[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer
Michael Richardson
mcr at sandelman.ottawa.on.ca
Thu Dec 6 19:02:17 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "starlight" == starlight <starlight at binnacle.cx> writes:
>> What is supposed to happen, which isn't, is that you are suppose
>> to start the rekey around 2M bytes (or 2M packets), so that
>> you've completed it by 4M bytes (or 4M packets). Likely, it does
>> hit 4M, and the SA gets killed, just that you can't catch it at
>> that point.
starlight> Two million or two billion? I should think you mean
starlight> billion. So it's definitely a "bad thing" to rekey with
Yes, billion. sorry.
starlight> byte count or packet count that exceeds 32 bits? I was
starlight> going to call it a bug after confirming that it works
starlight> with the shorter keylife=, but from what you say it seems
starlight> there is no question that this indeed is a bug.
Most people rekey sooner based upon time.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBR1iNiICLcPvd0N1lAQKTWQgAwToShlg+EivDjxXEfgY4Vcc6cfNYjJoN
wxAI6jaK5l28PpslwABUAjvOXStXPhVggF1p21AUN8+/4/V6LFgDibFmLAIOsZ4j
cgmjUsNvWclOkZQmPzu6R8/2vGVVWteM0i1QdTzcEffNsayyzgMRRIKiEpB2/lu1
r8EAMo2EBhtMprP6CoVqpz1TbUSsukYUgfdOhFuBnuR2JYmE22ExFYQYe+FJaEEQ
J4i1F3RwsSbTUXN81egWuEgw/A7ue6oxGwxMOfO0ze8NXSr+oDK+6z52uEmC73/W
lx7kKM2mzBa4V1JrTNHH0Q3w2WRGYMis6erov/zgtkEf4aCllbEKFA==
=PM5z
-----END PGP SIGNATURE-----
More information about the Dev
mailing list