[src/netbsd-2-0]: src/sys/netipsec Pull up revision 1.17 (requested by jonath...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/08ebacd2bbe3
branches:  netbsd-2-0
changeset: 561177:08ebacd2bbe3
user:      tron <tron%NetBSD.org@localhost>
date:      Sat May 29 21:17:42 2004 +0000

description:
Pull up revision 1.17 (requested by jonathan in ticket #401):
Thanks to Andrew Brown for the heads-up that fast_ipsec still had
key_prefered_oldsa, defaulted to 1 (on): preferring old SAs, based on
the ill-concieved Jenkins I-D, is broken by design.  For now, just
turn it off, as the simplest way to fix this in the 2.0 branch.
Next step is to rip it out entirely: it was always a bad idea.

diffstat:

 sys/netipsec/key.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 53738aa3825d -r 08ebacd2bbe3 sys/netipsec/key.c
--- a/sys/netipsec/key.c        Sat May 29 14:25:23 2004 +0000
+++ b/sys/netipsec/key.c        Sat May 29 21:17:42 2004 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.11.2.3 2004/05/25 04:14:03 jmc Exp $ */
+/*     $NetBSD: key.c,v 1.11.2.4 2004/05/29 21:17:42 tron Exp $        */
 /*     $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/key.c,v 1.3.2.2 2003/07/01 01:38:13 sam Exp $ */
 /*     $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $   */
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.11.2.3 2004/05/25 04:14:03 jmc Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.11.2.4 2004/05/29 21:17:42 tron Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -131,7 +131,7 @@
 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
 static int key_blockacq_count = 10;    /* counter for blocking SADB_ACQUIRE.*/
 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
-static int key_prefered_oldsa = 1;     /* prefered old sa rather than new sa.*/
+static int key_prefered_oldsa = 0;     /* prefered old sa rather than new sa.*/
 
 static u_int32_t acq_seq = 0;
 static int key_tick_init_random = 0;