On Sun, Jul 31, 2005 at 09:26:31PM -0700, David S. Miller wrote: > > Keep in mind (as Miyazawa-san mentioned) the Mobile IPV6 > implementation will be using XFRMs inside of the kernel to do it's > implementation and we will need to handle this case.
Interesting. I'll need to look this up to see how it's affected. > And it really isn't userland's job to make sure the kernel can > keep it's caches consistent. We should keep things coherent > in the kernel caches of this information, regardless of how > the user updates the SAs. Well the problem is that the kernel simply doesn't have the information to selectively flush dst's given a new SA. All it can do is flush out all cached dst entries when a new SA is added. Because SA changes are actually pretty common (as opposed to policy changes which shouldn't occur in a stable system) this is something I'd like to avoid if possible. BTW, the kernel isn't actually inconsistent if it doesn't switch to the new SA immediately. After all, the old SA is still valid until it expires. In this particular bug report, it's only because the remote end is buggy by deleting the old SA immediately (and silently) that we've got a problem. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
