Received: with ECARTIS (v1.0.0; list netdev); Fri, 25 Mar 2005 16:33:59 -0800 (PST)
Received: from arnor.apana.org.au (mail@arnor.apana.org.au [203.14.152.115])
	by oss.sgi.com (8.13.0/8.13.0) with ESMTP id j2Q0Xlq7009751
	for <netdev@oss.sgi.com>; Fri, 25 Mar 2005 16:33:48 -0800
Received: from gondolin.me.apana.org.au ([192.168.0.6] ident=mail)
	by arnor.apana.org.au with esmtp (Exim 3.35 #1 (Debian))
	id 1DEzEl-0001Ch-00; Sat, 26 Mar 2005 11:33:11 +1100
Received: from herbert by gondolin.me.apana.org.au with local (Exim 3.36 #1 (Debian))
	id 1DEzCc-000603-00; Sat, 26 Mar 2005 11:30:58 +1100
Date: Sat, 26 Mar 2005 11:30:58 +1100
To: jamal <hadi@cyberus.ca>
Cc: "David S. Miller" <davem@redhat.com>,
        Masahide NAKAMURA <nakam@linux-ipv6.org>,
        Shinta Sugimoto <shinta.sugimoto@ericsson.com>,
        netdev <netdev@oss.sgi.com>
Subject: Re: PATCH: IPSEC acquire in presence of multiple managers
Message-ID: <20050326003058.GA22930@gondor.apana.org.au>
References: <1111795927.1089.749.camel@jzny.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1111795927.1089.749.camel@jzny.localdomain>
User-Agent: Mutt/1.5.6+20040907i
From: Herbert Xu <herbert@gondor.apana.org.au>
X-Virus-Scanned: ClamAV 0.83/784/Thu Mar 24 23:57:57 2005 on oss.sgi.com
X-Virus-Status: Clean
X-archive-position: 723
X-ecartis-version: Ecartis v1.0.0
Sender: netdev-bounce@oss.sgi.com
Errors-to: netdev-bounce@oss.sgi.com
X-original-sender: herbert@gondor.apana.org.au
Precedence: bulk
X-list: netdev
Content-Length: 891
Lines: 25

On Fri, Mar 25, 2005 at 07:12:07PM -0500, jamal wrote:
> 
> Acquire should be supported by both pfkey and netlink.
> However, it stops to send acquire message from the kernel on first
> success.
> It is possible that one or the other manager maybe passively monitoring
> and needs to see those messages.

Yes that's a good catch.

One problem though is that if theal real KM is dead but the passive
monitor is still there then the kernel will have to wait for the
larval states to time out.

It can happen without the patch too if the KM dies after the message
is delivered.  This will make it slightly more likely.

I guess that's something we'll just have to live with.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt