Changeset View
Changeset View
Standalone View
Standalone View
head/sys/netipsec/key.c
Show First 20 Lines • Show All 95 Lines • ▼ Show 20 Lines | |||||
#include <machine/stdarg.h> | #include <machine/stdarg.h> | ||||
/* randomness */ | /* randomness */ | ||||
#include <sys/random.h> | #include <sys/random.h> | ||||
#define FULLMASK 0xff | #define FULLMASK 0xff | ||||
#define _BITS(bytes) ((bytes) << 3) | #define _BITS(bytes) ((bytes) << 3) | ||||
#define UINT32_80PCT 0xcccccccc | |||||
/* | /* | ||||
* Note on SA reference counting: | * Note on SA reference counting: | ||||
* - SAs that are not in DEAD state will have (total external reference + 1) | * - SAs that are not in DEAD state will have (total external reference + 1) | ||||
* following value in reference count field. they cannot be freed and are | * following value in reference count field. they cannot be freed and are | ||||
* referenced from SA header. | * referenced from SA header. | ||||
* - SAs that are in DEAD state will have (total external reference) | * - SAs that are in DEAD state will have (total external reference) | ||||
* in reference count field. they are ready to be freed. reference from | * in reference count field. they are ready to be freed. reference from | ||||
* SA header will be removed in key_delsav(), when the reference count | * SA header will be removed in key_delsav(), when the reference count | ||||
▲ Show 20 Lines • Show All 4,419 Lines • ▼ Show 20 Lines | TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { | ||||
} | } | ||||
/* check SOFT lifetime (only for MATURE SAs) */ | /* check SOFT lifetime (only for MATURE SAs) */ | ||||
if (sav->state == SADB_SASTATE_MATURE && ( | if (sav->state == SADB_SASTATE_MATURE && ( | ||||
(sav->lft_s->addtime != 0 && | (sav->lft_s->addtime != 0 && | ||||
now - sav->created > sav->lft_s->addtime) || | now - sav->created > sav->lft_s->addtime) || | ||||
(sav->lft_s->usetime != 0 && sav->firstused && | (sav->lft_s->usetime != 0 && sav->firstused && | ||||
now - sav->firstused > sav->lft_s->usetime) || | now - sav->firstused > sav->lft_s->usetime) || | ||||
(sav->lft_s->bytes != 0 && counter_u64_fetch( | (sav->lft_s->bytes != 0 && counter_u64_fetch( | ||||
sav->lft_c_bytes) > sav->lft_s->bytes))) { | sav->lft_c_bytes) > sav->lft_s->bytes) || | ||||
(!(sav->flags & SADB_X_SAFLAGS_ESN) && | |||||
(sav->replay != NULL) && ( | |||||
(sav->replay->count > UINT32_80PCT) || | |||||
(sav->replay->last > UINT32_80PCT))))) { | |||||
SECASVAR_UNLOCK(sav); | SECASVAR_UNLOCK(sav); | ||||
SAV_ADDREF(sav); | SAV_ADDREF(sav); | ||||
LIST_INSERT_HEAD(&sexpireq, sav, drainq); | LIST_INSERT_HEAD(&sexpireq, sav, drainq); | ||||
continue; | continue; | ||||
} | } | ||||
SECASVAR_UNLOCK(sav); | SECASVAR_UNLOCK(sav); | ||||
} | } | ||||
} | } | ||||
▲ Show 20 Lines • Show All 4,023 Lines • Show Last 20 Lines |