Hi: Paul Szabo has alerted me to the fact that the NETLINK interface is unreliable when memory is running short. This arose in the context of using tcp_diag for identd where it isn't fatal since the interface is read-only. However, in the context of IPSEC this would appear to be more serious. In particular, I'm concerned about the case where you issue a XFRM request with side-effects (ADD/DEL/REPLACE) and never get a reply because both the original reply and the subsequent netlink_ack fail due to memory exhaustion. This leaves the policy/state database in an unknown state and it is difficult for the KM to recover. This does not affect PFKEY since it processes the command immediately and can return an error to sendmsg(2) if memory allocation fails. Do you have any objections to making the transmission of an error message reliable for NETLINK? Cheers, -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
