[IPSEC] Add XFRMA_SA/XFRMA_POLICY for delete notification

To:	"David S. Miller" <davem@xxxxxxxxxxxxx>, jamal <hadi@xxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, netdev@xxxxxxxxxxx
Subject:	[IPSEC] Add XFRMA_SA/XFRMA_POLICY for delete notification
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Sat, 28 May 2005 09:37:41 +1000
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.9i

Hi Dave:

This is the patch that I reverted due to Jamal's objection to it.
I still think it's the right way to go which is why I'm submitting
it.  As it is, all the xfrm event notifications sent by the kernel
except the ones for SA/policy deletion are symmetric in the sense
that if they were sent straight back to the kernel in that same
form they would be accepted and perform the same action that
triggered the initial events.  As far as I know this is true for
non-xfrm netlink notifications as well, including deletion events.

What is different between xfrm and and other netlink notifications
is that requests such as route/address deletion use the same format
as route/address addition, while the SA/policy deletion format is
certainly not the same as SA/policy addition.

Based on these observations, I think we should change the IPsec
deletion notifications to use the same format as the IPsec deletion
requests that triggered them in the first place.  Of course, we
can do this in a way without losing information such as the SA/policy
that was actually deleted.

The objection to this change is that it creates an inconsistency
between xfrm deletion and non-xfrm deletion event formats.  However,
my view is that this is an inconsistency that is already present
between xfrm deleteion and non-xfrm deletion request formats.  By
doing this we in fact improve the consistency in the sense that all
netlink event notifications, xfrm or non-xfrm are now of the same
format as their corresponding requests.

One thing to note is that whatever we decide here we'll probably be
stuck with it for a long time since this is part of the xfrm netlink
ABI.


Here is the original changelog:

This patch changes the format of the XFRM_MSG_DELSA and
XFRM_MSG_DELPOLICY notification so that the main message
sent is of the same format as that received by the kernel
if the original message was via netlink.  This also means
that we won't lose the byid information carried in km_event.

Since this user interface is introduced by Jamal's patch
we can still afford to change it.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

p1.patch
Description: Text document

<Prev in Thread]	Current Thread	[Next in Thread>
[IPSEC] Add XFRMA_SA/XFRMA_POLICY for delete notification, Herbert Xu <= Re: [IPSEC] Add XFRMA_SA/XFRMA_POLICY for delete notification, jamal Re: [IPSEC] Add XFRMA_SA/XFRMA_POLICY for delete notification, David S. Miller

Previous by Date:	Re: [PATCH] e1000: NUMA aware allocation of descriptors V2, Andrew Morton
Next by Date:	Re: [PATCH] r8169: support restricting speed+duplex in autonegotiation, Ben Greear
Previous by Thread:	[RFC] textsearch infrastructure et al v2, Thomas Graf
Next by Thread:	Re: [IPSEC] Add XFRMA_SA/XFRMA_POLICY for delete notification, jamal
Indexes:	[Date] [Thread] [Top] [All Lists]