On Sun, Jun 29, 2003 at 03:16:02PM -0700, David S. Miller wrote: > > If user preempts one of your policy entries, he meant to do this. Let me add a bit of context to this. AFAIK, FreeSWAN is the only KM that operates on the principle of incremental change. It has no concept of a configuration file. All configuration is done through a Unix socket. Thus, adding/removing tunnels can be done (theoretically) without disturbing any other connections. With that in mind, this particular argument is easily countered since the user can tell the KM that he meant to do this and the KM still has to go through all existing policies and update them. > The KM must just add it to it's table and accept this. > > If user wants to coordinate in some higher way with KM, it must > arrange a protocol by which to do so, it is not the kernel's > problem. > > These discussions are really outside the realm of kernel side IPSEC > support. That's fine. I guess it's simplest to use a real IPIP/GRE tunnel in this case instead of bothering with IPsec tunnels. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
