* [BUG] pfkey implementation vs. RFC
@ 2005-08-09 17:22 DuBuisson, Thomas
2005-08-09 19:08 ` David S. Miller
0 siblings, 1 reply; 2+ messages in thread
From: DuBuisson, Thomas @ 2005-08-09 17:22 UTC (permalink / raw)
To: 'linux-kernel@vger.kernel.org'
I've posted this to linux-net and netdev but have had no response. If there
is any confusion about what the bug is then just e-mail me for
clarification. If this is an intentional omission then could someone let me
know why.
Section 3.1.6 of RFC 2367 clearly indicates there are two
cases in which user space programs can send the kernel pfkey
'acquire' messages. The first case is just the 'struct sadb_msg'
header that should specify an error relating to a previous
acquire message. The second case is intended for use by routing
daemons and the like. This case is not implemented in the Linux
kernel - I have reprinted the relevant portion of the RFC below:
------------------
The third is where an application-layer consumer of security
associations (e.g. an OSPFv2 or RIPv2 daemon) needs a security
association.
Send an SADB_ACQUIRE message from a user process to the kernel.
<base, address(SD), (address(P),) (identity(SD),) (sensitivity,)
proposal>
The kernel returns an SADB_ACQUIRE message to registered sockets.
<base, address(SD), (address(P),) (identity(SD),) (sensitivity,)
proposal>
The user-level consumer waits for an SADB_UPDATE or SADB_ADD
message for its particular type, and then can use that
association by using SADB_GET messages.
----------
As one can see in net/key/af_key.c:pfkey_acquire() the only acquire messages
accepted are of format <base> and with errno != 0.
Now for the barrage of questions:
Was this omitted for a reason?
Are we aware this was omitted?
Does someone already have a patch?
Would a patch be accepted for 2.6.13 if it is sent in time?
This is a bug after all.
Cheers,
Thomas
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [BUG] pfkey implementation vs. RFC
2005-08-09 17:22 [BUG] pfkey implementation vs. RFC DuBuisson, Thomas
@ 2005-08-09 19:08 ` David S. Miller
0 siblings, 0 replies; 2+ messages in thread
From: David S. Miller @ 2005-08-09 19:08 UTC (permalink / raw)
To: tmdubui; +Cc: linux-kernel
From: "DuBuisson, Thomas" <tmdubui@tycho.ncsc.mil>
Date: Tue, 9 Aug 2005 13:22:15 -0400
> I've posted this to linux-net and netdev but have had no response.
It is possible that people who are qualified in this area are just too
busy to reply to you, or simply disinterested for one reason or
another.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-08-09 19:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-09 17:22 [BUG] pfkey implementation vs. RFC DuBuisson, Thomas
2005-08-09 19:08 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox