On Tue, 2006-21-02 at 22:03 +1100, Herbert Xu wrote:
> On Tue, Feb 21, 2006 at 12:00:56PM +0100, Patrick McHardy wrote:
> >
> > With tunnel mode, yes, but with transport mode you can have one policy
> > for many peers. In that case you will have false positives as long as
> > a single peer is aliv
On Tue, Feb 21, 2006 at 12:00:56PM +0100, Patrick McHardy wrote:
>
> With tunnel mode, yes, but with transport mode you can have one policy
> for many peers. In that case you will have false positives as long as
> a single peer is alive.
That only happens with racoon I think :)
In any case, I do
Herbert Xu wrote:
> On Tue, Feb 21, 2006 at 11:39:05AM +0100, Patrick McHardy wrote:
>
>>The idle time expiration of policies is used for DPD, right? I wonder
>>why the SAs aren't used for this (also with idle time expiration),
>>unlike the policy they are directly related to a peer.
>
>
> For I
On Tue, Feb 21, 2006 at 11:39:05AM +0100, Patrick McHardy wrote:
>
> The idle time expiration of policies is used for DPD, right? I wonder
> why the SAs aren't used for this (also with idle time expiration),
> unlike the policy they are directly related to a peer.
For IKE IPsec usage there is usua
Herbert Xu wrote:
> Kristian Slavov <[EMAIL PROTECTED]> wrote:
>
>>I noticed that the SA's curlft->usetime is only updated once (time of the
>>first packet). Is this the intended behaviour, or should it be the time
>>the SA was last used? SPs, on the other hand, are constantly updated as
>>pack
Kristian Slavov <[EMAIL PROTECTED]> wrote:
>
> I noticed that the SA's curlft->usetime is only updated once (time of the
> first packet). Is this the intended behaviour, or should it be the time
> the SA was last used? SPs, on the other hand, are constantly updated as
> packets flow.
Yes this
