On Tue, 2006-21-02 at 22:03 +1100, Herbert Xu wrote: > On Tue, Feb 21, 2006 at 12:00:56PM +0100, Patrick McHardy wrote: > > > > With tunnel mode, yes, but with transport mode you can have one policy > > for many peers. In that case you will have false positives as long as > > a single peer is alive. > > That only happens with racoon I think :) > > In any case, I don't think it's asking a lot to add a more specific policy > for the peers that you want to DPD with.
Two things: 1) I dont think it makes a lot of sense to use the policy expiry for DPD idle signalling - mostly because the period tends to be really long (relative to DPD heartbeats or dead intervals) for policy expiry - and if you make it short, you have a scaling problem when you have many SP entries. 2) DPD with racoon is a ph1 related - not phase2. This is fine for transport mode but not very valuable for the case of tunnels. I was going to send a patch on aevent (after the dust settles on that patch) to actually add a idle timer per SA which is configurable with DPD like timers. The timer would be related to the nagle one already in aevents (so no new timer). If someone wants to beat me to it, be my guest. If it is considered valuable i could even work on it over the weekend. cheers, jamal - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
