Jean-Mickael Guerin <[EMAIL PROTECTED]> wrote: > In ip6ip6_tnl_xmit(), we do not xfrm_lookup() when the dst has been > stored in cache. > If cache is filled before a security policy such ipsec transport mode on > end points > is added, and no routing changes happen, how to invalidate the cache to > trigger a > new xfrm_lookup()?
IIRC we used to call xfrm_dst_check every time and it would tell us that the cache has expired. Hmm, it seems that xfrm_dst_check now uncondtionally returns NULL so we never have a cache with IPsec. This seems to come from the xfrm policy/state cache flushing patch. Dave, is this really the intention? Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
