[src/trunk]: src/sys/netipsec Thanks to Andrew Brown for the heads-up that fa...

[jonathan <jonathan%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a8ab2a000e68
branches:  trunk
changeset: 566973:a8ab2a000e68
user:      jonathan <jonathan%NetBSD.org@localhost>
date:      Wed May 26 22:14:18 2004 +0000

description:
Thanks to Andrew Brown for the heads-up that fast_ipsec still had
key_prefered_oldsa, defaulted to 1 (on): preferring old SAs, based on
the ill-concieved Jenkins I-D, is broken by design.  For now, just
turn it off, as the simplest way to fix this in the 2.0 branch.

Next step is to rip it out entirely: it was always a bad idea.

diffstat:

 sys/netipsec/key.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r a853ccea3ed2 -r a8ab2a000e68 sys/netipsec/key.c
--- a/sys/netipsec/key.c        Wed May 26 20:33:10 2004 +0000
+++ b/sys/netipsec/key.c        Wed May 26 22:14:18 2004 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.16 2004/05/25 04:00:33 atatat Exp $  */
+/*     $NetBSD: key.c,v 1.17 2004/05/26 22:14:18 jonathan Exp $        */
 /*     $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $        */
 /*     $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $   */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.16 2004/05/25 04:00:33 atatat Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.17 2004/05/26 22:14:18 jonathan Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -131,7 +131,7 @@
 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
 static int key_blockacq_count = 10;    /* counter for blocking SADB_ACQUIRE.*/
 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
-static int key_prefered_oldsa = 1;     /* prefered old sa rather than new sa.*/
+static int key_prefered_oldsa = 0;     /* prefered old sa rather than new sa.*/
 
 static u_int32_t acq_seq = 0;
 static int key_tick_init_random = 0;