[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd, pfkeyv2_parsemessage failure



In message <Pine.BSO.4.40.0207051540310.27242-100000@bloodwine.crt.se>, Hakan O
lsson writes:
>
>This looks more than slightly hacked, actually. :)
>
>header 20 is SADB_X_EXT_FLOW_TYPE, which should be used in the
>pf_key_v2_set_flow() call, not the pf_key_v2_set_spi() call as done here.
>
>The kernel is correct to say this is invalid.
>
>It kind of looks like your patches made the set_spi function run along
>into what set_flow is supposed to do. For instance a set_spi should not
>have 15 iov[] fields.

Actually, it probably should:

1 - header
2 - src address
3 - dst address
4 - sa
5 - enckey
6 - authkey
7 - srcid
8 - dstid
9 - src creds
10 - dst creds
11 - flow type
12 - src filter
13 - src netmask
14 - dst filter
15 - dst netmask

The flow-like arguments (11-15) were added a month or two ago, to differentiate
among different SAs between the same two machines.
-Angelos