I didn't get a lot of response from my last query about udp_input() and friends. I hope I didn't stump anyone?
Anyway, relating to killing-off nattymod is how do IPsec SAs send NAT-T keepalives (tiny UDP packets) every so often? I think the easiest way will be for NAT-T SAs to reference-hold the associating UDP conn_t that has the NAT_T_ENDPOINT option set. What I'm worried about is if conn_t's can be held over long periods of time? I'm expecting if udp_close() or unsetting the NAT_T_ENDPOINT option will cause a scouring of active IPsec SAs (this can be a lot of SAs, BTW) associated with that endpoint. Given that most "refrele" options either invoke a lock or use an atomic_add(), maybe I shouldn't reference-hold them per se, but lock the conn_t until all referencing SAs have been cleared? I'm asking to make sure I'm not missing any subtle gotchas. I don't think I am, but it never hurts to ask. Dan _______________________________________________ networking-discuss mailing list [email protected]
