[Swan-dev] time representation in Pluto

Paul Wouters paul at nohats.ca
Wed Aug 13 21:37:12 EEST 2014


On Wed, 13 Aug 2014, Antony Antony wrote:

> Ideally PLUTO_ADDTIME should be realtime_t, however, add_time is set in netlink_get_sa.  It comes from curlft.add_time which is an uint64_t add_time ,  struct xfrm_lifetime_cur curlft;
>
> we could type cast it to realtime_t?
>
> realtime_t add_time = (realtime_t) curlft.add_time
>
> changei add_time in struct ipsec_proto_info to
> realtime_t add_time;

I'm fine with that.

> On the other hand I am not sure netlink_get_sa actually returns the add_time the first time.
> My experience is it returns 0 the first time and on subsequent calls returns realtime_t of the first call. However, I am waiting on Paul's input on this.

The first call to get_sa() does seem to get 0 for add_time. Subsequent
calls get a consistent non-0 value. Whether that is the actual IPsec SA
insertion time or the time of the first get_sa call does not really
matter that much to us. Looking at the kernel code, I see things like:

        if (x->lft.hard_add_expires_seconds) {
                 long tmo = x->lft.hard_add_expires_seconds +
                         x->curlft.add_time - now;

which seems to suggest it is really the time the sa got added to the
kernel for the purpose of lifetime calculations inside the kernel.

Paul


More information about the Swan-dev mailing list