lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Jul 2008 16:07:42 +0800 From: Herbert Xu <herbert@...dor.apana.org.au> To: Thomas Zeitlhofer <tzeitlho+lkml@...tuwien.ac.at> Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: IPSEC in 2.6.25 causes stalled connections Sorry for the late response. On Wed, Jun 18, 2008 at 02:45:44AM +0200, Thomas Zeitlhofer wrote: > > src 192.168.69.2 dst 192.168.69.1 > proto esp spi 0xc885bfdd(3364208605) reqid 3(0x00000003) mode tunnel > replay-window 32 seq 0x00000000 flag (0x00000000) > auth hmac(sha1) 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (160 bits) > enc cbc(aes) 0xXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (256 bits) > sel src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 > lifetime config: > limit: soft (INF)(bytes), hard (INF)(bytes) > limit: soft (INF)(packets), hard (INF)(packets) > expire add: soft 3056(sec), hard 3600(sec) > expire use: soft 0(sec), hard 0(sec) > lifetime current: > 2964393536(bytes), 2063237(packets) > add 2008-06-18 01:19:47 use 2008-06-18 01:19:48 Your SA has been marked for expiry at 02:19:47. So what time did you take this snapshot? Hmm, we really should make the SA state available to ip x s so that I don't have to ask :) What IPsec daemon are you using to manage SA rekeying? Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists