| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090122062256.GA11337@gondor.apana.org.au>
Date: Thu, 22 Jan 2009 17:22:56 +1100
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Timo Teräs <timo.teras@....fi>
Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [PATCH] af_key: parse and send SADB_X_EXT_NAT_T_OA extension
On Thu, Jan 22, 2009 at 08:14:13AM +0200, Timo Teräs wrote:
>
> I would not consider this a new feature. It just makes pfkey
> act consistently. If you don't want it supported, it'd make
> more sense to not #define SADB_X_EXT_NAT_T_OA and drop all of
> the verification code already present than to silently
> ignore it. Make kernel return an error if some tried using it.
>
> Now you give impression that it's supported but you just drop
> it silently.
Timo I think we need to draw a line somewhere, otherwise we're
just providing life support to an interface that should die.
IMO if there is a bug in pfkey that breaks a major existing
app (i.e., ipsec-tools/racoon), then we should fix that.
But if it's something that the existing apps don't care about
then no we need to just stop extending the interface.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists