summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/netipsec/key.c21
1 files changed, 7 insertions, 14 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index cf2a474..74d31dd 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -4154,22 +4154,15 @@ key_flush_sad(time_t now)
/* check SOFT lifetime */
if (sav->lft_s->addtime != 0 &&
now - sav->created > sav->lft_s->addtime) {
- /*
- * check SA to be used whether or not.
- * when SA hasn't been used, delete it.
+ key_sa_chgstate(sav, SADB_SASTATE_DYING);
+ /* Actually, only send expire message if SA has been used, as it
+ * was done before, but should we always send such message, and let IKE
+ * daemon decide if it should be renegociated or not ?
+ * XXX expire message will actually NOT be sent if SA is only used
+ * after soft lifetime has been reached, see below (DYING state)
*/
- if (sav->lft_c->usetime == 0) {
- key_sa_chgstate(sav, SADB_SASTATE_DEAD);
- KEY_FREESAV(&sav);
- } else {
- key_sa_chgstate(sav, SADB_SASTATE_DYING);
- /*
- * XXX If we keep to send expire
- * message in the status of
- * DYING. Do remove below code.
- */
+ if (sav->lft_c->usetime != 0)
key_expire(sav);
- }
}
/* check SOFT lifetime by bytes */
/*
OpenPOWER on IntegriCloud