[Swan-dev] suspicious code in linux/net/ipsec/ipsec_ocf.c
David McCullough
ucdevel at gmail.com
Mon Mar 24 03:52:09 EET 2014
Paul Wouters wrote the following:
> On Sun, 23 Mar 2014, David McCullough wrote:
>
> >Yes, the code should be as you have shown above. They are seperate flags
> >that can be set independently.
> >
> >My only concern is that this typo has been there since Dec 2010 and
> >effectively means that no one has been using CBIMM. So I wonder if we
> >should default ipsec_ocf_cbimm to 0 instead of 1.
> >
> >The default for this was previously 1 and the overall operation has not
> >changed, so I am ok to leave it at 1, just keep it in mind I guess in
> >case we start seeing reports of OCF issues on libreswan :-)
>
> As you are the OCF upstream/expert, I think you're in the best position
> to make this call. Perhaps also tell us in a little more details what
> ipsec_ocf_cbimm and the other options are (and I'll add it to our wiki
> :)
Ok, leave it as a default of 1, so Hugh's patch is good as posted.
ipsec_ocf_cbimm - the OCF layer will call back on completion immediately
rather than calling back from a work queue (softirq)
context. Your callbacks need to be very careful and
re-entrant safe to use this mode. KLIPS is typically safe
to use in this mode.
ipsec_ocf_batch - Instruct OCF to batch requests if possible. Typically
this should be enabled.
Cheers,
Davidm
--
David McCullough, ucdevel at gmail.com, Ph: 0410 560 763
More information about the Swan-dev
mailing list