netdev
[Top] [All Lists]

Re: PATCH: IPSEC acquire in presence of multiple managers

To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: PATCH: IPSEC acquire in presence of multiple managers
From: jamal <hadi@xxxxxxxxxx>
Date: 25 Mar 2005 19:54:31 -0500
Cc: "David S. Miller" <davem@xxxxxxxxxx>, Masahide NAKAMURA <nakam@xxxxxxxxxxxxxx>, Shinta Sugimoto <shinta.sugimoto@xxxxxxxxxxxx>, netdev <netdev@xxxxxxxxxxx>
In-reply-to: <20050326003058.GA22930@xxxxxxxxxxxxxxxxxxx>
Organization: jamalopolous
References: <1111795927.1089.749.camel@xxxxxxxxxxxxxxxx> <20050326003058.GA22930@xxxxxxxxxxxxxxxxxxx>
Reply-to: hadi@xxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
On Fri, 2005-03-25 at 19:30, Herbert Xu wrote:

> One problem though is that if theal real KM is dead but the passive
> monitor is still there then the kernel will have to wait for the
> larval states to time out.
> 
> It can happen without the patch too if the KM dies after the message
> is delivered.  This will make it slightly more likely.
> 

Agreed. 

> I guess that's something we'll just have to live with.

Well its useful even if we could just run "ip mon" to look at acquires
going across.

If i understood correctly pfkey: the kernel can be told when a KM is
about to die or just came back up using an empty acquire message by the
KM. I dont think we support this at the moment from looking at the code.
It seems that we dont support any acquires from userspace to kernel
which in theory could be triggered by some apps (I saw OSPF;->) trying 
to get a SA. Is this common behavior?

cheers,
jamal



<Prev in Thread] Current Thread [Next in Thread>