Hello, When there is a lot (thousands) of IPSec policy rules in the kernel, a dump request from user land would currently cause most of the policy rules to not make it to the socket receive buffer depending on what value sk_rcvbuf has. Using setkey to load a bunch of policy rules, then trying to dump them is an easy way to show the problem (you get to see the first XXX rules come out, then a failure).
This causes racoon (ipsec-tools) to fail since it does a dump of the SPD on startup to retrieve the entire database. The above kernel issue also applies to SAs and ACQUIRE requests. I gather this is a known issue and was wondering about possible/acceptable solutions as I would like to help resolve this problem. Thanks, venkat - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
