Index: sys/netipsec/key.c
===================================================================
--- sys/netipsec/key.c	(revision 282863)
+++ sys/netipsec/key.c	(working copy)
@@ -537,7 +537,7 @@
 	const struct sadb_msghdr *);
 static int key_register(struct socket *, struct mbuf *,
 	const struct sadb_msghdr *);
-static int key_expire(struct secasvar *);
+static int key_expire(struct secasvar *, int);
 static int key_flush(struct socket *, struct mbuf *,
 	const struct sadb_msghdr *);
 static int key_dump(struct socket *, struct mbuf *,
@@ -4259,7 +4259,7 @@
 				 * (DYING state)
 				 */
 				if (sav->lft_c->usetime != 0)
-					key_expire(sav);
+					key_expire(sav, 0);
 			}
 			/* check SOFT lifetime by bytes */
 			/*
@@ -4276,7 +4276,7 @@
 				 * message in the status of
 				 * DYING. Do remove below code.
 				 */
-				key_expire(sav);
+				key_expire(sav, 0);
 			}
 		}
 
@@ -4295,6 +4295,7 @@
 
 			if (sav->lft_h->addtime != 0 &&
 			    now - sav->created > sav->lft_h->addtime) {
+				key_expire(sav, 1);
 				key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 				KEY_FREESAV(&sav);
 			}
@@ -4311,12 +4312,13 @@
 				 * If there is no SA then sending
 				 * expire message.
 				 */
-				key_expire(sav);
+				key_expire(sav, 0);
 			}
 #endif
 			/* check HARD lifetime by bytes */
 			else if (sav->lft_h->bytes != 0 &&
 			    sav->lft_h->bytes < sav->lft_c->bytes) {
+				key_expire(sav, 1);
 				key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 				KEY_FREESAV(&sav);
 			}
@@ -6721,7 +6723,7 @@
  *	others	: error number
  */
 static int
-key_expire(struct secasvar *sav)
+key_expire(struct secasvar *sav, int hard)
 {
 	int satype;
 	struct mbuf *result = NULL, *m;
@@ -6779,11 +6781,19 @@
 	lt->sadb_lifetime_usetime = sav->lft_c->usetime;
 	lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 	lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
-	lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
-	lt->sadb_lifetime_allocations = sav->lft_s->allocations;
-	lt->sadb_lifetime_bytes = sav->lft_s->bytes;
-	lt->sadb_lifetime_addtime = sav->lft_s->addtime;
-	lt->sadb_lifetime_usetime = sav->lft_s->usetime;
+	if (hard) {
+		lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
+		lt->sadb_lifetime_allocations = sav->lft_h->allocations;
+		lt->sadb_lifetime_bytes = sav->lft_h->bytes;
+		lt->sadb_lifetime_addtime = sav->lft_h->addtime;
+		lt->sadb_lifetime_usetime = sav->lft_h->usetime;
+	} else {
+		lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
+		lt->sadb_lifetime_allocations = sav->lft_s->allocations;
+		lt->sadb_lifetime_bytes = sav->lft_s->bytes;
+		lt->sadb_lifetime_addtime = sav->lft_s->addtime;
+		lt->sadb_lifetime_usetime = sav->lft_s->usetime;
+	}
 	m_cat(result, m);
 
 	/* set sadb_address for source */