Received: with ECARTIS (v1.0.0; list netdev); Fri, 25 Mar 2005 16:54:45 -0800 (PST)
Received: from mx01.cybersurf.com (mx01.cybersurf.com [209.197.145.104])
	by oss.sgi.com (8.13.0/8.13.0) with ESMTP id j2Q0sfot011411
	for <netdev@oss.sgi.com>; Fri, 25 Mar 2005 16:54:41 -0800
Received: from mail.cyberus.ca ([209.197.145.21])
	by mx01.cybersurf.com with esmtp (Exim 4.30)
	id 1DEzZR-0004lk-VY
	for netdev@oss.sgi.com; Fri, 25 Mar 2005 17:54:33 -0700
Received: from [24.103.99.32] (helo=[10.0.0.9])
	by mail.cyberus.ca with esmtp (Exim 4.20)
	id 1DEzZU-0001e3-J5; Fri, 25 Mar 2005 19:54:36 -0500
Subject: Re: PATCH: IPSEC acquire in presence of multiple managers
From: jamal <hadi@cyberus.ca>
Reply-To: hadi@cyberus.ca
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@redhat.com>,
        Masahide NAKAMURA <nakam@linux-ipv6.org>,
        Shinta Sugimoto <shinta.sugimoto@ericsson.com>,
        netdev <netdev@oss.sgi.com>
In-Reply-To: <20050326003058.GA22930@gondor.apana.org.au>
References: <1111795927.1089.749.camel@jzny.localdomain>
	 <20050326003058.GA22930@gondor.apana.org.au>
Content-Type: text/plain
Organization: jamalopolous
Message-Id: <1111798470.1090.774.camel@jzny.localdomain>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.2 
Date: 25 Mar 2005 19:54:31 -0500
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.83/784/Thu Mar 24 23:57:57 2005 on oss.sgi.com
X-Virus-Status: Clean
X-archive-position: 725
X-ecartis-version: Ecartis v1.0.0
Sender: netdev-bounce@oss.sgi.com
Errors-to: netdev-bounce@oss.sgi.com
X-original-sender: hadi@cyberus.ca
Precedence: bulk
X-list: netdev
Content-Length: 912
Lines: 28

On Fri, 2005-03-25 at 19:30, Herbert Xu wrote:

> One problem though is that if theal real KM is dead but the passive
> monitor is still there then the kernel will have to wait for the
> larval states to time out.
> 
> It can happen without the patch too if the KM dies after the message
> is delivered.  This will make it slightly more likely.
> 

Agreed. 

> I guess that's something we'll just have to live with.

Well its useful even if we could just run "ip mon" to look at acquires
going across.

If i understood correctly pfkey: the kernel can be told when a KM is
about to die or just came back up using an empty acquire message by the
KM. I dont think we support this at the moment from looking at the code.
It seems that we dont support any acquires from userspace to kernel
which in theory could be triggered by some apps (I saw OSPF;->) trying 
to get a SA. Is this common behavior?

cheers,
jamal