[Swan-dev] suspicious code in linux/net/ipsec/ipsec_ocf.c

David McCullough ucdevel at gmail.com
Mon Mar 24 03:52:09 EET 2014

Paul Wouters wrote the following:
> On Sun, 23 Mar 2014, David McCullough wrote:
> >Yes,  the code should be as you have shown above.  They are seperate flags
> >that can be set independently.
> >
> >My only concern is that this typo has been there since Dec 2010 and
> >effectively means that no one has been using CBIMM.  So I wonder if we
> >should default ipsec_ocf_cbimm to 0 instead of 1.
> >
> >The default for this was previously 1 and the overall operation has not
> >changed,  so I am ok to leave it at 1,  just keep it in mind I guess in
> >case we start seeing reports of OCF issues on libreswan :-)
> As you are the OCF upstream/expert, I think you're in the best position
> to make this call. Perhaps also tell us in a little more details what
> ipsec_ocf_cbimm and the other options are (and I'll add it to our wiki
> :)

Ok,  leave it as a default of 1,  so Hugh's patch is good as posted.

ipsec_ocf_cbimm - the OCF layer will call back on completion immediately
                  rather than calling back from a work queue (softirq)
                  context.  Your callbacks need to be very careful and
                  re-entrant safe to use this mode. KLIPS is typically safe
                  to use in this mode.

ipsec_ocf_batch - Instruct OCF to batch requests if possible. Typically
                  this should be enabled.


David McCullough,  ucdevel at gmail.com,   Ph: 0410 560 763

More information about the Swan-dev mailing list