From: Herbert Xu <[EMAIL PROTECTED]> Date: Wed, 3 Aug 2005 21:36:59 +1000
> On Sun, Jul 31, 2005 at 10:03:05PM -0700, David S. Miller wrote: > > When an SA changes, we walk that assosciated policies DST list > > marking them ->obsolete > > Yes this should work but it's missing one important detail. > The question is how do we actually find the SA that changed. I don't understand. A packet must match a policy, before matching to SAs within that policy occurs. So the policy is a larger space of DSTs than any individual SA is. Therefore, when any SA is added, the assosciated policy is the one for which we flush all matching DST entries. The DST list is per-policy, not per-SA. That's the whole idea, exactly because we have no idea which other SA this new one subsumes, but we do know what policy is involved, and therefore if we keep track of all DSTs for a given policy, we can do a proper flush when a new SA is installed. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
