Re: [PATCH] Set port/proto in acquire messages

From: Herbert Xu (
Date: Tue Jun 24 2003 - 06:08:00 EST

On Tue, Jun 24, 2003 at 08:09:33AM +1000, herbert wrote:
> You're absolutely right. I'll fix up the af_key patch.

Unfortunately I failed to fix the pfkey patch because RFC2367 requires
this broken behaviour:

2.3.3 Address Extension

   The Address extension specifies one or more addresses that are
   associated with a security association. Address extensions for both


   zeroing of ports (e.g. sin_port and sin6_port) MUST be done for all
   messages except for originating SADB_ACQUIRE messages, which SHOULD
   fill them in with ports from the relevant TCP or UDP session which
   generates the ACQUIRE message. If the ports are non-zero, then the

Anyway, I'll leave this to people who actually use pfkey. I'm glad that
I've finally moved my freeswan patch over to netlink for acquire messages
as well :) It only needs pfkey for algorithm enumeration now.

So can you please apply the netlink part of the ports patch attached


Debian GNU/Linux 3.0 is out! ( )
Email:  Herbert Xu ~{PmV>HI~} <>
Home Page:
PGP Key:

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to More majordomo info at

This archive was generated by hypermail 2b29 : Mon Jun 30 2003 - 22:00:01 EST