Re: sockets affected by IPsec always block (2.6.23)

From: Herbert Xu
Date: Wed Dec 05 2007 - 02:16:28 EST

Next message: Sam Ravnborg: "Re: [PATCH] depmod: sort output according to modules.order"
Previous message: David Miller: "Re: sockets affected by IPsec always block (2.6.23)"
In reply to: David Miller: "Re: sockets affected by IPsec always block (2.6.23)"
Next in thread: David Miller: "Re: sockets affected by IPsec always block (2.6.23)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 04, 2007 at 11:12:00PM -0800, David Miller wrote:
> From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Date: Wed, 5 Dec 2007 17:51:32 +1100
>
> > Does anybody actually need the 0 setting? What would we break if
> > the default became 1?
>
> I bet there are UDP apps out there that would break if we
> didn't do this.

Right. This is definitely bad for protocols without a retransmission
mechanism.

However, is the 0 setting ever useful for TCP and in particular, TCP's
connect(2) call? Perhaps we can just make that one always drop.

Well, until someone implements queueing to fix all of this properly
that is :)

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sam Ravnborg: "Re: [PATCH] depmod: sort output according to modules.order"
Previous message: David Miller: "Re: sockets affected by IPsec always block (2.6.23)"
In reply to: David Miller: "Re: sockets affected by IPsec always block (2.6.23)"
Next in thread: David Miller: "Re: sockets affected by IPsec always block (2.6.23)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]