[Openswan dev] OpenSwan 2.6.10-1 on OpenWrt 7.09 consistently hangs on large HTTP file transfer

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "starlight" == starlight  <starlight at binnacle.cx> writes:
    >> What is supposed to happen, which isn't, is that you are suppose
    >> to start the rekey around 2M bytes (or 2M packets), so that
    >> you've completed it by 4M bytes (or 4M packets).  Likely, it does
    >> hit 4M, and the SA gets killed, just that you can't catch it at
    >> that point.

    starlight> Two million or two billion?  I should think you mean
    starlight> billion. So it's definitely a "bad thing" to rekey with

  Yes, billion. sorry.

    starlight> byte count or packet count that exceeds 32 bits?  I was
    starlight> going to call it a bug after confirming that it works
    starlight> with the shorter keylife=, but from what you say it seems
    starlight> there is no question that this indeed is a bug.

  Most people rekey sooner based upon time.

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBR1iNiICLcPvd0N1lAQKTWQgAwToShlg+EivDjxXEfgY4Vcc6cfNYjJoN
wxAI6jaK5l28PpslwABUAjvOXStXPhVggF1p21AUN8+/4/V6LFgDibFmLAIOsZ4j
cgmjUsNvWclOkZQmPzu6R8/2vGVVWteM0i1QdTzcEffNsayyzgMRRIKiEpB2/lu1
r8EAMo2EBhtMprP6CoVqpz1TbUSsukYUgfdOhFuBnuR2JYmE22ExFYQYe+FJaEEQ
J4i1F3RwsSbTUXN81egWuEgw/A7ue6oxGwxMOfO0ze8NXSr+oDK+6z52uEmC73/W
lx7kKM2mzBa4V1JrTNHH0Q3w2WRGYMis6erov/zgtkEf4aCllbEKFA==
=PM5z
-----END PGP SIGNATURE-----