tech-crypto: Re: ipsec/ipfilter interaction problem

Subject: Re: ipsec/ipfilter interaction problem
To: None <tech-crypto@netbsd.org>
From: Christoph Kaegi <kgc@zhwin.ch>
List: tech-crypto
Date: 09/26/2003 14:16:46
On 26.09-18:20, Daniel Carosone wrote:
> On Fri, Sep 26, 2003 at 06:20:39AM +0200, Christoph Kaegi wrote:
> > Hm, what does that mean? Can I do something about it, so the SA
> > doesn't die? Who can it die anyway?
> 
> setkey -D, both while working and once failed.
> 

The diff doesn't show much difference for my eyes
and the SA's are not dead either:

-------------------------------------- 8< --------------------------------------
hostb# diff ipsec-D.ok ipsec-D.notok 
5,10c5,10
<       created: Sep 26 12:28:14 2003   current: Sep 26 12:28:17 2003
<       diff: 3(s)      hard: 0(s)      soft: 0(s)
<       last:                           hard: 0(s)      soft: 0(s)
<       current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
<       allocated: 0    hard: 0 soft: 0
<       sadb_seq=1 pid=19007 refcnt=1
---
>       created: Sep 26 12:28:14 2003   current: Sep 26 14:11:42 2003
>       diff: 6208(s)   hard: 0(s)      soft: 0(s)
>       last: Sep 26 14:11:10 2003      hard: 0(s)      soft: 0(s)
>       current: 1155(bytes)    hard: 0(bytes)  soft: 0(bytes)
>       allocated: 17   hard: 0 soft: 0
>       sadb_seq=1 pid=21938 refcnt=1
14,20c14,20
<       seq=0x00000000 replay=0 flags=0x00000040 state=mature 
<       created: Sep 26 12:28:14 2003   current: Sep 26 12:28:17 2003
<       diff: 3(s)      hard: 0(s)      soft: 0(s)
<       last:                           hard: 0(s)      soft: 0(s)
<       current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
<       allocated: 0    hard: 0 soft: 0
<       sadb_seq=0 pid=19007 refcnt=1
---
>       seq=0x00000010 replay=0 flags=0x00000040 state=mature 
>       created: Sep 26 12:28:14 2003   current: Sep 26 14:11:42 2003
>       diff: 6208(s)   hard: 0(s)      soft: 0(s)
>       last: Sep 26 12:41:28 2003      hard: 0(s)      soft: 0(s)
>       current: 3088(bytes)    hard: 0(bytes)  soft: 0(bytes)
>       allocated: 16   hard: 0 soft: 0
>       sadb_seq=0 pid=21938 refcnt=2

-------------------------------------- 8< --------------------------------------

Other ideas?

Thanks
Chris

-- 
----------------------------------------------------------------------
Christoph Kaegi                                           kgc@zhwin.ch
----------------------------------------------------------------------