[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer
mcr at sandelman.ottawa.on.ca
Thu Dec 6 19:02:17 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "starlight" == starlight <starlight at binnacle.cx> writes:
>> What is supposed to happen, which isn't, is that you are suppose
>> to start the rekey around 2M bytes (or 2M packets), so that
>> you've completed it by 4M bytes (or 4M packets). Likely, it does
>> hit 4M, and the SA gets killed, just that you can't catch it at
>> that point.
starlight> Two million or two billion? I should think you mean
starlight> billion. So it's definitely a "bad thing" to rekey with
Yes, billion. sorry.
starlight> byte count or packet count that exceeds 32 bits? I was
starlight> going to call it a bug after confirming that it works
starlight> with the shorter keylife=, but from what you say it seems
starlight> there is no question that this indeed is a bug.
Most people rekey sooner based upon time.
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev