Module Name: src
Committed By: drochner
Date: Wed May 18 18:36:16 UTC 2011
Modified Files:
src/sys/netipsec: key.c
Log Message:
use monotonic time rather than wall time for lifetime related timestamps,
to make key expiration robust against time changes
To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 src/sys/netipsec/key.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.68 src/sys/netipsec/key.c:1.69
--- src/sys/netipsec/key.c:1.68 Tue May 17 18:57:02 2011
+++ src/sys/netipsec/key.c Wed May 18 18:36:15 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.68 2011/05/17 18:57:02 drochner Exp $ */
+/* $NetBSD: key.c,v 1.69 2011/05/18 18:36:15 drochner Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.68 2011/05/17 18:57:02 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.69 2011/05/18 18:36:15 drochner Exp $");
/*
* This code is referd to RFC 2367
@@ -631,7 +631,7 @@
KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp");
/* found a SPD entry */
- sp->lastused = time_second;
+ sp->lastused = time_uptime;
SP_ADDREF(sp);
}
splx(s);
@@ -695,7 +695,7 @@
KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp2");
/* found a SPD entry */
- sp->lastused = time_second;
+ sp->lastused = time_uptime;
SP_ADDREF(sp);
}
splx(s);
@@ -772,7 +772,7 @@
sp = NULL;
found:
if (sp) {
- sp->lastused = time_second;
+ sp->lastused = time_uptime;
SP_ADDREF(sp);
}
splx(s);
@@ -1961,7 +1961,7 @@
}
#endif
- newsp->created = time_second;
+ newsp->created = time_uptime;
newsp->lastused = newsp->created;
newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
@@ -1975,7 +1975,7 @@
struct secspacq *spacq;
if ((spacq = key_getspacq(&spidx)) != NULL) {
/* reset counter in order to deletion by timehandler. */
- spacq->created = time_second;
+ spacq->created = time_uptime;
spacq->count = 0;
}
}
@@ -2793,8 +2793,8 @@
lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
lt->sadb_lifetime_allocations = 0;
lt->sadb_lifetime_bytes = 0;
- lt->sadb_lifetime_addtime = sp->created;
- lt->sadb_lifetime_usetime = sp->lastused;
+ lt->sadb_lifetime_addtime = sp->created + time_second - time_uptime;
+ lt->sadb_lifetime_usetime = sp->lastused + time_second - time_uptime;
lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2);
lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
@@ -3021,7 +3021,7 @@
}
/* reset created */
- newsav->created = time_second;
+ newsav->created = time_uptime;
newsav->pid = mhp->msg->sadb_msg_pid;
/* add to satree */
@@ -3366,7 +3366,7 @@
}
/* reset created */
- sav->created = time_second;
+ sav->created = time_uptime;
/* make lifetime for CURRENT */
KMALLOC(sav->lft_c, struct sadb_lifetime *,
@@ -3382,7 +3382,7 @@
sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
sav->lft_c->sadb_lifetime_allocations = 0;
sav->lft_c->sadb_lifetime_bytes = 0;
- sav->lft_c->sadb_lifetime_addtime = time_second;
+ sav->lft_c->sadb_lifetime_addtime = time_uptime;
sav->lft_c->sadb_lifetime_usetime = 0;
/* lifetimes for HARD and SOFT */
@@ -3553,6 +3553,7 @@
int l = 0;
int i;
void *p;
+ struct sadb_lifetime lt;
int dumporder[] = {
SADB_EXT_SA, SADB_X_EXT_SA2,
SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
@@ -3618,7 +3619,10 @@
if (!sav->lft_c)
continue;
l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
- p = sav->lft_c;
+ memcpy(<, sav->lft_c, sizeof(struct sadb_lifetime));
+ lt.sadb_lifetime_addtime += time_second - time_uptime;
+ lt.sadb_lifetime_usetime += time_second - time_uptime;
+ p = <
break;
case SADB_EXT_LIFETIME_HARD:
@@ -4510,7 +4514,7 @@
{
u_int dir;
int s;
- time_t now = time_second;
+ time_t now = time_uptime;
s = splsoftnet(); /*called from softclock()*/
mutex_enter(softnet_lock);
@@ -4992,7 +4996,7 @@
struct secacq *acq;
if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
/* reset counter in order to deletion by timehandler. */
- acq->created = time_second;
+ acq->created = time_uptime;
acq->count = 0;
}
}
@@ -6476,7 +6480,7 @@
/* copy secindex */
memcpy(&newacq->saidx, saidx, sizeof(newacq->saidx));
newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
- newacq->created = time_second;
+ newacq->created = time_uptime;
newacq->count = 0;
return newacq;
@@ -6524,7 +6528,7 @@
/* copy secindex */
memcpy(&acq->spidx, spidx, sizeof(acq->spidx));
- acq->created = time_second;
+ acq->created = time_uptime;
acq->count = 0;
return acq;
@@ -6598,7 +6602,7 @@
}
/* reset acq counter in order to deletion by timehander. */
- acq->created = time_second;
+ acq->created = time_uptime;
acq->count = 0;
#endif
m_freem(m);
@@ -6930,8 +6934,10 @@
lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
- lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
- lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
+ lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime
+ + time_second - time_uptime;
+ lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime
+ + time_second - time_uptime;
lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2);
memcpy(lt, sav->lft_s, sizeof(*lt));
m_cat(result, m);
@@ -7953,7 +7959,7 @@
* <--------------> HARD
* <-----> SOFT
*/
- sav->lft_c->sadb_lifetime_usetime = time_second;
+ sav->lft_c->sadb_lifetime_usetime = time_uptime;
/* XXX check for expires? */
return;
