Sorry for the double copy. Fixed a confusing typo: There are two cases in
which user space programs can send the Kernel ACQUIRE messages, not PF_KEY
messages.
Section 3.1.6 of RFC 2367 clearly indicates there are two
cases in which user space programs can send the kernel acquire
messages. The first case is just the 'struct sadb_msg'
header that should specify an error relating to a previous
acquire message. I don't think the other case is implemented
in the Linux kernel - I have reprinted the relevant portion
of the RFC below:
------------------
The third is where an application-layer consumer of security
associations (e.g. an OSPFv2 or RIPv2 daemon) needs a security
association.
Send an SADB_ACQUIRE message from a user process to the kernel.
<base, address(SD), (address(P),) (identity(SD),) (sensitivity,)
proposal>
The kernel returns an SADB_ACQUIRE message to registered sockets.
<base, address(SD), (address(P),) (identity(SD),) (sensitivity,)
proposal>
The user-level consumer waits for an SADB_UPDATE or SADB_ADD
message for its particular type, and then can use that
association by using SADB_GET messages.
----------
Now for the barrage of questions:
Was this omitted for a reason?
Are we aware this was omitted?
Does someone already have a patch?
Would a patch be accepted for 2.6.13 if it is sent in time?
This is a bug after all.
Cheers,
Thomas
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
