On Wed, Jan 21, 2015 at 09:56:34AM +0000, Thomas Graf wrote: > > Exactly. I think we also need a timer to abort walks because if > only a single walker is allowed, an attacker could start a walk and > not complete it to block out everybody else. My scheme should support an arbitrary number of walks. See how xfrm_state_walk is implemented. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
