[Swan-dev] suspicious code in linux/net/ipsec/ipsec_ocf.c

Paul Wouters paul at nohats.ca
Mon Mar 24 03:26:29 EET 2014

On Sun, 23 Mar 2014, David McCullough wrote:

> Yes,  the code should be as you have shown above.  They are seperate flags
> that can be set independently.
> My only concern is that this typo has been there since Dec 2010 and
> effectively means that no one has been using CBIMM.  So I wonder if we
> should default ipsec_ocf_cbimm to 0 instead of 1.
> The default for this was previously 1 and the overall operation has not
> changed,  so I am ok to leave it at 1,  just keep it in mind I guess in
> case we start seeing reports of OCF issues on libreswan :-)

As you are the OCF upstream/expert, I think you're in the best position
to make this call. Perhaps also tell us in a little more details what
ipsec_ocf_cbimm and the other options are (and I'll add it to our wiki


More information about the Swan-dev mailing list