On Wed, 13 Aug 2014, Antony Antony wrote:
Ideally PLUTO_ADDTIME should be realtime_t, however, add_time is set in
netlink_get_sa. It comes from curlft.add_time which is an uint64_t add_time ,
struct xfrm_lifetime_cur curlft;
we could type cast it to realtime_t?
realtime_t add_time = (realtime_t) curlft.add_time
changei add_time in struct ipsec_proto_info to
realtime_t add_time;
I'm fine with that.
On the other hand I am not sure netlink_get_sa actually returns the add_time
the first time.
My experience is it returns 0 the first time and on subsequent calls returns
realtime_t of the first call. However, I am waiting on Paul's input on this.
The first call to get_sa() does seem to get 0 for add_time. Subsequent
calls get a consistent non-0 value. Whether that is the actual IPsec SA
insertion time or the time of the first get_sa call does not really
matter that much to us. Looking at the kernel code, I see things like:
if (x->lft.hard_add_expires_seconds) {
long tmo = x->lft.hard_add_expires_seconds +
x->curlft.add_time - now;
which seems to suggest it is really the time the sa got added to the
kernel for the purpose of lifetime calculations inside the kernel.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
