On Mon, 2007-03-05 at 22:21 -0500, James Morris wrote:
On Mon, 5 Mar 2007, Joy Latten wrote:
5. Around the time the set of SAs for OUT direction are to be
inserted into SAD, I see another ACQUIRE happening.
I have not yet figured out where this second ACQUIRE comes from
On Tue, 6 Mar 2007, Joy Latten wrote:
I saw something similar to this some time ago when testing various
failure modes, and discused it with Herbert.
IIRC, there's a larval SA which is not torn down properly by Racoon once
the full SA is established, and the larval SA keeps resending
From: Joy Latten [EMAIL PROTECTED]
Date: Mon, 05 Feb 2007 14:53:39 -0600
I can run some tests with this patch and report any results...
Please check out the two most recent patches I posted:
1) Updated core patch with ipv6 side added.
2) Fix for thinko noticed by Venkat.
I have been testing
From: Joy Latten [EMAIL PROTECTED]
Date: Mon, 05 Feb 2007 14:53:39 -0600
I can run some tests with this patch and report any results...
Please check out the two most recent patches I posted:
1) Updated core patch with ipv6 side added.
2) Fix for thinko noticed by Venkat.
Just a quick update.
On Sun, 4 Feb 2007, David Miller wrote:
Something like this (untested) on the ipv4 side, for example:
Looks like it should work. Will do some testing.
--
James Morris
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL
On Mon, 5 Feb 2007, James Morris wrote:
On Sun, 4 Feb 2007, David Miller wrote:
Something like this (untested) on the ipv4 side, for example:
Looks like it should work. Will do some testing.
Appears to work well, with a slight delay on the first packet as expected.
Tested with tcp,
Something like this (untested) on the ipv4 side, for example:
diff --git a/include/net/route.h b/include/net/route.h
index 486e37a..a8af632 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -146,7 +146,8 @@ static inline char rt_tos2priority(u8 tos)
static inline int
On Thu, 2007-02-01 at 18:44 -0500, James Morris wrote:
On Thu, 1 Feb 2007, Joy Latten wrote:
IPsec returns EAGAIN when it needs to acquire an SA.
There have been a thread or two about this...
Has there been any info or progress in how best to fix this?
James Morris presented some
From: James Morris [EMAIL PROTECTED]
Date: Mon, 5 Feb 2007 15:34:39 -0500 (EST)
On Mon, 5 Feb 2007, James Morris wrote:
On Sun, 4 Feb 2007, David Miller wrote:
Something like this (untested) on the ipv4 side, for example:
Looks like it should work. Will do some testing.
I can run some tests with this patch and report any results...
Regards,
Joy
On Sun, 2007-02-04 at 20:53 -0800, David Miller wrote:
From: James Morris [EMAIL PROTECTED]
Date: Thu, 1 Feb 2007 18:44:48 -0500 (EST)
A quick dirty solution, which is what I think the BSD kernels do, is to
From: Venkat Yekkirala [EMAIL PROTECTED]
Date: Mon, 5 Feb 2007 14:49:17 -0600
Something like this (untested) on the ipv4 side, for example:
diff --git a/include/net/route.h b/include/net/route.h
index 486e37a..a8af632 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@
From: Joy Latten [EMAIL PROTECTED]
Date: Mon, 05 Feb 2007 14:53:39 -0600
I can run some tests with this patch and report any results...
Please check out the two most recent patches I posted:
1) Updated core patch with ipv6 side added.
2) Fix for thinko noticed by Venkat.
Thanks.
-
To
From: James Morris [EMAIL PROTECTED]
Date: Thu, 1 Feb 2007 18:44:48 -0500 (EST)
A quick dirty solution, which is what I think the BSD kernels do, is to
still drop the packet but just not return an error to the app. The app
then just sees a slight delay on the initial connection, as if a
On Thursday, February 1 2007 6:44 pm, James Morris wrote:
On Thu, 1 Feb 2007, Joy Latten wrote:
When using labeled xfrms (xfrms that contain a security context), there
is potential for a greater amount of SAs to be created than when using
regular xfrms. An SA may be created every time a
IPsec returns EAGAIN when it needs to acquire an SA.
There have been a thread or two about this...
Has there been any info or progress in how best to fix this?
James Morris presented some work/ideas,
http://vger.kernel.org/jmorris_ipsec_sa_resolution_netconf2006.pdf
When using labeled xfrms
On Thu, 1 Feb 2007, Joy Latten wrote:
IPsec returns EAGAIN when it needs to acquire an SA.
There have been a thread or two about this...
Has there been any info or progress in how best to fix this?
James Morris presented some work/ideas,
16 matches
Mail list logo