On Mon, 1 Aug 2005, Herbert Xu wrote:
On Sun, Jul 31, 2005 at 09:26:31PM -0700, David S. Miller wrote:
BTW, the kernel isn't actually inconsistent if it doesn't switch to
the new SA immediately. After all, the old SA is still valid until it
expires. In this particular bug report, it's only because the remote
end is buggy by deleting the old SA immediately (and silently) that
we've got a problem.
RFC 2408 says: "A protocol implementation SHOULD begin using the newly
created SA for outbound traffic and SHOULD continue to support incoming
traffic on the old SA until it is deleted or until traffic is received
under the protection of the newly created SA." - Section 4.3.
The problem is the word SHOULD and IMHO both Linux and peer are buggy.
Best regards,
Krzysztof Olędzki
