From: Steffen Klassert <steffen.klassert@secunet.com>
To: Fan Du <fengyuleidian0615@gmail.com>
Cc: <netdev@vger.kernel.org>, Jamal Hadi Salim <jhs@mojatatu.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
David Miller <davem@davemloft.net>, "Du, Fan" <fan.du@intel.com>
Subject: Re: IPsec workshop at netdev01?
Date: Mon, 26 Jan 2015 10:11:10 +0100 [thread overview]
Message-ID: <20150126091109.GK13046@secunet.com> (raw)
In-Reply-To: <54AF677E.9080108@gmail.com>
On Fri, Jan 09, 2015 at 01:30:38PM +0800, Fan Du wrote:
> 于 2015年01月06日 18:19, Steffen Klassert 写道:
> >
> >- We still lack a 32/64 bit compatibiltiy layer for IPsec, this issue
> > comes up from time to time. Some solutions were proposed in the past
> > but all had problems. The current behaviour is broken if someone tries
> > to configure IPsec with 32 bit tools on a 64 bit machine. Can we get
> > this right somehow or is it better to just return an error in this case?
>
> Before a clean solution show up, I think it's better to warn user in some way
> like http://patchwork.ozlabs.org/patch/323842/ did. Otherwise, many people
> who stuck there will always spend time and try to fix this issue in whatever way.
Yes, this is the first thing we should do. I'm willing to accept a patch :)
>
> >- Changing the system time can lead to unexpected SA lifetime changes. The
> > discussion on the list did not lead to a conclusion on how to fix this.
> > What is the best way to get this fixed?
>
> I rise this issue long ago before, the culprit is SA lifetime is marked by wall clock.
> In a reasonable way it should be marked as monotonic boot time(counting suspend time
> as well). Then every thing will be work correctly. I have such a patch works correctly.
> EXCEPT: SA migration, where SA lifetime comes from outside.
> I didn't look at SA migration part though, so any comments? Steffen
I have not looked into this for longer. So I can not comment on it
now, but I could be prepared for discussion on netdev01.
prev parent reply other threads:[~2015-01-26 9:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-06 10:19 IPsec workshop at netdev01? Steffen Klassert
2015-01-06 11:15 ` Jamal Hadi Salim
2015-01-06 17:00 ` Florian Westphal
2015-01-07 10:31 ` Steffen Klassert
2015-01-07 12:55 ` Florian Westphal
2015-01-12 17:19 ` Nicolas Dichtel
2015-01-09 5:30 ` Fan Du
2015-01-26 9:11 ` Steffen Klassert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150126091109.GK13046@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=fan.du@intel.com \
--cc=fengyuleidian0615@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=jhs@mojatatu.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.