[Bug 1491] New: No SADB_EXPIRE message sent when soft byte lifetime is reached]

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Arnaldo Carvalho de Melo <acme@conectiva.com.br>
To: netdev@oss.sgi.com
Subject: [Bug 1491] New: No SADB_EXPIRE message sent when soft byte lifetime is reached]
Date: Tue, 4 Nov 2003 20:34:54 -0200	[thread overview]
Message-ID: <20031104223453.GC23401@conectiva.com.br> (raw)

One more...

----- Forwarded message from bugme-daemon@osdl.org -----

Date: Tue, 4 Nov 2003 09:26:37 -0800
From: bugme-daemon@osdl.org
Subject: [Bug 1491] New: No SADB_EXPIRE message sent when soft byte lifetime is reached
To: acme@conectiva.com.br

http://bugme.osdl.org/show_bug.cgi?id=1491

           Summary: No SADB_EXPIRE message sent when soft byte lifetime is
                    reached
    Kernel Version: 2.6.0-test4
            Status: NEW
          Severity: normal
             Owner: acme@conectiva.com.br
         Submitter: bbuesker@qualcomm.com

Distribution: Redhat 9
Hardware Environment: x86
Software Environment: ipsec-tools-0.2.2
Problem Description:
If byte lifetimes are used for IPsec security associations, the kernel does not
send an SADB_EXPIRE message to the key management daemon (racoon) when the soft
lifetime in terms of bytes is exceeded. Racoon only receives an SADB_EXPIRE
message when the hard lifetime is exceeded.

Steps to reproduce:
Reenable byte lifetimes in racoon. Set up a security policy requiring IPsec, and
with racoon running on two different machines, trigger the IKE negotiation by
sending a packet. Once the SA is established, continue sending packets until the
soft byte lifetime is exceeded. At this point, racoon should receive an
SADB_EXPIRE message indicating the soft lifetime has been exceeded. This message
is never sent by the kernel.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

----- End forwarded message -----

                 reply	other threads:[~2003-11-04 22:34 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20031104223453.GC23401@conectiva.com.br \
    --to=acme@conectiva.com.br \
    --cc=netdev@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.