Le 06/09/2012 20:10, David Miller a écrit :
From: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
Date: Thu, 6 Sep 2012 13:40:29 -0400
dst stored in struct sctp_transport needs to be recalculated when ipsec policy
are updated. We use flow_cache_genid for that.
For example, if a SCTP connection is established and then an IPsec policy is
set, the old SCTP flow will not be updated and thus will not use the new
IPsec policy.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
I don't like that SCTP need to perform special DST validation.
Ipv6 do the same:
inet6_csk_xmit()->inet6_csk_route_socket()->__inet6_csk_dst_check()
-> compare flow_cache_genid and rt6i_flow_cache_genid.
The normal DST validation mechanism already in place should be
sufficient.
I don't find why TCP recalculate the route, but it's not immediate, we should
wait a little.
Otherwise this problem must exist in other protocols too, and
fixing a tree wide issue privately inside of one protocol is
not acceptable.
I will propose another patch.
Regards,
Nicolas
--
To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
