From: Herbert Xu [EMAIL PROTECTED]
Date: Thu, 4 Aug 2005 07:32:15 +1000
On Wed, Aug 03, 2005 at 06:34:38AM -0700, David S. Miller wrote:
Therefore, when any SA is added, the assosciated policy is the
one for which we flush all matching DST entries.
How do you find the associated policy
On Thu, Aug 04, 2005 at 06:48:18AM -0700, David S. Miller wrote:
When you add an SA, you have to place it somewhere, don't you?
And that where (be it one policy template, or many) are
what you use to decide which policy for which to do the DST
flush.
Unfortunately, it goes straight into the
On Sun, Jul 31, 2005 at 10:03:05PM -0700, David S. Miller wrote:
We can avoid the flushing damage to DSTs of the effected policy.
At least I think we can do that cleanly. Do you think that is
a middle ground that might be acceptable to you?
It's acceptable with some blanks filled in :)
From: Herbert Xu [EMAIL PROTECTED]
Date: Wed, 3 Aug 2005 21:36:59 +1000
On Sun, Jul 31, 2005 at 10:03:05PM -0700, David S. Miller wrote:
When an SA changes, we walk that assosciated policies DST list
marking them -obsolete
Yes this should work but it's missing one important detail.
The
On Wed, Aug 03, 2005 at 06:34:38AM -0700, David S. Miller wrote:
I don't understand.
I think I'm still missing something so I don't understand either :)
Therefore, when any SA is added, the assosciated policy is the
one for which we flush all matching DST entries.
How do you find the
On Tue, 2 Aug 2005, Patrick McHardy wrote:
Krzysztof Oledzki wrote:
On Mon, 1 Aug 2005, Herbert Xu wrote:
On Mon, Aug 01, 2005 at 05:46:26AM +0200, Krzysztof Oledzki wrote:
Any new patches to test? ;)
As I said in an earlier message, you should patch racoon to delete
the old
On Mon, Aug 01, 2005 at 10:41:33AM +0200, Krzysztof Oledzki wrote:
RFC 2408 says: A protocol implementation SHOULD begin using the newly
created SA for outbound traffic and SHOULD continue to support incoming
traffic on the old SA until it is deleted or until traffic is received
under the
On Tue, 2 Aug 2005, Herbert Xu wrote:
On Mon, Aug 01, 2005 at 10:41:33AM +0200, Krzysztof Oledzki wrote:
RFC 2408 says: A protocol implementation SHOULD begin using the newly
created SA for outbound traffic and SHOULD continue to support incoming
traffic on the old SA until it is deleted or
From: Herbert Xu [EMAIL PROTECTED]
Date: Mon, 1 Aug 2005 14:30:46 +1000
Well the problem is that the kernel simply doesn't have the information
to selectively flush dst's given a new SA. All it can do is flush out
all cached dst entries when a new SA is added. Because SA changes are
Herbert Xu wrote:
On Wed, Jul 27, 2005 at 03:18:39PM -0700, David S. Miller wrote:
One idea tossed around between Herbert Xu (also CC:'d) and myself is
to store a generation counter when we attach a route to a socket, then
sk_dst_check() can verify that this generation count matches the
10 matches
Mail list logo