summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pfkeyv2.c124
-rw-r--r--sys/net/pfkeyv2.h11
-rw-r--r--sys/netinet/ip_ah_new.c18
-rw-r--r--sys/netinet/ip_ah_old.c18
-rw-r--r--sys/netinet/ip_esp_new.c18
-rw-r--r--sys/netinet/ip_esp_old.c18
-rw-r--r--sys/netinet/ip_ipsp.c24
-rw-r--r--sys/netinet/ip_output.c3
8 files changed, 136 insertions, 98 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 53ee477b6a2..b57ff0f9903 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -59,9 +59,7 @@ struct pfkeyv2_socket {
static struct pfkeyv2_socket *pfkeyv2_sockets = NULL;
-#if 0 /* XXX */
static uint32_t pfkeyv2_seq = 1;
-#endif
static int nregistered = 0;
static int npromisc = 0;
@@ -83,16 +81,28 @@ static struct sadb_alg aalgs[] = {
extern int pfkey_register(struct pfkey_version *version);
int pfkey_unregister(struct pfkey_version *version);
int pfkey_sendup(struct socket *socket, struct mbuf *packet, int more);
-int pfkeyv2_parsemessage(void *p, int len, void **headers);
+
+void export_address(void **, struct sockaddr *);
+void export_identity(void **, struct tdb *, int);
+void export_lifetime(void **, struct tdb *, int);
+void export_sa(void **, struct tdb *);
+void import_address(struct sockaddr *, struct sadb_address *);
+void import_identity(struct tdb *, struct sadb_ident *, int);
+void import_key(struct ipsecinit *, struct sadb_key *, int);
+void import_lifetime(struct tdb *, struct sadb_lifetime *, int);
+void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *);
+int pfdatatopacket(void *, int, struct mbuf **);
int pfkeyv2_acquire(void *);
-int pfkeyv2_init(void);
-int pfkeyv2_cleanup(void);
-int pfkeyv2_expire(struct tdb *);
+int pfkeyv2_create(struct socket *);
+int pfkeyv2_get(struct tdb *, void **, void **);
+int pfkeyv2_release(struct socket *);
+int pfkeyv2_send(struct socket *, void *, int);
+int pfkeyv2_sendmessage(void **, int, struct socket *, u_int8_t, int);
#define EXTLEN(x) (((struct sadb_ext *)(x))->sadb_ext_len * sizeof(uint64_t))
#define PADUP(x) (((x) + sizeof(uint64_t) - 1) & ~(sizeof(uint64_t) - 1))
-static int
+int
pfdatatopacket(void *data, int len, struct mbuf **packet)
{
if (!(*packet = m_devget(data, len, 0, NULL, NULL)))
@@ -101,7 +111,7 @@ pfdatatopacket(void *data, int len, struct mbuf **packet)
return 0;
}
-static int
+int
pfkeyv2_create(struct socket *socket)
{
struct pfkeyv2_socket *pfkeyv2_socket;
@@ -120,7 +130,7 @@ pfkeyv2_create(struct socket *socket)
return 0;
}
-static int
+int
pfkeyv2_release(struct socket *socket)
{
struct pfkeyv2_socket **pp;
@@ -148,7 +158,7 @@ pfkeyv2_release(struct socket *socket)
return 0;
}
-static void
+void
import_sa(struct tdb *tdb, struct sadb_sa *sadb_sa, struct ipsecinit *ii)
{
if (!sadb_sa)
@@ -176,7 +186,7 @@ import_sa(struct tdb *tdb, struct sadb_sa *sadb_sa, struct ipsecinit *ii)
tdb->tdb_flags |= TDBF_INVALID;
}
-static void
+void
export_sa(void **p, struct tdb *tdb)
{
struct sadb_sa *sadb_sa = (struct sadb_sa *)*p;
@@ -207,7 +217,7 @@ export_sa(void **p, struct tdb *tdb)
*p += sizeof(struct sadb_sa);
}
-static void
+void
import_lifetime(struct tdb *tdb, struct sadb_lifetime *sadb_lifetime, int type)
{
struct expiration *exp;
@@ -288,7 +298,7 @@ import_lifetime(struct tdb *tdb, struct sadb_lifetime *sadb_lifetime, int type)
}
}
-static void
+void
export_lifetime(void **p, struct tdb *tdb, int type)
{
struct sadb_lifetime *sadb_lifetime = (struct sadb_lifetime *)*p;
@@ -340,7 +350,7 @@ export_lifetime(void **p, struct tdb *tdb, int type)
*p += sizeof(struct sadb_lifetime);
}
-static void
+void
import_address(struct sockaddr *sa, struct sadb_address *sadb_address)
{
int salen;
@@ -370,7 +380,7 @@ import_address(struct sockaddr *sa, struct sadb_address *sadb_address)
sa->sa_len = salen;
}
-static void
+void
export_address(void **p, struct sockaddr *sa)
{
struct sadb_address *sadb_address = (struct sadb_address *)*p;
@@ -384,7 +394,7 @@ export_address(void **p, struct sockaddr *sa)
*p += PADUP(SA_LEN(sa));
}
-static void
+void
import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type)
{
if (!sadb_ident)
@@ -409,7 +419,7 @@ import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type)
}
}
-static void
+void
export_identity(void **p, struct tdb *tdb, int type)
{
struct sadb_ident *sadb_ident = (struct sadb_ident *)*p;
@@ -429,7 +439,7 @@ export_identity(void **p, struct tdb *tdb, int type)
}
}
-static void
+void
import_key(struct ipsecinit *ii, struct sadb_key *sadb_key, int type)
{
if (!sadb_key)
@@ -444,7 +454,7 @@ import_key(struct ipsecinit *ii, struct sadb_key *sadb_key, int type)
}
}
-static int
+int
pfkeyv2_sendmessage(void **headers, int mode, struct socket *socket,
u_int8_t satype, int count)
{
@@ -555,7 +565,7 @@ ret:
extern uint32_t sadb_exts_allowed_out[SADB_MAX+1];
extern uint32_t sadb_exts_required_out[SADB_MAX+1];
-static int
+int
pfkeyv2_get(struct tdb *sa, void **headers, void **buffer)
{
int rval, i;
@@ -646,7 +656,7 @@ struct dump_state {
};
#if 0 /* XXX Need to add a tdb_walk routine for this to work */
-static int
+int
pfkeyv2_dump_walker(struct tdb *sa, void *state)
{
struct dump_state *dump_state = (struct dump_state *)state;
@@ -670,7 +680,7 @@ pfkeyv2_dump_walker(struct tdb *sa, void *state)
}
#endif /* 0 */
-static int
+int
pfkeyv2_send(struct socket *socket, void *message, int len)
{
void *headers[SADB_EXT_MAX + 1];
@@ -1521,10 +1531,74 @@ ret:
}
int
-pfkeyv2_expire(struct tdb *sa)
+pfkeyv2_expire(struct tdb *sa, u_int16_t type)
{
- /* XXX missing */
- return 0;
+ int rval = 0;
+ int i;
+ u_int8_t satype;
+ void *p, *headers[SADB_EXT_MAX+1], *buffer;
+
+ switch (sa->tdb_sproto) {
+ case IPPROTO_AH:
+ satype = sa->tdb_xform->xf_type == XF_OLD_AH ? SADB_SATYPE_X_AH_OLD : SADB_SATYPE_AH;
+ break;
+ case IPPROTO_ESP:
+ satype = sa->tdb_xform->xf_type == XF_OLD_ESP ? SADB_SATYPE_X_ESP_OLD : SADB_SATYPE_ESP;
+ break;
+ case IPPROTO_IPIP:
+ satype = SADB_SATYPE_X_IPIP;
+ break;
+ default:
+ rval = EOPNOTSUPP;
+ goto ret;
+ }
+
+ i = sizeof(struct sadb_msg) + sizeof(struct sadb_sa) +
+ 2 * sizeof(struct sadb_lifetime) +
+ sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_src.sa)) +
+ sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_dst.sa));
+
+ if (!(p = malloc(i, M_TEMP, M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ }
+
+ bzero(headers, sizeof(headers));
+
+ buffer = p;
+ bzero(p, i);
+
+ headers[0] = p;
+ p += sizeof(struct sadb_msg);
+ ((struct sadb_msg *)headers[0])->sadb_msg_version = PF_KEY_V2;
+ ((struct sadb_msg *)headers[0])->sadb_msg_type = SADB_EXPIRE;
+ ((struct sadb_msg *)headers[0])->sadb_msg_satype = satype;
+ ((struct sadb_msg *)headers[0])->sadb_msg_len = i / sizeof(uint64_t);
+ ((struct sadb_msg *)headers[0])->sadb_msg_seq = pfkeyv2_seq++;
+
+ headers[SADB_EXT_SA] = p;
+ export_sa(&p, sa);
+
+ headers[SADB_EXT_LIFETIME_CURRENT] = p;
+ export_lifetime(&p, sa, 2);
+
+ headers[type] = p;
+ export_lifetime(&p, sa, type == SADB_EXT_LIFETIME_SOFT ? 1 : 0);
+
+ headers[SADB_EXT_ADDRESS_SRC] = p;
+ export_address(&p, (struct sockaddr *)&sa->tdb_src);
+
+ headers[SADB_EXT_ADDRESS_DST] = p;
+ export_address(&p, (struct sockaddr *)&sa->tdb_dst);
+
+ if ((rval = pfkeyv2_sendmessage(headers, PFKEYV2_SENDMESSAGE_BROADCAST,
+ NULL, 0, 0))!= 0)
+ goto ret;
+
+ rval = 0;
+
+ret:
+ return rval;
}
int
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 31f68a9ec86..6945f81951e 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -230,7 +230,7 @@ struct sadb_protocol {
#define SADB_SAFLAGS_X_HALFIV 0x02 /* Used for ESP-old */
#define SADB_SAFLAGS_X_TUNNEL 0x04 /* Force tunneling */
#define SADB_SAFLAGS_X_CHAINDEL 0x08 /* Delete whole SA chain */
-#define SADB_SAFLAGS_X_LOCALFLOW 0x10 /* Delete whole SA chain */
+#define SADB_SAFLAGS_X_LOCALFLOW 0x10 /* Add flow with 0.0.0.0 as src */
#define SADB_IDENTTYPE_RESERVED 0
#define SADB_IDENTTYPE_PREFIX 1
@@ -241,9 +241,12 @@ struct sadb_protocol {
#define SADB_KEY_FLAGS_MAX 0
-#ifdef KERNEL
+#ifdef _KERNEL
+struct tdb;
+
int pfkeyv2_init(void);
int pfkeyv2_cleanup(void);
-int pfkeyv2_parsemessage(void *p, int len, void **headers);
-#endif /* KERNEL */
+int pfkeyv2_parsemessage(void *, int, void **);
+int pfkeyv2_expire(struct tdb *, u_int16_t);
+#endif /* _KERNEL */
#endif /* _NET_PFKEY_V2_H */
diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c
index cdb781deb56..c3531efeea1 100644
--- a/sys/netinet/ip_ah_new.c
+++ b/sys/netinet/ip_ah_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah_new.c,v 1.24 1999/02/25 20:14:36 angelos Exp $ */
+/* $OpenBSD: ip_ah_new.c,v 1.25 1999/03/24 17:00:44 niklas Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -273,9 +273,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
if ((tdb->tdb_flags & TDBF_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb, 0);
m_freem(m);
return NULL;
@@ -285,9 +283,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb)
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
}
@@ -504,9 +500,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if ((tdb->tdb_flags & TDBF_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb, 0);
m_freem(m);
return EINVAL;
@@ -516,9 +510,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
}
diff --git a/sys/netinet/ip_ah_old.c b/sys/netinet/ip_ah_old.c
index 841d954fe8d..2bd432332f2 100644
--- a/sys/netinet/ip_ah_old.c
+++ b/sys/netinet/ip_ah_old.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ah_old.c,v 1.21 1999/02/25 20:14:38 angelos Exp $ */
+/* $OpenBSD: ip_ah_old.c,v 1.22 1999/03/24 17:00:45 niklas Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -237,9 +237,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
if ((tdb->tdb_flags & TDBF_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
m_freem(m);
tdb_delete(tdb, 0);
return NULL;
@@ -249,9 +247,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb)
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
}
@@ -431,9 +427,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if ((tdb->tdb_flags & TDBF_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb, 0);
m_freem(m);
return EINVAL;
@@ -443,9 +437,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
}
diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c
index 5147490447c..67f87eb5b9e 100644
--- a/sys/netinet/ip_esp_new.c
+++ b/sys/netinet/ip_esp_new.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp_new.c,v 1.39 1999/02/25 20:23:02 angelos Exp $ */
+/* $OpenBSD: ip_esp_new.c,v 1.40 1999/03/24 17:00:45 niklas Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -494,9 +494,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
if ((tdb->tdb_flags & TDBF_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb, 0);
m_freem(m);
return NULL;
@@ -506,9 +504,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb)
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
}
@@ -836,9 +832,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if ((tdb->tdb_flags & TDBF_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb, 0);
m_freem(m);
return EINVAL;
@@ -848,9 +842,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
}
diff --git a/sys/netinet/ip_esp_old.c b/sys/netinet/ip_esp_old.c
index 2c51ead6429..92639fe002a 100644
--- a/sys/netinet/ip_esp_old.c
+++ b/sys/netinet/ip_esp_old.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_esp_old.c,v 1.30 1999/02/25 20:14:41 angelos Exp $ */
+/* $OpenBSD: ip_esp_old.c,v 1.31 1999/03/24 17:00:46 niklas Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -291,9 +291,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
if ((tdb->tdb_flags & TDBF_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb, 0);
m_freem(m);
return NULL;
@@ -303,9 +301,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb)
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
}
@@ -578,9 +574,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if ((tdb->tdb_flags & TDBF_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb, 0);
m_freem(m);
return EINVAL;
@@ -590,9 +584,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb,
if ((tdb->tdb_flags & TDBF_SOFT_BYTES) &&
(tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes))
{
-/* XXX
- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */
}
diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c
index ffdeff4c5d3..21ba455bca3 100644
--- a/sys/netinet/ip_ipsp.c
+++ b/sys/netinet/ip_ipsp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_ipsp.c,v 1.37 1999/03/04 21:51:27 deraadt Exp $ */
+/* $OpenBSD: ip_ipsp.c,v 1.38 1999/03/24 17:00:47 niklas Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
@@ -471,9 +471,7 @@ handle_expirations(void *arg)
if ((tdb->tdb_flags & TDBF_TIMER) &&
(tdb->tdb_exp_timeout <= time.tv_sec))
{
-/* XXX
- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb, 0);
continue;
}
@@ -481,9 +479,7 @@ handle_expirations(void *arg)
if ((tdb->tdb_flags & TDBF_FIRSTUSE) &&
(tdb->tdb_first_use + tdb->tdb_exp_first_use <= time.tv_sec))
{
-/* XXX
- encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
tdb_delete(tdb, 0);
continue;
}
@@ -492,9 +488,7 @@ handle_expirations(void *arg)
if ((tdb->tdb_flags & TDBF_SOFT_TIMER) &&
(tdb->tdb_soft_timeout <= time.tv_sec))
{
-/* XXX
- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_TIMER;
}
else
@@ -502,9 +496,7 @@ handle_expirations(void *arg)
(tdb->tdb_first_use + tdb->tdb_soft_first_use <=
time.tv_sec))
{
-/* XXX
- encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL);
-*/
+ pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT);
tdb->tdb_flags &= ~TDBF_SOFT_FIRSTUSE;
}
}
@@ -714,7 +706,9 @@ tdb_delete(struct tdb *tdbp, int delchain)
ipsec_in_use--;
}
- cleanup_expirations(&tdbp->tdb_dst, tdbp->tdb_spi, tdbp->tdb_sproto);
+ /* removal of a larval SA should not remove the mature SA's expirations */
+ if ((tdbp->tdb_flags & TDBF_INVALID) == 0)
+ cleanup_expirations(&tdbp->tdb_dst, tdbp->tdb_spi, tdbp->tdb_sproto);
if (tdbp->tdb_srcid)
FREE(tdbp->tdb_srcid, M_XDATA);
@@ -834,7 +828,7 @@ ipsp_kern(int off, char **bufp, int len)
else
i = 1;
- l += sprintf(buffer + l, "halviv");
+ l += sprintf(buffer + l, "halfiv");
}
if (tdb->tdb_flags & TDBF_PFS)
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 288e96d6c38..311806ea3d8 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_output.c,v 1.42 1999/03/06 20:59:41 angelos Exp $ */
+/* $OpenBSD: ip_output.c,v 1.43 1999/03/24 17:00:47 niklas Exp $ */
/* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */
/*
@@ -86,7 +86,6 @@ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
#endif
#ifdef IPSEC
-extern void encap_sendnotify __P((int, struct tdb *, void *));
extern int ipsec_auth_default_level;
extern int ipsec_esp_trans_default_level;
extern int ipsec_esp_network_default_level;