Use monotonic 'time_uptime' instead of 'time_second' as timebase

for timeouts.

sys/netinet/ip_dummynet.c

@@ -862,9 +862,9 @@ expire_queues(struct dn_flow_set *fs)
     struct dn_flow_queue *q, *prev ;
     int i, initial_elements = fs->rq_elements ;
 
-    if (fs->last_expired == time_second)
+    if (fs->last_expired == time_uptime)
 	return 0 ;
-    fs->last_expired = time_second ;
+    fs->last_expired = time_uptime ;
     for (i = 0 ; i <= fs->rq_size ; i++) /* last one is overflow */
 	for (prev=NULL, q = fs->rq[i] ; q != NULL ; )
 	    if (q->head != NULL || q->S != q->F+1) {

sys/netinet/ip_fw2.c

@@ -1091,9 +1091,9 @@ remove_dyn_rule(struct ip_fw *rule, ipfw_dyn_rule *keep_me)
 	if (ipfw_dyn_v == NULL || dyn_count == 0)
 		return;
 	/* do not expire more than once per second, it is useless */
-	if (!FORCE && last_remove == time_second)
+	if (!FORCE && last_remove == time_uptime)
 		return;
-	last_remove = time_second;
+	last_remove = time_uptime;
 
 	/*
 	 * because O_LIMIT refer to parent rules, during the first pass only
@@ -1125,7 +1125,7 @@ remove_dyn_rule(struct ip_fw *rule, ipfw_dyn_rule *keep_me)
 				}
 			} else {
 				if (!FORCE &&
-				    !TIME_LEQ( q->expire, time_second ))
+				    !TIME_LEQ( q->expire, time_uptime ))
 					goto next;
 			}
              if (q->dyn_type != O_LIMIT_PARENT || !q->count) {
@@ -1168,7 +1168,7 @@ lookup_dyn_rule_locked(struct ipfw_flow_id *pkt, int *match_direction,
 	for (prev=NULL, q = ipfw_dyn_v[i] ; q != NULL ; ) {
 		if (q->dyn_type == O_LIMIT_PARENT && q->count)
 			goto next;
-		if (TIME_LEQ( q->expire, time_second)) { /* expire entry */
+		if (TIME_LEQ( q->expire, time_uptime)) { /* expire entry */
 			UNLINK_DYN_RULE(prev, ipfw_dyn_v[i], q);
 			continue;
 		}
@@ -1230,7 +1230,7 @@ lookup_dyn_rule_locked(struct ipfw_flow_id *pkt, int *match_direction,
 		q->state |= (dir == MATCH_FORWARD ) ? flags : (flags << 8);
 		switch (q->state) {
 		case TH_SYN:				/* opening */
-			q->expire = time_second + dyn_syn_lifetime;
+			q->expire = time_uptime + dyn_syn_lifetime;
 			break;
 
 		case BOTH_SYN:			/* move to established */
@@ -1253,13 +1253,13 @@ lookup_dyn_rule_locked(struct ipfw_flow_id *pkt, int *match_direction,
 				}
 			    }
 			}
-			q->expire = time_second + dyn_ack_lifetime;
+			q->expire = time_uptime + dyn_ack_lifetime;
 			break;
 
 		case BOTH_SYN | BOTH_FIN:	/* both sides closed */
 			if (dyn_fin_lifetime >= dyn_keepalive_period)
 				dyn_fin_lifetime = dyn_keepalive_period - 1;
-			q->expire = time_second + dyn_fin_lifetime;
+			q->expire = time_uptime + dyn_fin_lifetime;
 			break;
 
 		default:
@@ -1273,14 +1273,14 @@ lookup_dyn_rule_locked(struct ipfw_flow_id *pkt, int *match_direction,
 #endif
 			if (dyn_rst_lifetime >= dyn_keepalive_period)
 				dyn_rst_lifetime = dyn_keepalive_period - 1;
-			q->expire = time_second + dyn_rst_lifetime;
+			q->expire = time_uptime + dyn_rst_lifetime;
 			break;
 		}
 	} else if (pkt->proto == IPPROTO_UDP) {
-		q->expire = time_second + dyn_udp_lifetime;
+		q->expire = time_uptime + dyn_udp_lifetime;
 	} else {
 		/* other protocols */
-		q->expire = time_second + dyn_short_lifetime;
+		q->expire = time_uptime + dyn_short_lifetime;
 	}
 done:
 	if (match_direction)
@@ -1374,7 +1374,7 @@ add_dyn_rule(struct ipfw_flow_id *id, u_int8_t dyn_type, struct ip_fw *rule)
 	}
 
 	r->id = *id;
-	r->expire = time_second + dyn_syn_lifetime;
+	r->expire = time_uptime + dyn_syn_lifetime;
 	r->rule = rule;
 	r->dyn_type = dyn_type;
 	r->pcnt = r->bcnt = 0;
@@ -1424,7 +1424,7 @@ lookup_dyn_parent(struct ipfw_flow_id *pkt, struct ip_fw *rule)
 				 pkt->dst_ip == q->id.dst_ip)
 			    )
 			) {
-				q->expire = time_second + dyn_short_lifetime;
+				q->expire = time_uptime + dyn_short_lifetime;
 				DEB(printf("ipfw: lookup_dyn_parent found 0x%p\n",q);)
 				return q;
 			}
@@ -1456,8 +1456,8 @@ install_state(struct ip_fw *rule, ipfw_insn_limit *cmd,
 	q = lookup_dyn_rule_locked(&args->f_id, NULL, NULL);
 
 	if (q != NULL) { /* should never occur */
-		if (last_log != time_second) {
-			last_log = time_second;
+		if (last_log != time_uptime) {
+			last_log = time_uptime;
 			printf("ipfw: install_state: entry already present, done\n");
 		}
 		IPFW_DYN_UNLOCK();
@@ -1471,8 +1471,8 @@ install_state(struct ip_fw *rule, ipfw_insn_limit *cmd,
 		remove_dyn_rule(NULL, (ipfw_dyn_rule *)1);
 
 	if (dyn_count >= dyn_max) {
-		if (last_log != time_second) {
-			last_log = time_second;
+		if (last_log != time_uptime) {
+			last_log = time_uptime;
 			printf("ipfw: install_state: Too many dynamic rules\n");
 		}
 		IPFW_DYN_UNLOCK();
@@ -1524,8 +1524,8 @@ install_state(struct ip_fw *rule, ipfw_insn_limit *cmd,
 			 */
 			remove_dyn_rule(rule, parent);
 			if (parent->count >= cmd->conn_limit) {
-				if (fw_verbose && last_log != time_second) {
-					last_log = time_second;
+				if (fw_verbose && last_log != time_uptime) {
+					last_log = time_uptime;
 					log(LOG_SECURITY | LOG_DEBUG,
 					    "drop session, too many entries\n");
 				}
@@ -3050,7 +3050,7 @@ do {									\
 			case O_SKIPTO:
 				f->pcnt++;	/* update stats */
 				f->bcnt += pktlen;
-				f->timestamp = time_second;
+				f->timestamp = time_uptime;
 				if (cmd->opcode == O_COUNT)
 					goto next_rule;
 				/* handle skipto */
@@ -3137,7 +3137,7 @@ next_rule:;		/* try next rule		*/
 	/* Update statistics */
 	f->pcnt++;
 	f->bcnt += pktlen;
-	f->timestamp = time_second;
+	f->timestamp = time_uptime;
 	IPFW_RUNLOCK(chain);
 	return (retval);
 
@@ -3844,8 +3844,8 @@ ipfw_getrules(struct ip_fw_chain *chain, void *buf, size_t space)
 					bcopy(&dst, &dst->next, sizeof(dst));
 					last = dst;
 					dst->expire =
-					    TIME_LEQ(dst->expire, time_second) ?
-						0 : dst->expire - time_second ;
+					    TIME_LEQ(dst->expire, time_uptime) ?
+						0 : dst->expire - time_uptime ;
 					bp += sizeof(ipfw_dyn_rule);
 				}
 			}
@@ -4128,10 +4128,10 @@ ipfw_tick(void * __unused unused)
 				continue;
 			if ( (q->state & BOTH_SYN) != BOTH_SYN)
 				continue;
-			if (TIME_LEQ( time_second+dyn_keepalive_interval,
+			if (TIME_LEQ( time_uptime+dyn_keepalive_interval,
 			    q->expire))
 				continue;	/* too early */
-			if (TIME_LEQ(q->expire, time_second))
+			if (TIME_LEQ(q->expire, time_uptime))
 				continue;	/* too late, rule expired */
 
 			*mtailp = send_pkt(&(q->id), q->ack_rev - 1,

sys/netinet/ip_mroute.c

@@ -1399,8 +1399,8 @@ X_ip_mforward(struct ip *ip, struct ifnet *ifp, struct mbuf *m,
 	 * Source-route tunnels are no longer supported.
 	 */
 	static int last_log;
-	if (last_log != time_second) {
-	    last_log = time_second;
+	if (last_log != time_uptime) {
+	    last_log = time_uptime;
 	    log(LOG_ERR,
 		"ip_mforward: received source-routed packet from %lx\n",
 		(u_long)ntohl(ip->ip_src.s_addr));

sys/netinet/libalias/alias_db.c

@@ -2166,7 +2166,7 @@ HouseKeeping(struct libalias *la)
 	 * waste timeline by making system calls.
 	 */
 #ifdef	_KERNEL
-	la->timeStamp = time_second;
+	la->timeStamp = time_uptime;
 #else
 	gettimeofday(&tv, &tz);
 	la->timeStamp = tv.tv_sec;
@@ -2447,8 +2447,8 @@ LibAliasInit(struct libalias *la)
 		LIST_INSERT_HEAD(&instancehead, la, instancelist);
 
 #ifdef	_KERNEL
-		la->timeStamp = time_second;
-		la->lastCleanupTime = time_second;
+		la->timeStamp = time_uptime;
+		la->lastCleanupTime = time_uptime;
 #else
 		gettimeofday(&tv, &tz);
 		la->timeStamp = tv.tv_sec;