netdev
[Top] [All Lists]

[1/4] [IPSEC] Improve xfrm to pfkey SA state conversion

To: "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: [1/4] [IPSEC] Improve xfrm to pfkey SA state conversion
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 9 Apr 2005 20:54:52 +1000
Cc: Masahide NAKAMURA <nakam@xxxxxxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, jamal <hadi@xxxxxxxxxx>, netdev <netdev@xxxxxxxxxxx>
In-reply-to: <1112702604.1089.119.camel@xxxxxxxxxxxxxxxx>
References: <1112702604.1089.119.camel@xxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
Hi:

This series of patches will fix the spurious state/policy expire
notification problem identified in the discussion regarding Jamal's
IPsec events patch.  It will also address other minor issues arising
from the events patch.

The first patch adjusts the SA state conversion in af_key such that
XFRM_STATE_ERROR/XFRM_STATE_DEAD will be converted to SADB_STATE_DEAD
instead of SADB_STATE_DYING.

According to RFC 2367, SADB_STATE_DYING SAs can be turned into
mature ones through updating their lifetime settings.  Since SAs
which are in the states XFRM_STATE_ERROR/XFRM_STATE_DEAD cannot
be resurrected, this value is unsuitable.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Attachment: xfrm-event-1
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>