On Mon, 9 Nov 2009 10:39:10 -0500 Herbert Xu wrote: > However, I have some reservations as to whether this is the ideal > situation. Unless I'm mistaken, this patch may cause IPsec SAs > to expire if the system clock was out of sync prior to IPsec startup > and is subsequently resynced by ntpdate or similar. > > For example, it's quite common for clocks to be out-of-sync by > 10 hours in Australia due to time zone issues with BIOS clocks. > So potentially ntpdate could move the clock forward by 10 hours > or more on bootup thus causing IPsec SAs to expire prematurely > with this patch. > > This shouldn't really be a problem in itself except that there > are some dodgy IPsec gateways out there that refuse to reestablish > IPsec SAs if the interval between two successive connections is > too small. This could render the SA inoperable for hours. But why would it be inoperable for hours? I think that the following will happen: * racoon will recreate SAD entry in the larval state, wait 30s and drop it (since dodgy-gw filtered out all keyexchange packets) * The next time there is a connect() with a match in the SPD, racoon will again try to recreate the SAD entry. If there dodgy-gw still filters out, the larval SAD entry dies after 30s. So the inoperability will only last as long as dodgy-gw filters keyexchanges. In any case, running ntpdate before racoon fixes the problem. > > So the upshot of all this is that we definitely want the effect > of this patch for suspend/resume, but it would be great if we can > avoid it for settimeofday(2). I think the natural solution is to have CLOCK_BOOTBASED hrtimers. I.e. something in the spirit of monotonic_to_bootbased() and getboottime(). I understand that doing +=total_sleep_time is against the core idea of hires timers, but perhaps there is a nicer way. Best, Y