[Swan-dev] time representation in Pluto

Paul Wouters paul at nohats.ca
Wed Aug 13 21:37:12 EEST 2014

On Wed, 13 Aug 2014, Antony Antony wrote:

> Ideally PLUTO_ADDTIME should be realtime_t, however, add_time is set in netlink_get_sa.  It comes from curlft.add_time which is an uint64_t add_time ,  struct xfrm_lifetime_cur curlft;
> we could type cast it to realtime_t?
> realtime_t add_time = (realtime_t) curlft.add_time
> changei add_time in struct ipsec_proto_info to
> realtime_t add_time;

I'm fine with that.

> On the other hand I am not sure netlink_get_sa actually returns the add_time the first time.
> My experience is it returns 0 the first time and on subsequent calls returns realtime_t of the first call. However, I am waiting on Paul's input on this.

The first call to get_sa() does seem to get 0 for add_time. Subsequent
calls get a consistent non-0 value. Whether that is the actual IPsec SA
insertion time or the time of the first get_sa call does not really
matter that much to us. Looking at the kernel code, I see things like:

        if (x->lft.hard_add_expires_seconds) {
                 long tmo = x->lft.hard_add_expires_seconds +
                         x->curlft.add_time - now;

which seems to suggest it is really the time the sa got added to the
kernel for the purpose of lifetime calculations inside the kernel.


More information about the Swan-dev mailing list