Re: sockets affected by IPsec always block (2.6.23)

From: David Miller
Date: Thu Dec 06 2007 - 22:20:52 EST

Next message: Jared Hulbert: "Re: [patch] ext2: xip check fix"
Previous message: Kamalesh Babulal: "Re: 2.6.24-rc4-mm1 kobject changes broken with hvcs driver on powerpc"
In reply to: Stefan Rompf: "Re: sockets affected by IPsec always block (2.6.23)"
Next in thread: Stefan Rompf: "Re: sockets affected by IPsec always block (2.6.23)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stefan Rompf <stefan@xxxxxxxxx>
Date: Thu, 6 Dec 2007 15:31:53 +0100

> as far as I've understood Herbert's patch, at least TCP connect can be fixed
> so that non blocking connect() will neither fail nor block, but just use the
> first or second retransmission of the SYN packet to complete the handshake
> after IPSEC is up.

If IPSEC takes a long time to resolve, and we don't block, the
connect() can hard fail (we will just keep dropping the outgoing SYN
packet send attempts, eventually hitting the retry limit) in cases
where if we did block it would not fail (because we wouldn't send
the first SYN until IPSEC resolved).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jared Hulbert: "Re: [patch] ext2: xip check fix"
Previous message: Kamalesh Babulal: "Re: 2.6.24-rc4-mm1 kobject changes broken with hvcs driver on powerpc"
In reply to: Stefan Rompf: "Re: sockets affected by IPsec always block (2.6.23)"
Next in thread: Stefan Rompf: "Re: sockets affected by IPsec always block (2.6.23)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]