Am Mittwoch, 5. Dezember 2007 08:12 schrieb David Miller: > Actually, consider even a case like DNS. Let's say the timeout > is set to 2 seconds or something and you have 3 DNS servers > listed, on different IPSEC destinations, in your resolv.conf > > Each IPSEC route that isn't currently resolved will cause packet loss > of the DNS lookup request with xfrm_larval_drop set to '1'. > > If all 3 need to be resolved, the DNS lookup will fully fail > which defeats the purpose of listing 3 servers for redundancy > don't you think? :-)
In your example, the DNS server might actually stop responding to other clients while waiting for the (expected to be non-blocking) connect() to return. This is much much worse. Stefan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
