Lines Matching +full:as +full:- +full:is
1 .. SPDX-License-Identifier: GPL-2.0
7 The sync patches work is based on initial patches from
11 The end goal for syncing is to be able to insert attributes + generate
14 The idea is to synchronize the SA so that the takeover machine can do
15 the processing of the SA as accurate as possible if it has access to it.
20 with as minimal loss at failover time.
21 This way a backup stays as closely up-to-date as an active member.
24 it is possible for a lot of the events to be generated.
25 For this reason, we also add a nagle-like algorithm to restrict
27 know if the replay sequence threshold is reached or 10 secs have passed"
28 These thresholds are set system-wide via sysctls or can be updated
32 - the lifetime byte counter
33 note that: lifetime time limit is not important if you assume the failover
34 machine is known ahead of time since the decay of the time countdown
35 is not driven by packet arrival.
36 - the replay sequence for both inbound and outbound
39 ----------------------
41 nlmsghdr:aevent_id:optional-TLVs.
49 A XFRM_MSG_NEWAE will have at least two TLVs (as is
61 The unique SA is identified by the combination of xfrm_usersa_id,
71 XFRM_AE_CR=16, /* Event cause is replay update */
72 XFRM_AE_CE=32, /* Event cause is timer expiry */
73 XFRM_AE_CU=64, /* Event cause is policy update */
75 How these flags are used is dependent on the direction of the
76 message (kernel<->user) as well the cause (config, query or event).
77 This is described below in the different messages.
87 -----------------------------------------
102 when the replay sequence is exceeded.
106 This is a timer value in milliseconds which is used as the nagle
110 ---------------------------------------------
112 By default these events should be turned off unless there is
117 in order to not change existing applications such as racoon
125 units of time of 100ms. The default is 10 (1 second)
129 in incremental packet count. The default is two packets.
132 ----------------
134 a) XFRM_MSG_GETAE issued by user-->kernel.
137 The response is a XFRM_MSG_NEWAE which is formatted based on what
141 * if XFRM_AE_RTHR flag is set, then XFRMA_REPLAY_THRESH is also retrieved
142 * if XFRM_AE_ETHR flag is set, then XFRMA_ETIMER_THRESH is also retrieved
144 b) XFRM_MSG_NEWAE is issued by either user space to configure
147 i) user --> kernel to configure a specific SA.
152 A response is issued back to the sender in user space to indicate success
156 XFRM_MSG_NEWAE is also issued to any listeners as described in iii).
158 ii) kernel->user direction as a response to XFRM_MSG_GETAE
165 iii) kernel->user to report as event if someone sets any values or
166 thresholds for an SA using XFRM_MSG_NEWAE (as described in #i above).
167 In such a case XFRM_AE_CU flag is set to inform the user that
168 the change happened as a result of an update.
171 iv) kernel->user to report event when replay threshold or a timeout
172 is exceeded.
175 happened) is set to inform the user what happened.
180 --------------------------------
182 If you have an SA that is getting hit by traffic in bursts such that
183 there is a period where the timer threshold expires with no packets
184 seen, then an odd behavior is seen as follows:
187 to be reached. This is done for simplicity and efficiency reasons.
189 -JHS