| To: | bguo@xxxxxxxxxxxxxx (Bin Guo) |
|---|---|
| Subject: | Re: Question about connect and ipsec |
| From: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
| Date: | Wed, 13 Apr 2005 13:50:32 +1000 |
| Cc: | netdev@xxxxxxxxxxx, kaber@xxxxxxxxx |
| In-reply-to: | <1113314992.9028.18.camel@xxxxxxxxxxxxxxxxxxx> |
| Organization: | Core |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.27-hx-1-686-smp (i686)) |
Bin Guo <bguo@xxxxxxxxxxxxxx> wrote: > > The connect call seems to map directly to net/ipv4/datagram.c: > ip4_datagram_connect. Is it true that connect call on udp sockets > result in SA creation and temporary failure? Is it by design just > checking route to a destination protected ipsec will trigger SA > creation? It is a deficiency in the current implementation. This problem will be solved along with others in the xfrm resolution stuff that Patrick McHardy is working on. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH] IPV6_CHECKSUM socket option can corrupt kernel memory, David Stevens |
|---|---|
| Next by Date: | Re: [PATCH] IPV6_CHECKSUM socket option can corrupt kernel memory, YOSHIFUJI Hideaki / 吉藤英明 |
| Previous by Thread: | Question about connect and ipsec, Bin Guo |
| Next by Thread: | [PATCH] netem: change packet scheduling, Stephen Hemminger |
| Indexes: | [Date] [Thread] [Top] [All Lists] |