[Openswan dev] async DNS and ipv6 AH

David McCullough david_mccullough at mcafee.com
Tue Nov 30 17:19:36 EST 2010


Jivin Paul Wouters lays it down ...
> On Tue, 30 Nov 2010, davidm at vault.xelerance.com wrote:
> 
> > Author: David McCullough <david_mccullough at mcafee.com>
> > Date:   Tue Nov 30 10:51:28 2010 +1000
> >
> >    Prevent long DNS lookups on alt. addressing
> >
> >    Not that ttoaddr handles IPv4/IPv6 notation properly,
> >    we can just use the one call,  preventing big hangs in
> >    pluto while DNS times out.  This code should be moved to
> >    use async DNS if possible,  though it isn't usually needed.
> 
> I'd like to look at replacing the lwres code with some kind of form
> of unbound. the question is, should we count on a local DNS server,
> or should be do our own caching? In the latter case, stubound with
> evldns? (evldns is libevent+ldns)

I would probably do it like the crypto helpers if I were to do it.  In that
case I would be relying on the local resolver to get it right, but never
waiting for it.

I've had some contact with libevent,  but no formed opinion on that one.

> > commit c09b80e85919455a5aa5cfb21643a1b3a08d343e
> > Author: David McCullough <david_mccullough at mcafee.com>
> > Date:   Tue Nov 30 10:44:17 2010 +1000
> >
> >    Remove ipv6 protocol at unload properly
> >
> >    So that we can be reloaded or switch to netkey :-)
> 
> I noticed add/del_proto is only done for ESP, not AH? Was this on purpose?

Probably not :-)  I more than likely didn't even consider it sice 
I haven't done the AH/IPv6 work yet, just the prelim work to keep ipv4
happy.

Cheers,
Davidm

-- 
David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org


More information about the Dev mailing list