| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1170370281.2603.359.camel@faith.austin.ibm.com> Date: Thu, 01 Feb 2007 16:51:21 -0600 From: Joy Latten <latten@...tin.ibm.com> To: netdev@...r.kernel.org Cc: paul.moore@...com, vyekkirala@...stedCS.com, jmorris@...ei.org, herbert@...dor.apana.org.au, davem@...emloft.net Subject: when having to acquire an SA, ipsec drops the packet IPsec returns EAGAIN when it needs to acquire an SA. There have been a thread or two about this... Has there been any info or progress in how best to fix this? James Morris presented some work/ideas, http://vger.kernel.org/jmorris_ipsec_sa_resolution_netconf2006.pdf When using labeled xfrms (xfrms that contain a security context), there is potential for a greater amount of SAs to be created than when using regular xfrms. An SA may be created every time a different security context is encountered in a particular traffic stream. This could be many if each networking app has its own security context, making current behavior problematic. Bugreport 225328 has been opened in the Redhat Bugzilla to address when having to acquire an SA, ipsec drops the packet. Regards, Joy - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists