OK?
diff --git sys/net/if_bridge.c sys/net/if_bridge.c
index 637dea8..ce8d0d7 100644
--- sys/net/if_bridge.c
+++ sys/net/if_bridge.c
@@ -2181,11 +2181,10 @@ int
bridge_ipsec(struct bridge_softc *sc, struct ifnet *ifp,
struct ether_header *eh, int hassnap, struct llc *llc,
int dir, int af, int hlen, struct mbuf *m)
{
union sockaddr_union dst;
- struct timeval tv;
struct tdb *tdb;
u_int32_t spi;
u_int16_t cpi;
int error, off, s;
u_int8_t proto = 0;
@@ -2277,37 +2276,16 @@ bridge_ipsec(struct bridge_softc *sc, struct ifnet *ifp,
tdb = gettdb(ifp->if_rdomain, spi, &dst, proto);
if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 &&
tdb->tdb_xform != NULL) {
if (tdb->tdb_first_use == 0) {
tdb->tdb_first_use = time_second;
-
- tv.tv_usec = 0;
-
- /* Check for wrap-around. */
- if (tdb->tdb_exp_first_use + tdb->tdb_first_use
- < tdb->tdb_first_use)
- tv.tv_sec = ((unsigned long)-1) / 2;
- else
- tv.tv_sec = tdb->tdb_exp_first_use +
- tdb->tdb_first_use;
-
if (tdb->tdb_flags & TDBF_FIRSTUSE)
- timeout_add(&tdb->tdb_first_tmo,
- hzto(&tv));
-
- /* Check for wrap-around. */
- if (tdb->tdb_first_use +
- tdb->tdb_soft_first_use
- < tdb->tdb_first_use)
- tv.tv_sec = ((unsigned long)-1) / 2;
- else
- tv.tv_sec = tdb->tdb_first_use +
- tdb->tdb_soft_first_use;
-
+ timeout_add_sec(&tdb->tdb_first_tmo,
+ tdb->tdb_exp_first_use);
if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE)
- timeout_add(&tdb->tdb_sfirst_tmo,
- hzto(&tv));
+ timeout_add_sec(&tdb->tdb_sfirst_tmo,
+ tdb->tdb_soft_first_use);
}
(*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off);
splx(s);
return (1);
diff --git sys/net/pfkeyv2_convert.c sys/net/pfkeyv2_convert.c
index 9fa4920..6657a51 100644
--- sys/net/pfkeyv2_convert.c
+++ sys/net/pfkeyv2_convert.c
@@ -277,17 +277,13 @@ export_sa(void **p, struct tdb *tdb)
* Initialize expirations and counters based on lifetime payload.
*/
void
import_lifetime(struct tdb *tdb, struct sadb_lifetime *sadb_lifetime, int type)
{
- struct timeval tv;
-
if (!sadb_lifetime)
return;
- getmicrotime(&tv);
-
switch (type) {
case PFKEYV2_LIFETIME_HARD:
if ((tdb->tdb_exp_allocations =
sadb_lifetime->sadb_lifetime_allocations) != 0)
tdb->tdb_flags |= TDBF_ALLOCATIONS;
@@ -301,15 +297,12 @@ import_lifetime(struct tdb *tdb, struct sadb_lifetime
*sadb_lifetime, int type)
tdb->tdb_flags &= ~TDBF_BYTES;
if ((tdb->tdb_exp_timeout =
sadb_lifetime->sadb_lifetime_addtime) != 0) {
tdb->tdb_flags |= TDBF_TIMER;
- if (tv.tv_sec + tdb->tdb_exp_timeout < tv.tv_sec)
- tv.tv_sec = ((unsigned long) -1) / 2; /* XXX */
- else
- tv.tv_sec += tdb->tdb_exp_timeout;
- timeout_add(&tdb->tdb_timer_tmo, hzto(&tv));
+ timeout_add_sec(&tdb->tdb_timer_tmo,
+ tdb->tdb_exp_timeout);
} else
tdb->tdb_flags &= ~TDBF_TIMER;
if ((tdb->tdb_exp_first_use =
sadb_lifetime->sadb_lifetime_usetime) != 0)
@@ -332,15 +325,12 @@ import_lifetime(struct tdb *tdb, struct sadb_lifetime
*sadb_lifetime, int type)
tdb->tdb_flags &= ~TDBF_SOFT_BYTES;
if ((tdb->tdb_soft_timeout =
sadb_lifetime->sadb_lifetime_addtime) != 0) {
tdb->tdb_flags |= TDBF_SOFT_TIMER;
- if (tv.tv_sec + tdb->tdb_soft_timeout < tv.tv_sec)
- tv.tv_sec = ((unsigned long) -1) / 2; /* XXX */
- else
- tv.tv_sec += tdb->tdb_soft_timeout;
- timeout_add(&tdb->tdb_stimer_tmo, hzto(&tv));
+ timeout_add_sec(&tdb->tdb_stimer_tmo,
+ tdb->tdb_soft_timeout);
} else
tdb->tdb_flags &= ~TDBF_SOFT_TIMER;
if ((tdb->tdb_soft_first_use =
sadb_lifetime->sadb_lifetime_usetime) != 0)
diff --git sys/netinet/ipsec_input.c sys/netinet/ipsec_input.c
index 7ecab1e..136bdd0 100644
--- sys/netinet/ipsec_input.c
+++ sys/netinet/ipsec_input.c
@@ -117,11 +117,10 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff,
int af, int sproto,
{
#define IPSEC_ISTAT(x,y,z) (sproto == IPPROTO_ESP ? (x)++ : \
sproto == IPPROTO_AH ? (y)++ : (z)++)
union sockaddr_union dst_address;
- struct timeval tv;
struct tdb *tdbp;
struct ifnet *encif;
u_int32_t spi;
u_int16_t cpi;
int s, error;
@@ -295,20 +294,16 @@ ipsec_common_input(struct mbuf *m, int skip, int protoff,
int af, int sproto,
}
/* Register first use, setup expiration timer. */
if (tdbp->tdb_first_use == 0) {
tdbp->tdb_first_use = time_second;
-
- tv.tv_usec = 0;
-
- tv.tv_sec = tdbp->tdb_exp_first_use + tdbp->tdb_first_use;
if (tdbp->tdb_flags & TDBF_FIRSTUSE)
- timeout_add(&tdbp->tdb_first_tmo, hzto(&tv));
-
- tv.tv_sec = tdbp->tdb_first_use + tdbp->tdb_soft_first_use;
+ timeout_add_sec(&tdbp->tdb_first_tmo,
+ tdbp->tdb_exp_first_use);
if (tdbp->tdb_flags & TDBF_SOFT_FIRSTUSE)
- timeout_add(&tdbp->tdb_sfirst_tmo, hzto(&tv));
+ timeout_add_sec(&tdbp->tdb_sfirst_tmo,
+ tdbp->tdb_soft_first_use);
}
/*
* Call appropriate transform and return -- callback takes care of
* everything else.
diff --git sys/netinet/ipsec_output.c sys/netinet/ipsec_output.c
index b6bb451..25c5b25 100644
--- sys/netinet/ipsec_output.c
+++ sys/netinet/ipsec_output.c
@@ -63,11 +63,10 @@ int udpencap_port = 4500; /* triggers decapsulation */
* place.
*/
int
ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
{
- struct timeval tv;
int i, off, error;
struct mbuf *mp;
#ifdef INET6
struct ip6_ext ip6e;
int nxt;
@@ -133,22 +132,16 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int
af, int tunalready)
/*
* Register first use if applicable, setup relevant expiration timer.
*/
if (tdb->tdb_first_use == 0) {
tdb->tdb_first_use = time_second;
-
- tv.tv_usec = 0;
-
- tv.tv_sec = tdb->tdb_first_use + tdb->tdb_exp_first_use;
if (tdb->tdb_flags & TDBF_FIRSTUSE)
- timeout_add(&tdb->tdb_first_tmo,
- hzto(&tv));
-
- tv.tv_sec = tdb->tdb_first_use + tdb->tdb_soft_first_use;
+ timeout_add_sec(&tdb->tdb_first_tmo,
+ tdb->tdb_exp_first_use);
if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE)
- timeout_add(&tdb->tdb_sfirst_tmo,
- hzto(&tv));
+ timeout_add_sec(&tdb->tdb_sfirst_tmo,
+ tdb->tdb_soft_first_use);
}
/*
* Check for tunneling if we don't have the first header in place.
* When doing Ethernet-over-IP, we are handed an already-encapsulated
