hipl-core team mailing list archive
Mailing list archive
Re: About the hipfw-performance branch
On Tue, 14 Sep 2010 09:40:11 +0200, Tobias Heer <heer@xxxxxxxxxxxxxxxxx>
We need to fix this. However, I am confident that the change will be
- opportunistic mode
Yes, opp-mode and midauth might even work right away because the magic
happens before recording the SA in the firewall.
- lightweight update
Was there code for this in the firewall? What does it do?
Most of the code is here:
Lightweight update was mentioned because I assumed this is somehow related
to updating IP/SPI associations (like ordinary HIP_UDPATE), even though I
don't see where that's happening by skimming through the code (looking for
A propos: Currently, multiple destination addresses are managed per SPI
(i.e., a list is used):
Is this still supported? If so, then I don't see where old addresses are
currently purged in the code, i.e. if an SA's IP address updates 10 times
to different values, there will be 10 values present in the list (and 10
iptables rules) until the connection is removed completely.