[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20070326.144843.72708308.davem@davemloft.net>
Date: Mon, 26 Mar 2007 14:48:43 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: eparis@...hat.com
Cc: latten@...tin.ibm.com, netdev@...r.kernel.org,
herbert@...dor.apana.org.au, jmorris@...ei.org, paul.moore@...com,
vyekkirala@...stedcs.com
Subject: Re: [PATCH]: SAD sometimes has double SAs.
From: Eric Paris <eparis@...hat.com>
Date: Mon, 26 Mar 2007 17:34:59 -0400
> I'm not at all able to speak on the correctness or validity of the
> solution,
Neither am I yet :)
> but shouldn't the ipv6 case be a && not an || like the ipv4
> case? Isn't this going to match all sorts of things? Did you test this
> patch on ipv6 and see it to solve your problem?
>
> I'm also not enjoying the formatting in the ipv6 part where the first
> time you have the cast on the same time as the object but not the second
> part where x->props.saddr.a6 is on its own little line.
Also, I want to understand what is going to tear down these
"other direction" fake entries later on? I think I can review
this patch better if I understand that.
As it stands, this looks to me like a workaround for an improperly
implemented IPSEC daemon. Joy states it as saying that the current
code requires the keying daemon to manage it's SAs, and I wonder
whether any other implementation is even valid.
There is a limit to the amount to which we can workaround racoon's
design issues. :-)
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists