On Tue, 2005-20-12 at 06:04 +0100, Krzysztof Oledzki wrote:
>
> On Mon, 19 Dec 2005, jamal wrote:
>
> > On Mon, 2005-19-12 at 13:57 -0800, David S. Miller wrote:
> >> From: jamal <[EMAIL PROTECTED]>
> >> Date: Mon, 19 Dec 2005 08:17:19 -0500
> >>
> >>> Just an addendum: If this works it should be
From: Krzysztof Oledzki <[EMAIL PROTECTED]>
Date: Tue, 20 Dec 2005 06:25:12 +0100 (CET)
> Yes, it works now perfectly:
Wonderful, it's in Linus's 2.6.15 tree and submitted
for 2.6.14-stable.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PRO
On Mon, 19 Dec 2005, David S. Miller wrote:
From: Krzysztof Oledzki <[EMAIL PROTECTED]>
Date: Mon, 19 Dec 2005 10:37:14 +0100 (CET)
OK. With this patch kernel switches to new SA immediately, but only for
ping. TCP (ssh) session between Cisco and Linux is still protected by the
old SA.
Ok,
On Mon, 19 Dec 2005, jamal wrote:
On Mon, 2005-19-12 at 13:57 -0800, David S. Miller wrote:
From: jamal <[EMAIL PROTECTED]>
Date: Mon, 19 Dec 2005 08:17:19 -0500
Just an addendum: If this works it should be sysctl controlled i hope.
There is absolutely no reason for that, so no :)
Well
From: jamal <[EMAIL PROTECTED]>
Date: Mon, 19 Dec 2005 19:18:55 -0500
> BTW, what kernels are these patches against?
2.6.15-GIT, and it would likely apply to 2.6.14 as well :)
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More ma
On Mon, 2005-19-12 at 13:57 -0800, David S. Miller wrote:
> From: jamal <[EMAIL PROTECTED]>
> Date: Mon, 19 Dec 2005 08:17:19 -0500
>
> > Just an addendum: If this works it should be sysctl controlled i hope.
>
> There is absolutely no reason for that, so no :)
>
Well, we went from "use old SA"
From: jamal <[EMAIL PROTECTED]>
Date: Mon, 19 Dec 2005 08:17:19 -0500
> Just an addendum: If this works it should be sysctl controlled i hope.
There is absolutely no reason for that, so no :)
> A second approach inspired from your current patch:
> Just delete the route cache entry for the one sp
From: Krzysztof Oledzki <[EMAIL PROTECTED]>
Date: Mon, 19 Dec 2005 10:37:14 +0100 (CET)
> OK. With this patch kernel switches to new SA immediately, but only for
> ping. TCP (ssh) session between Cisco and Linux is still protected by the
> old SA.
Ok, we're making progress :-)
When the bundles
On Sat, 2005-17-12 at 15:03 -0800, David S. Miller wrote:
> From: Krzysztof Oledzki <[EMAIL PROTECTED]>
> Date: Fri, 16 Dec 2005 13:15:58 +0100 (CET)
>
> > Thank you! Will test ASAP. Need day or two, I need to reassemble my
> > IPSec netlab. ;)
>
> Please let me know if it works as soon as you kn
On Sun, 18 Dec 2005, David S. Miller wrote:
From: "David S. Miller" <[EMAIL PROTECTED]>
Date: Sun, 18 Dec 2005 13:20:19 -0800 (PST)
From: Krzysztof Oledzki <[EMAIL PROTECTED]>
Date: Sun, 18 Dec 2005 17:49:50 +0100 (CET)
At 17:31:26 kernel executed the one from xfrm_state_add() (Ole #2) but
From: "David S. Miller" <[EMAIL PROTECTED]>
Date: Sun, 18 Dec 2005 13:20:19 -0800 (PST)
> From: Krzysztof Oledzki <[EMAIL PROTECTED]>
> Date: Sun, 18 Dec 2005 17:49:50 +0100 (CET)
>
> > At 17:31:26 kernel executed the one from xfrm_state_add() (Ole #2) but it
> > didn't help. :(
>
> Thanks for
From: Krzysztof Oledzki <[EMAIL PROTECTED]>
Date: Sun, 18 Dec 2005 17:49:50 +0100 (CET)
> At 17:31:26 kernel executed the one from xfrm_state_add() (Ole #2) but it
> didn't help. :(
Thanks for testing, I'll try to figure out what might be going
on.
-
To unsubscribe from this list: send the line
On Thu, 15 Dec 2005, David S. Miller wrote:
From: "David S. Miller" <[EMAIL PROTECTED]>
Date: Thu, 15 Dec 2005 17:52:54 -0800 (PST)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 7cf48aa..25dd8f4 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
Sorry, that p
From: Krzysztof Oledzki <[EMAIL PROTECTED]>
Date: Fri, 16 Dec 2005 13:15:58 +0100 (CET)
> Thank you! Will test ASAP. Need day or two, I need to reassemble my
> IPSec netlab. ;)
Please let me know if it works as soon as you know.
I think for now it's more important to have things working than to
On Thu, 15 Dec 2005, David S. Miller wrote:
From: "David S. Miller" <[EMAIL PROTECTED]>
Date: Thu, 15 Dec 2005 17:52:54 -0800 (PST)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 7cf48aa..25dd8f4 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
Sorry, that p
From: "David S. Miller" <[EMAIL PROTECTED]>
Date: Thu, 15 Dec 2005 17:52:54 -0800 (PST)
> diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
> index 7cf48aa..25dd8f4 100644
> --- a/net/xfrm/xfrm_state.c
> +++ b/net/xfrm/xfrm_state.c
Sorry, that patch was incomplete, please try this one in
The following is an extremely inefficient way to make new
SAs visible immediately. It is just for example purposes.
We just flush out all the cached bundles any time we insert
a new SA state.
Krzysztof, can you at least verify that this makes your
problem go away? Thanks.
diff --git a/net/xfr
17 matches
Mail list logo
