On Thu, Sep 12, 2013 at 03:21:24PM +0200, Thomas Gleixner wrote: > > > (3): http://www.spinics.net/lists/netdev/msg245169.html > > Thanks for the explanation so far. > > What's still unclear to me is why these timeouts are bound to wall > time in the first place. > > Is there any real reason why the key life time can't simply be > expressed in monotonic time, e.g. N seconds after creation or M > seconds after usage? Looking at the relevant RFCs I can't find any > requirement for binding the life time to wall time. > > A life time of 10 minutes does not change when the wall clock is > adjusted for whatever reasons. It's still 10 minutes and not some > random result of the wall clock adjustments. But I might be wrong as > usual :)
Well we started out with straight timers. It was changed because people wanted IPsec SAs to expire after a suspect/resume which AFAIK does not touch normal timers. Of course, this brought with it a new set of problems when the system time is stepped which now cause SAs to expire even though they probably shouldn't. Cheers, -- Email: Herbert Xu <[email protected]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
