From: Steffen Klassert <steffen.klassert@secunet.com>
To: Fan Du <fengyuleidian0615@gmail.com>
Cc: <netdev@vger.kernel.org>, Jamal Hadi Salim <jhs@mojatatu.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
David Miller <davem@davemloft.net>, "Du, Fan" <fan.du@intel.com>
Subject: Re: IPsec workshop at netdev01?
Date: Mon, 26 Jan 2015 10:11:10 +0100 [thread overview]
Message-ID: <20150126091109.GK13046@secunet.com> (raw)
In-Reply-To: <54AF677E.9080108@gmail.com>
On Fri, Jan 09, 2015 at 01:30:38PM +0800, Fan Du wrote:
> 于 2015年01月06日 18:19, Steffen Klassert 写道:
> >
> >- We still lack a 32/64 bit compatibiltiy layer for IPsec, this issue
> > comes up from time to time. Some solutions were proposed in the past
> > but all had problems. The current behaviour is broken if someone tries
> > to configure IPsec with 32 bit tools on a 64 bit machine. Can we get
> > this right somehow or is it better to just return an error in this case?
>
> Before a clean solution show up, I think it's better to warn user in some way
> like http://patchwork.ozlabs.org/patch/323842/ did. Otherwise, many people
> who stuck there will always spend time and try to fix this issue in whatever way.
Yes, this is the first thing we should do. I'm willing to accept a patch :)
>
> >- Changing the system time can lead to unexpected SA lifetime changes. The
> > discussion on the list did not lead to a conclusion on how to fix this.
> > What is the best way to get this fixed?
>
> I rise this issue long ago before, the culprit is SA lifetime is marked by wall clock.
> In a reasonable way it should be marked as monotonic boot time(counting suspend time
> as well). Then every thing will be work correctly. I have such a patch works correctly.
> EXCEPT: SA migration, where SA lifetime comes from outside.
> I didn't look at SA migration part though, so any comments? Steffen
I have not looked into this for longer. So I can not comment on it
now, but I could be prepared for discussion on netdev01.
prev parent reply other threads:[~2015-01-26 9:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-06 10:19 IPsec workshop at netdev01? Steffen Klassert
2015-01-06 11:15 ` Jamal Hadi Salim
2015-01-06 17:00 ` Florian Westphal
2015-01-07 10:31 ` Steffen Klassert
2015-01-07 12:55 ` Florian Westphal
2015-01-12 17:19 ` Nicolas Dichtel
2015-01-09 5:30 ` Fan Du
2015-01-26 9:11 ` Steffen Klassert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150126091109.GK13046@secunet.com \
--to=steffen.klassert@secunet.com \
--cc=davem@davemloft.net \
--cc=fan.du@intel.com \
--cc=fengyuleidian0615@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=jhs@mojatatu.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).