4202 }
4203 mutex_exit(&bucket->isaf_lock);
4204 }
4205
4206 age_pair_peer_list(haspeerlist, sp, B_TRUE);
4207
4208 /*
4209 * Run a GC pass to clean out dead identities.
4210 */
4211 ipsid_gc(ns);
4212 }
4213
4214 /*
4215 * Figure out when to reschedule the ager.
4216 */
4217 timeout_id_t
4218 sadb_retimeout(hrtime_t begin, queue_t *pfkey_q, void (*ager)(void *),
4219 void *agerarg, uint_t *intp, uint_t intmax, short mid)
4220 {
4221 hrtime_t end = gethrtime();
4222 uint_t interval = *intp;
4223
4224 /*
4225 * See how long this took. If it took too long, increase the
4226 * aging interval.
4227 */
4228 if ((end - begin) > (hrtime_t)interval * (hrtime_t)1000000) {
4229 if (interval >= intmax) {
4230 /* XXX Rate limit this? Or recommend flush? */
4231 (void) strlog(mid, 0, 0, SL_ERROR | SL_WARN,
4232 "Too many SA's to age out in %d msec.\n",
4233 intmax);
4234 } else {
4235 /* Double by shifting by one bit. */
4236 interval <<= 1;
4237 interval = min(interval, intmax);
4238 }
4239 } else if ((end - begin) <= (hrtime_t)interval * (hrtime_t)500000 &&
4240 interval > SADB_AGE_INTERVAL_DEFAULT) {
4241 /*
4242 * If I took less than half of the interval, then I should
4243 * ratchet the interval back down. Never automatically
4244 * shift below the default aging interval.
4245 *
4246 * NOTE:This even overrides manual setting of the age
4247 * interval using NDD to lower the setting past the
4248 * default. In other words, if you set the interval
4249 * lower than the default, and your SADB gets too big,
4250 * the interval will only self-lower back to the default.
4251 */
4252 /* Halve by shifting one bit. */
4253 interval >>= 1;
4254 interval = max(interval, SADB_AGE_INTERVAL_DEFAULT);
4255 }
4256 *intp = interval;
4257 return (qtimeout(pfkey_q, ager, agerarg,
4258 drv_usectohz(interval * 1000)));
4259 }
4260
4261
4262 /*
4263 * Update the lifetime values of an SA. This is the path an SADB_UPDATE
4264 * message takes when updating a MATURE or DYING SA.
4265 */
4266 static void
4267 sadb_update_lifetimes(ipsa_t *assoc, sadb_lifetime_t *hard,
4268 sadb_lifetime_t *soft, sadb_lifetime_t *idle, boolean_t outbound)
4269 {
4270 mutex_enter(&assoc->ipsa_lock);
4271
4272 /*
4273 * XXX RFC 2367 mentions how an SADB_EXT_LIFETIME_CURRENT can be
4274 * passed in during an update message. We currently don't handle
4275 * these.
4276 */
4277
4278 if (hard != NULL) {
|
4202 }
4203 mutex_exit(&bucket->isaf_lock);
4204 }
4205
4206 age_pair_peer_list(haspeerlist, sp, B_TRUE);
4207
4208 /*
4209 * Run a GC pass to clean out dead identities.
4210 */
4211 ipsid_gc(ns);
4212 }
4213
4214 /*
4215 * Figure out when to reschedule the ager.
4216 */
4217 timeout_id_t
4218 sadb_retimeout(hrtime_t begin, queue_t *pfkey_q, void (*ager)(void *),
4219 void *agerarg, uint_t *intp, uint_t intmax, short mid)
4220 {
4221 hrtime_t end = gethrtime();
4222 uint_t interval = *intp; /* "interval" is in ms. */
4223
4224 /*
4225 * See how long this took. If it took too long, increase the
4226 * aging interval.
4227 */
4228 if ((end - begin) > MSEC2NSEC(interval)) {
4229 if (interval >= intmax) {
4230 /* XXX Rate limit this? Or recommend flush? */
4231 (void) strlog(mid, 0, 0, SL_ERROR | SL_WARN,
4232 "Too many SA's to age out in %d msec.\n",
4233 intmax);
4234 } else {
4235 /* Double by shifting by one bit. */
4236 interval <<= 1;
4237 interval = min(interval, intmax);
4238 }
4239 } else if ((end - begin) <= (MSEC2NSEC(interval) / 2) &&
4240 interval > SADB_AGE_INTERVAL_DEFAULT) {
4241 /*
4242 * If I took less than half of the interval, then I should
4243 * ratchet the interval back down. Never automatically
4244 * shift below the default aging interval.
4245 *
4246 * NOTE:This even overrides manual setting of the age
4247 * interval using NDD to lower the setting past the
4248 * default. In other words, if you set the interval
4249 * lower than the default, and your SADB gets too big,
4250 * the interval will only self-lower back to the default.
4251 */
4252 /* Halve by shifting one bit. */
4253 interval >>= 1;
4254 interval = max(interval, SADB_AGE_INTERVAL_DEFAULT);
4255 }
4256 *intp = interval;
4257 return (qtimeout(pfkey_q, ager, agerarg,
4258 drv_usectohz(interval * (MICROSEC / MILLISEC))));
4259 }
4260
4261
4262 /*
4263 * Update the lifetime values of an SA. This is the path an SADB_UPDATE
4264 * message takes when updating a MATURE or DYING SA.
4265 */
4266 static void
4267 sadb_update_lifetimes(ipsa_t *assoc, sadb_lifetime_t *hard,
4268 sadb_lifetime_t *soft, sadb_lifetime_t *idle, boolean_t outbound)
4269 {
4270 mutex_enter(&assoc->ipsa_lock);
4271
4272 /*
4273 * XXX RFC 2367 mentions how an SADB_EXT_LIFETIME_CURRENT can be
4274 * passed in during an update message. We currently don't handle
4275 * these.
4276 */
4277
4278 if (hard != NULL) {
|