On 15 December 2017 at 12:27, Paul Wouters <[email protected]> wrote: > On Fri, 15 Dec 2017, Andrew Cagney wrote: > > Thanks for these updates! > >> - 'inline' is gone; if there are no threads then the work is thrown >> onto the main event loop > > > That's good news, we have had too many weird issues with STF_INLINE. > >> I think the too-much-crypto code path should either be deleted and/or >> handled by generating a crypto timeout event with delay 0. The above >> code ignores the problem, if there is too much crypto then low >> priority tasks will timeout anyway. >> >> I suspect there's a bug in the 'importance' code (variable defaulting >> to 0) - on east the KE computation gets scheduled with no priority at >> all and I suspect that is wrong. Anyone? > > > The original idea was to de-prioritize CPU intensive operations on a > first received packet which could be a spoofed packet. However, that > now is handled by the code counting half-open IKE SA's and activating the > IKEv2 COOKIEs code, and on further overload just stop accepting I1 > packets completely until the load has dropped. I have no problem cutting > out all this "importance" code.
Ok, I'll ignore the value. (I was wondering about opportunistic encryption, but looking at the code it seems to be treated the same). _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
