netdev
[Top] [All Lists]

Re: PATCH: IPSEC xfrm events

To: hadi@xxxxxxxxxx, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: PATCH: IPSEC xfrm events
From: Masahide NAKAMURA <nakam@xxxxxxxxxxxxxx>
Date: Sat, 02 Apr 2005 02:28:07 +0900
Cc: Patrick McHardy <kaber@xxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, netdev <netdev@xxxxxxxxxxx>
In-reply-to: <1112319441.1089.83.camel@jzny.localdomain>
References: <1112319441.1089.83.camel@jzny.localdomain>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Debian Thunderbird 1.0 (X11/20050116)
Jamal and Herbert,

jamal wrote:
> Herbert et al,
> 
> Ok, heres the final patch with all the changes discussed.
> 
>  include/linux/xfrm.h   |    2 
>  include/net/xfrm.h     |   29 ++++++-
>  net/key/af_key.c       |   24 +++++-
>  net/xfrm/xfrm_policy.c |   25 ++++--
>  net/xfrm/xfrm_state.c  |   84 +++++++++++++++++++--
>  net/xfrm/xfrm_user.c   |  188
> ++++++++++++++++++++++++++++++++++++++++++++++++-
>  6 files changed, 323 insertions(+), 29 deletions(-)
> 
> I have tested this with both setkey and iproute2 (about 10 scenarios or
> so). Masahide-san is doing a lot more thorough testing with key servers
> as well. He has not tested this patch yet (time difference) but it is
> based on the last one he tested.

Short report:
I've tested on this patched kernel and it works.

- add/del/flush for SA/SP and  allocspi/acquire/upd for SA
  through netlink socket
- racoon runs fine (pfkey works for normal operation)
  both without and with opening netlink socket to listen

Since we have discussion which is still going on about the patch,
the code will be change and I'll need to test again anyway.

Thanks,

-- 
Masahide NAKAMURA

<Prev in Thread] Current Thread [Next in Thread>