[Openswan dev] async DNS and ipv6 AH
David McCullough
david_mccullough at mcafee.com
Tue Nov 30 17:19:36 EST 2010
Jivin Paul Wouters lays it down ...
> On Tue, 30 Nov 2010, davidm at vault.xelerance.com wrote:
>
> > Author: David McCullough <david_mccullough at mcafee.com>
> > Date: Tue Nov 30 10:51:28 2010 +1000
> >
> > Prevent long DNS lookups on alt. addressing
> >
> > Not that ttoaddr handles IPv4/IPv6 notation properly,
> > we can just use the one call, preventing big hangs in
> > pluto while DNS times out. This code should be moved to
> > use async DNS if possible, though it isn't usually needed.
>
> I'd like to look at replacing the lwres code with some kind of form
> of unbound. the question is, should we count on a local DNS server,
> or should be do our own caching? In the latter case, stubound with
> evldns? (evldns is libevent+ldns)
I would probably do it like the crypto helpers if I were to do it. In that
case I would be relying on the local resolver to get it right, but never
waiting for it.
I've had some contact with libevent, but no formed opinion on that one.
> > commit c09b80e85919455a5aa5cfb21643a1b3a08d343e
> > Author: David McCullough <david_mccullough at mcafee.com>
> > Date: Tue Nov 30 10:44:17 2010 +1000
> >
> > Remove ipv6 protocol at unload properly
> >
> > So that we can be reloaded or switch to netkey :-)
>
> I noticed add/del_proto is only done for ESP, not AH? Was this on purpose?
Probably not :-) I more than likely didn't even consider it sice
I haven't done the AH/IPv6 work yet, just the prelim work to keep ipv4
happy.
Cheers,
Davidm
--
David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Dev
mailing list