On Mon, Jul 07, 2003 at 06:47:24PM -0400, Sam Sgro wrote: > > On Mon, 7 Jul 2003, Sam Sgro wrote: > > > Upon a subsequent restart of ipsec, I briefly experienced the same phenomenon, > > but then it cleared itself up after 10 seconds or so. > > Looking at a tcpdump, it appears these errors occur during the IKE > negotiations. Yes, the acquire wait in xfrm_lookup is fairly broken right now. In particular, TCP connections will always fail with EGAIN. I believe that Alexey Kuznetsov is working on a better system akin to ARP resolution. Perhaps Alexey can tell us how that is progressing? In the mean time of course the user will have to do the retrying :) -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
