So the comparison is always meaningful.
These are never copied out of the kernel so we can change
the timestamp clock without issue.
ok?
Index: netinet/ip_ipsp.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_ipsp.c,v
retrieving revision 1.232
diff -u -p -r1.232 ip_ipsp.c
--- netinet/ip_ipsp.c 28 Aug 2018 15:15:02 -0000 1.232
+++ netinet/ip_ipsp.c 22 Oct 2018 01:38:57 -0000
@@ -711,7 +711,7 @@ puttdb(struct tdb *tdbp)
if ((tdbp->tdb_flags & (TDBF_INVALID|TDBF_TUNNELING)) == TDBF_TUNNELING)
ipsecstat_inc(ipsec_tunnels);
- ipsec_last_added = time_second;
+ ipsec_last_added = time_uptime;
}
void
Index: netinet/ip_spd.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_spd.c,v
retrieving revision 1.98
diff -u -p -r1.98 ip_spd.c
--- netinet/ip_spd.c 25 Jun 2018 11:11:41 -0000 1.98
+++ netinet/ip_spd.c 22 Oct 2018 01:38:57 -0000
@@ -437,7 +437,7 @@ ipsp_spd_lookup(struct mbuf *m, int af,
if (ipo->ipo_last_searched <= ipsec_last_added) {
/* "Touch" the entry. */
if (dignore == 0)
- ipo->ipo_last_searched = time_second;
+ ipo->ipo_last_searched = time_uptime;
/* Find an appropriate SA from the existing ones. */
ipo->ipo_tdb =
@@ -541,7 +541,7 @@ ipsp_spd_lookup(struct mbuf *m, int af,
/* Find whether there exists an appropriate SA. */
if (ipo->ipo_last_searched <= ipsec_last_added) {
if (dignore == 0)
- ipo->ipo_last_searched = time_second;
+ ipo->ipo_last_searched = time_uptime;
ipo->ipo_tdb =
gettdbbysrc(rdomain,
