ok.
> On 10 Jun 2015, at 07:41, Mike Belopuhov <[email protected]> wrote:
>
> OK?
>
> diff --git sys/net/if_bridge.c sys/net/if_bridge.c
> index 637dea8..ce8d0d7 100644
> --- sys/net/if_bridge.c
> +++ sys/net/if_bridge.c
> @@ -2181,11 +2181,10 @@ int
> bridge_ipsec(struct bridge_softc *sc, struct ifnet *ifp,
> struct ether_header *eh, int hassnap, struct llc *llc,
> int dir, int af, int hlen, struct mbuf *m)
> {
> union sockaddr_union dst;
> - struct timeval tv;
> struct tdb *tdb;
> u_int32_t spi;
> u_int16_t cpi;
> int error, off, s;
> u_int8_t proto = 0;
> @@ -2277,37 +2276,16 @@ bridge_ipsec(struct bridge_softc *sc, struct ifnet
> *ifp,
> tdb = gettdb(ifp->if_rdomain, spi, &dst, proto);
> if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 &&
> tdb->tdb_xform != NULL) {
> if (tdb->tdb_first_use == 0) {
> tdb->tdb_first_use = time_second;
> -
> - tv.tv_usec = 0;
> -
> - /* Check for wrap-around. */
> - if (tdb->tdb_exp_first_use + tdb->tdb_first_use
> - < tdb->tdb_first_use)
> - tv.tv_sec = ((unsigned long)-1) / 2;
> - else
> - tv.tv_sec = tdb->tdb_exp_first_use +
> - tdb->tdb_first_use;
> -
> if (tdb->tdb_flags & TDBF_FIRSTUSE)
> - timeout_add(&tdb->tdb_first_tmo,
> - hzto(&tv));
> -
> - /* Check for wrap-around. */
> - if (tdb->tdb_first_use +
> - tdb->tdb_soft_first_use
> - < tdb->tdb_first_use)
> - tv.tv_sec = ((unsigned long)-1) / 2;
> - else
> - tv.tv_sec = tdb->tdb_first_use +
> - tdb->tdb_soft_first_use;
> -
> + timeout_add_sec(&tdb->tdb_first_tmo,
> + tdb->tdb_exp_first_use);
> if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE)
> - timeout_add(&tdb->tdb_sfirst_tmo,
> - hzto(&tv));
> + timeout_add_sec(&tdb->tdb_sfirst_tmo,
> + tdb->tdb_soft_first_use);
> }
>
> (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off);
> splx(s);
> return (1);
> diff --git sys/net/pfkeyv2_convert.c sys/net/pfkeyv2_convert.c
> index 9fa4920..6657a51 100644
> --- sys/net/pfkeyv2_convert.c
> +++ sys/net/pfkeyv2_convert.c
> @@ -277,17 +277,13 @@ export_sa(void **p, struct tdb *tdb)
> * Initialize expirations and counters based on lifetime payload.
> */
> void
> import_lifetime(struct tdb *tdb, struct sadb_lifetime *sadb_lifetime, int
> type)
> {
> - struct timeval tv;
> -
> if (!sadb_lifetime)
> return;
>
> - getmicrotime(&tv);
> -
> switch (type) {
> case PFKEYV2_LIFETIME_HARD:
> if ((tdb->tdb_exp_allocations =
> sadb_lifetime->sadb_lifetime_allocations) != 0)
> tdb->tdb_flags |= TDBF_ALLOCATIONS;
> @@ -301,15 +297,12 @@ import_lifetime(struct tdb *tdb, struct sadb_lifetime
> *sadb_lifetime, int type)
> tdb->tdb_flags &= ~TDBF_BYTES;
>
> if ((tdb->tdb_exp_timeout =
> sadb_lifetime->sadb_lifetime_addtime) != 0) {
> tdb->tdb_flags |= TDBF_TIMER;
> - if (tv.tv_sec + tdb->tdb_exp_timeout < tv.tv_sec)
> - tv.tv_sec = ((unsigned long) -1) / 2; /* XXX */
> - else
> - tv.tv_sec += tdb->tdb_exp_timeout;
> - timeout_add(&tdb->tdb_timer_tmo, hzto(&tv));
> + timeout_add_sec(&tdb->tdb_timer_tmo,
> + tdb->tdb_exp_timeout);
> } else
> tdb->tdb_flags &= ~TDBF_TIMER;
>
> if ((tdb->tdb_exp_first_use =
> sadb_lifetime->sadb_lifetime_usetime) != 0)
> @@ -332,15 +325,12 @@ import_lifetime(struct tdb *tdb, struct sadb_lifetime
> *sadb_lifetime, int type)
> tdb->tdb_flags &= ~TDBF_SOFT_BYTES;
>
> if ((tdb->tdb_soft_timeout =
> sadb_lifetime->sadb_lifetime_addtime) != 0) {
> tdb->tdb_flags |= TDBF_SOFT_TIMER;
> - if (tv.tv_sec + tdb->tdb_soft_timeout < tv.tv_sec)
> - tv.tv_sec = ((unsigned long) -1) / 2; /* XXX */
> - else
> - tv.tv_sec += tdb->tdb_soft_timeout;
> - timeout_add(&tdb->tdb_stimer_tmo, hzto(&tv));
> + timeout_add_sec(&tdb->tdb_stimer_tmo,
> + tdb->tdb_soft_timeout);
> } else
> tdb->tdb_flags &= ~TDBF_SOFT_TIMER;
>
> if ((tdb->tdb_soft_first_use =
> sadb_lifetime->sadb_lifetime_usetime) != 0)
> diff --git sys/netinet/ipsec_input.c sys/netinet/ipsec_input.c
> index 7ecab1e..136bdd0 100644
> --- sys/netinet/ipsec_input.c
> +++ sys/netinet/ipsec_input.c
> @@ -117,11 +117,10 @@ ipsec_common_input(struct mbuf *m, int skip, int
> protoff, int af, int sproto,
> {
> #define IPSEC_ISTAT(x,y,z) (sproto == IPPROTO_ESP ? (x)++ : \
> sproto == IPPROTO_AH ? (y)++ : (z)++)
>
> union sockaddr_union dst_address;
> - struct timeval tv;
> struct tdb *tdbp;
> struct ifnet *encif;
> u_int32_t spi;
> u_int16_t cpi;
> int s, error;
> @@ -295,20 +294,16 @@ ipsec_common_input(struct mbuf *m, int skip, int
> protoff, int af, int sproto,
> }
>
> /* Register first use, setup expiration timer. */
> if (tdbp->tdb_first_use == 0) {
> tdbp->tdb_first_use = time_second;
> -
> - tv.tv_usec = 0;
> -
> - tv.tv_sec = tdbp->tdb_exp_first_use + tdbp->tdb_first_use;
> if (tdbp->tdb_flags & TDBF_FIRSTUSE)
> - timeout_add(&tdbp->tdb_first_tmo, hzto(&tv));
> -
> - tv.tv_sec = tdbp->tdb_first_use + tdbp->tdb_soft_first_use;
> + timeout_add_sec(&tdbp->tdb_first_tmo,
> + tdbp->tdb_exp_first_use);
> if (tdbp->tdb_flags & TDBF_SOFT_FIRSTUSE)
> - timeout_add(&tdbp->tdb_sfirst_tmo, hzto(&tv));
> + timeout_add_sec(&tdbp->tdb_sfirst_tmo,
> + tdbp->tdb_soft_first_use);
> }
>
> /*
> * Call appropriate transform and return -- callback takes care of
> * everything else.
> diff --git sys/netinet/ipsec_output.c sys/netinet/ipsec_output.c
> index b6bb451..25c5b25 100644
> --- sys/netinet/ipsec_output.c
> +++ sys/netinet/ipsec_output.c
> @@ -63,11 +63,10 @@ int udpencap_port = 4500; /* triggers
> decapsulation */
> * place.
> */
> int
> ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready)
> {
> - struct timeval tv;
> int i, off, error;
> struct mbuf *mp;
> #ifdef INET6
> struct ip6_ext ip6e;
> int nxt;
> @@ -133,22 +132,16 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb,
> int af, int tunalready)
> /*
> * Register first use if applicable, setup relevant expiration timer.
> */
> if (tdb->tdb_first_use == 0) {
> tdb->tdb_first_use = time_second;
> -
> - tv.tv_usec = 0;
> -
> - tv.tv_sec = tdb->tdb_first_use + tdb->tdb_exp_first_use;
> if (tdb->tdb_flags & TDBF_FIRSTUSE)
> - timeout_add(&tdb->tdb_first_tmo,
> - hzto(&tv));
> -
> - tv.tv_sec = tdb->tdb_first_use + tdb->tdb_soft_first_use;
> + timeout_add_sec(&tdb->tdb_first_tmo,
> + tdb->tdb_exp_first_use);
> if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE)
> - timeout_add(&tdb->tdb_sfirst_tmo,
> - hzto(&tv));
> + timeout_add_sec(&tdb->tdb_sfirst_tmo,
> + tdb->tdb_soft_first_use);
> }
>
> /*
> * Check for tunneling if we don't have the first header in place.
> * When doing Ethernet-over-IP, we are handed an already-encapsulated
>
