CSTP reconnect segfault on HEAD
David Woodhouse
dwmw2 at infradead.org
Wed Jun 27 18:57:14 EDT 2012
On Wed, 2012-06-27 at 17:07 -0500, Jack Miller wrote:
> I've appended the relevant sections of the log and redacted some of the
> network topology stuff - better safe than sorry. It appears that it's just
> configured that way (DTLS-Rekey-Time = 3600). As I mentioned before, I can't
> comment on the validity of the setup =).
Hm, we do reconnect the CSTP connection for a DTLS rekey; I'm not sure
we need to. I knocked up a quick patch to "fix" that, but then noticed
that your server is actually asking for a CSTP rekey every 3600 seconds
*too*. So yeah, your server is configured to request that, and I don't
think there's a lot we can do about it. Perhaps we could optimise for
it, and do it asynchronously rather than blocking data traffic while we
reconnect the TCP connection. But mostly I'm inclined to suggest that it
is a silly configuration on the part of your server, and not worry about
it... unless you care enough to submit a patch :)
(CSTP is the TCP/HTTPS control connection, while DTLS is UDP and is what
we use for the actual network traffic wherever possible.)
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120627/2e0d3441/attachment.bin>
More information about the openconnect-devel
mailing list