Re: [Ipsec-tools-devel] ISAKMP-SA expired
Brought to you by:
mit_warlord,
netbsd
From: VANHULLEBUS Y. <va...@fr...> - 2005-04-04 10:50:48
|
On Mon, Apr 04, 2005 at 08:20:52AM +0200, Emmanuel Dreyfus wrote: [....] > A sane release engineering practice would be to make a quick fix to the > stable branches and do the code redisigining in HEAD. That way people > using HEAD would test the new code, not people using release code. The problem is that my fix just made an existing "problem" being more likely to happen in some configurations. > I know that the 0.5 branch is your favourite code base for developement, > but you should really consider moving forward: HEAD is not that > different from 0.5, nor is it especially unstable or buggy (well, if > features are introduced in 0.5 branch then backported to HEAD, then HEAD > is likely to be even more bug-free than 0.5...). I had to make some work on 0.5, we already talked about that, don't worry, conf reloading and some other things I know I'll do soon will only be commited to HEAD :-) > What could be the quick fix for stable branches? Is backing out the > change an option? I don't really understand what that change was fixing: > is no fix better than a buggy fix? Before this fix, racoon already had a strange way of deleting phase1 handlers (so Isakmp-SAs): - mark it as expired - check if some phase2 are linked to it yes ? -> reshedule expire process next second no ? -> do the delete stuff And the expire process is logged each second. On some other part of the code, I just removed an unbindph12(), which should not be here: every phase2 handler should be linked to it's phase1 handler ! So, for me, the problem always existed, the short-way "fix" would be to just change the log statement in isakmp_ph1expire() (the phase1 will be deleted, but only when no more phase2 will be linked to it), and my fix just explains why, in some specific configurations, people have the logging problem on 0.5.1 but not in 0.5. Yvan. |