[IPSEC]IPSEC_MANUAL_REQID_MAX

September 5, 2008 - 5:54am

Submitted by xbit on September 5, 2008 - 5:54am.

Hi!

If Im correct, when a reqid is specified in an SP, SA with the same id will be chosen for applying it and vica versa. Otherwise, in case of 'use' level in an SP, the kernel will look after a suitable SA. if it can not be found, the pocket wont be processed further.
Am I right?
What if there is more than one suitable SA in the SADB? Which one will be applied?

Also I need to configure almost half a million SAs and SPs, but when the reqid of an SP gets above IPSEC_MANUAL_REQID_MAX(0x3fff), the kernel will drop the value and generate a new one.
It seems this is needed because of IKE daemons, but i wont have such beasts, so may i safely increase this value?
Anybody know why is this ceiling necessary and why is that so low?

thanks,
Zsolt

Navigation

Latest forum posts


read /dev/mem not working in 2.6	10 hours ago	Linux general
Fedora with Windows vista : windows explorer restarts	10 hours ago	Windows
Intel Graphics Drivers (IEGD 9.0.2) - help in patching for kernels > 2.6.24	17 hours ago	Linux kernel
Porting from Windows to Linux	17 hours ago	Linux general
Serial Driver Implementation Help	1 day ago	Linux kernel
aacraid bad	1 day ago	Linux general
Tools: GCC 3.4.6, Final GCC 3 Release	2 days ago	Applications and Utilities
GNU/Hurd is so awful	3 days ago	GNU/Hurd
Issues with NETLINK sockets	6 days ago	Linux kernel
Anyone experiancing compiling issues with 2.6.26.6 patching with rt patch 2.6.26.6-rt11?	6 days ago	Linux kernel

Show all forums...

Recent Tags

more tags

Colocation donated by:

Online users

Syndicate