX missing */

- return 0;

+ int rval = 0;

+ int i;

+ u_int8_t satype;

+ void *p, *headers[SADB_EXT_MAX+1], *buffer;

+ switch (sa->tdb_sproto) {

+ case IPPROTO_AH:

+ satype = sa->tdb_xform->xf_type == XF_OLD_AH ? SADB_SATYPE_X_AH_OLD : SADB_SATYPE_AH;

+ break;

+ case IPPROTO_ESP:

+ satype = sa->tdb_xform->xf_type == XF_OLD_ESP ? SADB_SATYPE_X_ESP_OLD : SADB_SATYPE_ESP;

+ break;

+ case IPPROTO_IPIP:

+ satype = SADB_SATYPE_X_IPIP;

+ break;

+ default:

+ rval = EOPNOTSUPP;

+ goto ret;

+ }

+ i = sizeof(struct sadb_msg) + sizeof(struct sadb_sa) +

+ 2 * sizeof(struct sadb_lifetime) +

+ sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_src.sa)) +

+ sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_dst.sa));

+ if (!(p = malloc(i, M_TEMP, M_DONTWAIT))) {

+ rval = ENOMEM;

+ goto ret;

+ }

+ bzero(headers, sizeof(headers));

+ buffer = p;

+ bzero(p, i);

+ headers[0] = p;

+ p += sizeof(struct sadb_msg);

+ ((struct sadb_msg *)headers[0])->sadb_msg_version = PF_KEY_V2;

+ ((struct sadb_msg *)headers[0])->sadb_msg_type = SADB_EXPIRE;

+ ((struct sadb_msg *)headers[0])->sadb_msg_satype = satype;

+ ((struct sadb_msg *)headers[0])->sadb_msg_len = i / sizeof(uint64_t);

+ ((struct sadb_msg *)headers[0])->sadb_msg_seq = pfkeyv2_seq++;

+ headers[SADB_EXT_SA] = p;

+ export_sa(&p, sa);

+ headers[SADB_EXT_LIFETIME_CURRENT] = p;

+ export_lifetime(&p, sa, 2);

+ headers[type] = p;

+ export_lifetime(&p, sa, type == SADB_EXT_LIFETIME_SOFT ? 1 : 0);

+ headers[SADB_EXT_ADDRESS_SRC] = p;

+ export_address(&p, (struct sockaddr *)&sa->tdb_src);

+ headers[SADB_EXT_ADDRESS_DST] = p;

+ export_address(&p, (struct sockaddr *)&sa->tdb_dst);

+ if ((rval = pfkeyv2_sendmessage(headers, PFKEYV2_SENDMESSAGE_BROADCAST,

+ NULL, 0, 0))!= 0)

+ goto ret;

+ rval = 0;

+ret:

+ return rval;

}

int

diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 31f68a9ec86..6945f81951e 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h

@@ -230,7 +230,7 @@ struct sadb_protocol {

#define SADB_SAFLAGS_X_HALFIV 0x02 /* Used for ESP-old */

#define SADB_SAFLAGS_X_TUNNEL 0x04 /* Force tunneling */

#define SADB_SAFLAGS_X_CHAINDEL 0x08 /* Delete whole SA chain */

-#define SADB_SAFLAGS_X_LOCALFLOW 0x10 /* Delete whole SA chain */

+#define SADB_SAFLAGS_X_LOCALFLOW 0x10 /* Add flow with 0.0.0.0 as src */

#define SADB_IDENTTYPE_RESERVED 0

#define SADB_IDENTTYPE_PREFIX 1

@@ -241,9 +241,12 @@ struct sadb_protocol {

#define SADB_KEY_FLAGS_MAX 0

-#ifdef KERNEL

+#ifdef _KERNEL

+struct tdb;

int pfkeyv2_init(void);

int pfkeyv2_cleanup(void);

-int pfkeyv2_parsemessage(void *p, int len, void **headers);

-#endif /* KERNEL */

+int pfkeyv2_parsemessage(void *, int, void **);

+int pfkeyv2_expire(struct tdb *, u_int16_t);

+#endif /* _KERNEL */

#endif /* _NET_PFKEY_V2_H */

diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c
index cdb781deb56..c3531efeea1 100644
--- a/sys/netinet/ip_ah_new.c
+++ b/sys/netinet/ip_ah_new.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ah_new.c,v 1.24 1999/02/25 20:14:36 angelos Exp $ */

+/* $OpenBSD: ip_ah_new.c,v 1.25 1999/03/24 17:00:44 niklas Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

@@ -273,9 +273,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)

if ((tdb->tdb_flags & TDBF_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);

tdb_delete(tdb, 0);

m_freem(m);

return NULL;

@@ -285,9 +283,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)

if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);

tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */

}

@@ -504,9 +500,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

if ((tdb->tdb_flags & TDBF_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);

tdb_delete(tdb, 0);

m_freem(m);

return EINVAL;

@@ -516,9 +510,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);

tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */

}

diff --git a/sys/netinet/ip_ah_old.c b/sys/netinet/ip_ah_old.c
index 841d954fe8d..2bd432332f2 100644
--- a/sys/netinet/ip_ah_old.c
+++ b/sys/netinet/ip_ah_old.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ah_old.c,v 1.21 1999/02/25 20:14:38 angelos Exp $ */

+/* $OpenBSD: ip_ah_old.c,v 1.22 1999/03/24 17:00:45 niklas Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

@@ -237,9 +237,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)

if ((tdb->tdb_flags & TDBF_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);

m_freem(m);

tdb_delete(tdb, 0);

return NULL;

@@ -249,9 +247,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)

if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);

tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */

}

@@ -431,9 +427,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

if ((tdb->tdb_flags & TDBF_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);

tdb_delete(tdb, 0);

m_freem(m);

return EINVAL;

@@ -443,9 +437,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);

tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */

}

diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c
index 5147490447c..67f87eb5b9e 100644
--- a/sys/netinet/ip_esp_new.c
+++ b/sys/netinet/ip_esp_new.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_esp_new.c,v 1.39 1999/02/25 20:23:02 angelos Exp $ */

+/* $OpenBSD: ip_esp_new.c,v 1.40 1999/03/24 17:00:45 niklas Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

@@ -494,9 +494,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)

if ((tdb->tdb_flags & TDBF_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);

tdb_delete(tdb, 0);

m_freem(m);

return NULL;

@@ -506,9 +504,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)

if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);

tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */

}

@@ -836,9 +832,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

if ((tdb->tdb_flags & TDBF_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);

tdb_delete(tdb, 0);

m_freem(m);

return EINVAL;

@@ -848,9 +842,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);

tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */

}

diff --git a/sys/netinet/ip_esp_old.c b/sys/netinet/ip_esp_old.c
index 2c51ead6429..92639fe002a 100644
--- a/sys/netinet/ip_esp_old.c
+++ b/sys/netinet/ip_esp_old.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_esp_old.c,v 1.30 1999/02/25 20:14:41 angelos Exp $ */

+/* $OpenBSD: ip_esp_old.c,v 1.31 1999/03/24 17:00:46 niklas Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

@@ -291,9 +291,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)

if ((tdb->tdb_flags & TDBF_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);

tdb_delete(tdb, 0);

m_freem(m);

return NULL;

@@ -303,9 +301,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)

if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);

tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */

}

@@ -578,9 +574,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

if ((tdb->tdb_flags & TDBF_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);

tdb_delete(tdb, 0);

m_freem(m);

return EINVAL;

@@ -590,9 +584,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,

if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&

(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))

{

-/* XXX

- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);

tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */

}

diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index ffdeff4c5d3..21ba455bca3 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_ipsp.c,v 1.37 1999/03/04 21:51:27 deraadt Exp $ */

+/* $OpenBSD: ip_ipsp.c,v 1.38 1999/03/24 17:00:47 niklas Exp $ */

* The authors of this code are John Ioannidis (ji@tla.org),

@@ -471,9 +471,7 @@ handle_expirations(void *arg)

if ((tdb->tdb_flags & TDBF_TIMER) &&

(tdb->tdb_exp_timeout <= time.tv_sec))

{

-/* XXX

- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);

tdb_delete(tdb, 0);

continue;

}

@@ -481,9 +479,7 @@ handle_expirations(void *arg)

if ((tdb->tdb_flags & TDBF_FIRSTUSE) &&

(tdb->tdb_first_use + tdb->tdb_exp_first_use <= time.tv_sec))

{

-/* XXX

- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);

tdb_delete(tdb, 0);

continue;

}

@@ -492,9 +488,7 @@ handle_expirations(void *arg)

if ((tdb->tdb_flags & TDBF_SOFT_TIMER) &&

(tdb->tdb_soft_timeout <= time.tv_sec))

{

-/* XXX

- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);

tdb->tdb_flags &= ~TDBF_SOFT_TIMER;

}

else

@@ -502,9 +496,7 @@ handle_expirations(void *arg)

(tdb->tdb_first_use + tdb->tdb_soft_first_use <=

time.tv_sec))

{

-/* XXX

- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);

-*/

+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);

tdb->tdb_flags &= ~TDBF_SOFT_FIRSTUSE;

}

@@ -714,7 +706,9 @@ tdb_delete(struct tdb *tdbp, int delchain)

ipsec_in_use--;

}

- cleanup_expirations(&tdbp->tdb_dst, tdbp->tdb_spi, tdbp->tdb_sproto);

+ /* removal of a larval SA should not remove the mature SA's expirations */

+ if ((tdbp->tdb_flags & TDBF_INVALID) == 0)

+ cleanup_expirations(&tdbp->tdb_dst, tdbp->tdb_spi, tdbp->tdb_sproto);

if (tdbp->tdb_srcid)

FREE(tdbp->tdb_srcid, M_XDATA);

@@ -834,7 +828,7 @@ ipsp_kern(int off, char **bufp, int len)

else

i = 1;

- l += sprintf(buffer + l, "halviv");

+ l += sprintf(buffer + l, "halfiv");

}

if (tdb->tdb_flags & TDBF_PFS)

diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 288e96d6c38..311806ea3d8 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ip_output.c,v 1.42 1999/03/06 20:59:41 angelos Exp $ */

+/* $OpenBSD: ip_output.c,v 1.43 1999/03/24 17:00:47 niklas Exp $ */

/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */

@@ -86,7 +86,6 @@ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));

#endif

#ifdef IPSEC

-extern void encap_sendnotify __P((int, struct tdb *, void *));

extern int ipsec_auth_default_level;

extern int ipsec_esp_trans_default_level;

extern int ipsec_esp_network_default_level;