| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <49780EB5.60300@iki.fi> Date: Thu, 22 Jan 2009 08:14:13 +0200 From: Timo Teräs <timo.teras@....fi> To: David Miller <davem@...emloft.net> CC: herbert@...dor.apana.org.au, netdev@...r.kernel.org Subject: Re: [PATCH] af_key: parse and send SADB_X_EXT_NAT_T_OA extension David Miller wrote: > From: Timo Teräs <timo.teras@....fi> > Date: Thu, 22 Jan 2009 07:56:57 +0200 > >> Is there any particular reason why setting NAT-OA info should/ >> must be done using netlink? Or is this just a way to try to >> put more pressure for the change to happen? > > Because it isn't deprecated if we keep adding features to it. I would not consider this a new feature. It just makes pfkey act consistently. If you don't want it supported, it'd make more sense to not #define SADB_X_EXT_NAT_T_OA and drop all of the verification code already present than to silently ignore it. Make kernel return an error if some tried using it. Now you give impression that it's supported but you just drop it silently. >> Also I find it a bit confusing which things are to be allowed >> in pfkey and which not. We've had bigger fixes/changes to pfkey >> in past like MIGRATE rewrite, etc. > > That was a mistake on my part, I shouldn't have allowed the > pfkey side of the changes there. I see. - Timo -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists