> I've finally moved my freeswan patch over to netlink for acquire messages
> as well :) It only needs pfkey for algorithm enumeration now.
> So can you please apply the netlink part of the ports patch attached
Hmm... people, why xfrm_user cannot replace pfkey completely?
> Unfortunately I failed to fix the pfkey patch because RFC2367 requires
> this broken behaviour:
It is pre-rfc2401 protocol yet. Notion of selector on SA was unknown that
time, so the things were messed up profoundly. Lookup that funny PROXY address,
which is one of addresses of the session, and rationale about it.
By some strange reason the second address is absent. :-)
It can be made usable adding new attributes, but this does not make
much of sense as soon as you switched to xfrm_user.
BTW if the struct is changed... could you think about appending
complete spec of policy triggering acquire to xfrm_user acquire message?
This can be useful for you too (f.e. you could find that the request
is illegal from viewpoint of SPD inside freswan daemon, it is very
possible when policy is requested by user with setsockopt()),
but actual consumer would be racoon, it is very fragile when determining
matching policy and, essentially, I do not see any choice as to enclose
complete policy rather than only policy index.
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
This archive was generated by hypermail 2b29 : Mon Jun 30 2003 - 22:00:01 EST