| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jan 2008 15:31:14 +0200 From: Timo Teräs <timo.teras@....fi> To: Herbert Xu <herbert@...dor.apana.org.au> CC: jamal <hadi@...erus.ca>, netdev@...r.kernel.org, David Miller <davem@...emloft.net> Subject: Re: [RFC][PATCH] Fixing SA/SP dumps on netlink/af_key Herbert Xu wrote: > On Thu, Jan 17, 2008 at 07:42:30AM -0500, jamal wrote: >> Looking at the pfkey RFC one more time, heres a funny quote: >> " >> The dump message is used for debugging >> purposes only and is not intended for production use. >> " > > In fact it goes much further: > > Support for the dump message MAY be discontinued in future versions > of PF_KEY. Key management applications MUST NOT depend on this > message for basic operation. I guess the idea was that application should know about the SAs it created. Though a SA dump needs to be done if you want to check for existing entries (created by other processes, or if you are recovering from a crash). SPD dumping is still a must if you want to work nicely with kernel. As noted earlier pfkey is not really standardized. E.g. the SPD dumping message are not in the RFC as David noted. The above RFC comments and the fact that SPD stuff is unspecified made me think that making non-atomic dumps would be a lot better alternative then leaving the socket to bad state which would make the application completely unusable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists