netdev
[Top] [All Lists]

Re: PATCH: IPSEC acquire in presence of multiple managers

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: PATCH: IPSEC acquire in presence of multiple managers
From: jamal <hadi@xxxxxxxxxx>
Date: 26 Mar 2005 13:41:27 -0500
Cc: "David S. Miller" <davem@xxxxxxxxxx>, nakam@xxxxxxxxxxxxxx, shinta.sugimoto@xxxxxxxxxxxx, netdev <netdev@xxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>
In-reply-to: <E1DF15m-0006JT-00@gondolin.me.apana.org.au>
Organization: jamalopolous
References: <E1DF15m-0006JT-00@gondolin.me.apana.org.au>
Reply-to: hadi@xxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
You could say i am obssesed by this aquire message - I dont know why;->

I noticed in the absence of a responsive KM, the acquires are sent
forever. Is it 30 seconds and may be degenerating to 60 seconds?
In the meantime my ping is sitting there not giving me back the prompt.
I suspect this is so as to make it reliable and maybe aggrevated by the
fact i can now passively monitor with ip xfrm mon.

Shouldnt there be a _configurable_ timer and number of retries?
all attempts of reliability at least put an upper limit.
Perhaps the km states could be extended a little? i.e instead of
just ACQUIRING maybe some intermidiate states are needed (sort of like
neighbor discovery or ARP). And when it looks hopeless you just stop.

Is there a standard maybe that defines such behavior?

cheers,
jamal


<Prev in Thread] Current Thread [Next in Thread>