6836569 IPsec aging timeout misuses drv_usectohz(), makes 1 second act like 10.

2 files changed, 15 insertions, 11 deletions

diff --git a/usr/src/uts/common/inet/ip/sadb.c b/usr/src/uts/common/inet/ip/sadb.c
index 72b38bab1d..f069cd9770 100644
--- a/usr/src/uts/common/inet/ip/sadb.c
+++ b/usr/src/uts/common/inet/ip/sadb.c
@@ -2076,10 +2076,11 @@ sadb_keysock_hello(queue_t **pfkey_qp, queue_t *q, mblk_t *mp,
 
 	/*
 	 * If we made it past the casptr, then we have "exclusive" access
-	 * to the timeout handle.  Fire it off in 4 seconds, because it
-	 * just seems like a good interval.
+	 * to the timeout handle.  Fire it off after the default ager
+	 * interval.
 	 */
-	*top = qtimeout(*pfkey_qp, ager, agerarg, drv_usectohz(4000000));
+	*top = qtimeout(*pfkey_qp, ager, agerarg,
+	    drv_usectohz(SADB_AGE_INTERVAL_DEFAULT * 1000));
 
 	putnext(*pfkey_qp, mp);
 }
@@ -4361,7 +4362,7 @@ sadb_retimeout(hrtime_t begin, queue_t *pfkey_q, void (*ager)(void *),
 	 * See how long this took.  If it took too long, increase the
 	 * aging interval.
 	 */
-	if ((end - begin) > interval * 1000000) {
+	if ((end - begin) > (hrtime_t)interval * (hrtime_t)1000000) {
 		if (interval >= intmax) {
 			/* XXX Rate limit this?  Or recommend flush? */
 			(void) strlog(mid, 0, 0, SL_ERROR | SL_WARN,
@@ -4372,7 +4373,7 @@ sadb_retimeout(hrtime_t begin, queue_t *pfkey_q, void (*ager)(void *),
 			interval <<= 1;
 			interval = min(interval, intmax);
 		}
-	} else if ((end - begin) <= interval * 500000 &&
+	} else if ((end - begin) <= (hrtime_t)interval * (hrtime_t)500000 &&
 	    interval > SADB_AGE_INTERVAL_DEFAULT) {
 		/*
 		 * If I took less than half of the interval, then I should
@@ -4380,7 +4381,10 @@ sadb_retimeout(hrtime_t begin, queue_t *pfkey_q, void (*ager)(void *),
 		 * shift below the default aging interval.
 		 *
 		 * NOTE:This even overrides manual setting of the age
-		 *	interval using NDD.
+		 *	interval using NDD to lower the setting past the
+		 *	default.  In other words, if you set the interval
+		 *	lower than the default, and your SADB gets too big,
+		 *	the interval will only self-lower back to the default.
 		 */
 		/* Halve by shifting one bit. */
 		interval >>= 1;
@@ -4388,7 +4392,7 @@ sadb_retimeout(hrtime_t begin, queue_t *pfkey_q, void (*ager)(void *),
 	}
 	*intp = interval;
 	return (qtimeout(pfkey_q, ager, agerarg,
-	    interval * drv_usectohz(1000)));
+	    drv_usectohz(interval * 1000)));
 }
 
 
@@ -7255,7 +7259,7 @@ ipsec_check_key(crypto_mech_type_t mech_type, sadb_key_t *sadb_key,
  * SOFT EXPIRE time. The reason for this is to stop
  * peers trying to renegotiate SOFT expiring SA's at
  * the same time. The amount of fuzz needs to be at
- * least 10 seconds which is the typical interval
+ * least 8 seconds which is the typical interval
  * sadb_ager(), although this is only a guide as it
  * selftunes.
  */
@@ -7268,7 +7272,7 @@ lifetime_fuzz(ipsa_t *assoc)
 		return;
 
 	(void) random_get_pseudo_bytes(&rnd, sizeof (rnd));
-	rnd = (rnd & 0xF) + 10;
+	rnd = (rnd & 0xF) + 8;
 	assoc->ipsa_softexpiretime -= rnd;
 	assoc->ipsa_softaddlt -= rnd;
 }
diff --git a/usr/src/uts/common/inet/sadb.h b/usr/src/uts/common/inet/sadb.h
index 0df0cfcae2..dd51ded73a 100644
--- a/usr/src/uts/common/inet/sadb.h
+++ b/usr/src/uts/common/inet/sadb.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -458,7 +458,7 @@ typedef struct ipsacq_s {
  */
 #define	IACQF_LOWEST_SEQ 0x80000000
 
-#define	SADB_AGE_INTERVAL_DEFAULT 1000
+#define	SADB_AGE_INTERVAL_DEFAULT 8000
 
 /*
  * ACQUIRE fanout.  Protect each linkage with a lock.