[Openswan dev] Phase 2 Negotiation Reliability

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Herbert" == Herbert Xu <herbert at gondor.apana.org.au> writes:
    >> per-state would permit it to be different for quick_I1 vs
    >> main_R3, etc.  I don't think it would be interesting on a
    >> per-connection basis.

    Herbert> Well I'm not sure whether you want to do this for main_R3.
    Herbert> It'd be better to turn on DPD early so that it can detect
    Herbert> this and kill the state.

  So, I've just accepted your patch as is. 
  I think it should be fine for most people.

    >> Note you can also make the value infinite by setting retries=0. I
    >> think that this would work for the a responding only system.

    Herbert> You never want to set this to infinity.  Otherwise if the
    Herbert> initiator decides to go away you're stuffed.  -- Visit

  For tunnels with static end-points, this isn't an issue, as there
isn't anything else you can do.
  Yes, for RW and OE, this would be wrong.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQUyQ1IqHRg3pndX9AQGTHAP8DeOt1rzTtbm9VNEJqVsU5xYJq0LBAk5u
MA7Y7qyE4ScovtF9RzHjBqMQdVtPFwxZhPBHAt/8O41KsWE22KliuGpdY5S5PPoq
S4v8Qpdgq7hb0TlZOal1bw7nzxrR29ezeF8KastE1XHzyXYxudORJVDOjKUMJcqJ
dal5dUj8dkw=
=IMgg
-----END PGP SIGNATURE-----