| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jan 2008 09:38:15 +0200 From: Timo Teräs <timo.teras@....fi> To: David Miller <davem@...emloft.net> CC: herbert@...dor.apana.org.au, hadi@...erus.ca, netdev@...r.kernel.org Subject: Re: [RFC][PATCH] Fixing SA/SP dumps on netlink/af_key David Miller wrote: > From: Timo_Teräs <timo.teras@....fi> > Date: Thu, 17 Jan 2008 08:27:14 +0200 > >> I don't know about netlink. But pfkey works in *BSD too and it is RFC'd. >> So I'd say pfkey might be a bit more portable. Though netlink is definitely >> more robust and extensive. > > The RFCs say absolutely nothing about policy interfaces for AF_KEY, > everybody rolls their own in slightly incompatible ways. > > It is therefore anything but standardized. Yes, there's non-standardized extensions. But the point was that there are other implementations of pfkey. And ipsec-tools racoon is an example of a widely used application that runs in Linux and *BSD using this API. So for the time being I'd consider having pfkey fixes as a good thing. This pfkey dumping problem seems to be affecting many users. - Timo -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists