[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: isakmpd, pfkeyv2_parsemessage failure
In message <Pine.BSO.firstname.lastname@example.org>, Hakan O
>This looks more than slightly hacked, actually. :)
>header 20 is SADB_X_EXT_FLOW_TYPE, which should be used in the
>pf_key_v2_set_flow() call, not the pf_key_v2_set_spi() call as done here.
>The kernel is correct to say this is invalid.
>It kind of looks like your patches made the set_spi function run along
>into what set_flow is supposed to do. For instance a set_spi should not
>have 15 iov fields.
Actually, it probably should:
1 - header
2 - src address
3 - dst address
4 - sa
5 - enckey
6 - authkey
7 - srcid
8 - dstid
9 - src creds
10 - dst creds
11 - flow type
12 - src filter
13 - src netmask
14 - dst filter
15 - dst netmask
The flow-like arguments (11-15) were added a month or two ago, to differentiate
among different SAs between the same two machines.