Hello! > I've finally moved my freeswan patch over to netlink for acquire messages > as well :) It only needs pfkey for algorithm enumeration now. > > So can you please apply the netlink part of the ports patch attached > below? Good. Hmm... people, why xfrm_user cannot replace pfkey completely? > Unfortunately I failed to fix the pfkey patch because RFC2367 requires > this broken behaviour: It is pre-rfc2401 protocol yet. Notion of selector on SA was unknown that time, so the things were messed up profoundly. Lookup that funny PROXY address, which is one of addresses of the session, and rationale about it. By some strange reason the second address is absent. :-) It can be made usable adding new attributes, but this does not make much of sense as soon as you switched to xfrm_user. BTW if the struct is changed... could you think about appending complete spec of policy triggering acquire to xfrm_user acquire message? This can be useful for you too (f.e. you could find that the request is illegal from viewpoint of SPD inside freswan daemon, it is very possible when policy is requested by user with setsockopt()), but actual consumer would be racoon, it is very fragile when determining matching policy and, essentially, I do not see any choice as to enclose complete policy rather than only policy index. Alexey - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
