Hi, On Monday 30 January 2006 22:33, jamal wrote: > > We implemented partial ISAKMP SA synchronization in racoon. That > Unfortunately this would also mean dependency on racoon. Is there any > other way to do it without having to change racoon? example the phase1 > scripts or racoonctl? > It seems to me that the only useful runtime parameter really - dont > know how you would extract this without changing racoon - is peer/local > cookies, no? From that one should be able to generate the SAs.
Not really IMHO. You definitely need the shared secret associated with that SA, DPD state, etc. But what about leaving this alone for now, I think the very first step should be something like OpenBSD's sasyncd, which absolutely does not care about proper ISAKMP synchronization. We can think about these things later, if all the kernel-level things are settled. > > Indeed, but this value depends on whether or not the user-space is > > clever enough to use it. Let's suppose it will be. :) > > I do in the code i am testing with at the moment. I havent been testing > a lot of corner cases - and so far havent needed any padding; but will > let you know how it goes. In any case, lets agree we need it. Whoever > feels brave enough to do without could. OK. -- Regards, Krisztian Kovacs - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
