On Tue, Nov 12, 2002 at 06:29:06PM +0300, kuznet@xxxxxxxxxxxxx wrote:
> > > The problem with expiration remains unsolved. I still cannot reproduce
> > > this
> > > and cannot find a situation when kernel can create two larvals with one
> > > identity. :-( Searching.
> > Sure you saw that? I only saw the one larval in the output I sent you,
> Sure, unless my sick cisco router corrupts mails. But I hope it is not
> so malicious. :-)
> Joke aparts, of course, I did not see this, it exists for short time,
> you see one of them already grown to mature.
I've made a movie, the output of:
while true; do date ; sudo download/kametools/setkey/setkey -D ; done > logs
Please find it attached.
This corresponds to:
20:01:43: INFO: isakmp.c:1689:isakmp_post_acquire(): IPsec-SA
request for 10.0.0.11 queued due to no phase1 found.
20:01:43: INFO: isakmp.c:794:isakmp_ph1begin_i(): initiate new
phase 1 negotiation: 10.0.0.216<=>10.0.0.11
20:01:43: INFO: isakmp.c:799:isakmp_ph1begin_i(): begin
20:01:43: INFO: vendorid.c:128:check_vendorid(): received Vendor
20:01:43: NOTIFY: oakley.c:2037:oakley_skeyid(): couldn't find
the proper pskey, try to get one by the peer's address.
20:01:43: INFO: isakmp.c:2417:log_ph1established(): ISAKMP-SA
20:01:44: INFO: isakmp.c:938:isakmp_ph2begin_i(): initiate new
phase 2 negotiation: 10.0.0.216<=>10.0.0.11
20:01:44: INFO: pfkey.c:1106:pk_recvupdate(): IPsec-SA
established: ESP/Transport 10.0.0.11->10.0.0.216 spi=251701380(0xf00a884)
20:01:44: INFO: pfkey.c:1318:pk_recvadd(): IPsec-SA established:
ESP/Transport 10.0.0.216->10.0.0.11 spi=43499516(0x297bffc)
20:02:13: INFO: pfkey.c:1364:pk_recvexpire(): IPsec-SA expired:
Note how it changes very nearly atomically.
http://www.PowerDNS.com Versatile DNS Software & Services
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
Description: Binary data