netdev
[Top] [All Lists]

PF_KEY not RCF2367 compliant

To: "'netdev@xxxxxxxxxxx'" <netdev@xxxxxxxxxxx>
Subject: PF_KEY not RCF2367 compliant
From: "DuBuisson, Thomas" <tmdubui@xxxxxxxxxxxxxx>
Date: Wed, 3 Aug 2005 11:47:44 -0400
Sender: netdev-bounce@xxxxxxxxxxx
Section 3.1.6 of RFC 2367 clearly indicates there are two cases in which
user space programs can send the kernel PF_KEY messages.  The first case is
just the 'struct sadb_msg' header that should specify an error relating to a
previous acquire message.  I don't think the other case is implemented in
the Linux kernel - I have reprinted the relevant portion of the RFC below:

------------------
   The third is where an application-layer consumer of security
   associations (e.g.  an OSPFv2 or RIPv2 daemon) needs a security
   association.

        Send an SADB_ACQUIRE message from a user process to the kernel.

        <base, address(SD), (address(P),) (identity(SD),) (sensitivity,)
          proposal>

        The kernel returns an SADB_ACQUIRE message to registered
          sockets.

        <base, address(SD), (address(P),) (identity(SD),) (sensitivity,)
          proposal>

        The user-level consumer waits for an SADB_UPDATE or SADB_ADD
        message for its particular type, and then can use that
        association by using SADB_GET messages.
----------

Now for the barrage of questions:
Was this omitted for a reason?
Are we aware this was omitted?
Does someone already have a patch?
Would a patch be accepted for 2.6.13 if it is sent in time?  This is a bug
after all.

Cheers,
Thomas

<Prev in Thread] Current Thread [Next in Thread>
  • PF_KEY not RCF2367 compliant, DuBuisson, Thomas <=