| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Mar 2007 14:40:40 -0500 (EST) From: James Morris <jmorris@...ei.org> To: Joy Latten <latten@...tin.ibm.com> cc: davem@...emloft.net, herbert@...dor.apana.org.au, netdev@...r.kernel.org, paul.moore@...com, vyekkirala@...stedCS.com Subject: Re: when having to acquire an SA, ipsec drops the packet On Tue, 6 Mar 2007, Joy Latten wrote: > > I saw something similar to this some time ago when testing various > > failure modes, and discused it with Herbert. > > > > IIRC, there's a larval SA which is not torn down properly by Racoon once > > the full SA is established, and the larval SA keeps resending until it > > times out. > > > Ok, good to know. > I thought a bit more about this last night but am not > sure best way to fix it. Perhaps a way to keep larval > SA around until all SAs resulting from xfrm_vec[xfrm_nr] > are established... oh well, just thinking out loud... :-) I think the solution, if this actually the problem, is for the userland code to maintain the SAs. - James -- James Morris <jmorris@...ei.org> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists