From owner-freebsd-stable@FreeBSD.ORG Fri May 27 12:13:38 2011 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02A2D106566C; Fri, 27 May 2011 12:13:38 +0000 (UTC) (envelope-from ramaswamy.bm@globaledgesoft.com) Received: from gesmail.globaledgesoft.com (gesmail.globaledgesoft.com [203.76.137.4]) by mx1.freebsd.org (Postfix) with ESMTP id 0F2638FC1A; Fri, 27 May 2011 12:13:35 +0000 (UTC) Received: from RamaswamySM (ramaswamy_sm.globaledgesoft.com [172.16.8.54]) by gesmail.globaledgesoft.com (Postfix) with ESMTP id 59BFB5880C5; Fri, 27 May 2011 17:27:33 +0530 (IST) From: "ramaswamy" To: , , References: Your message "Fri, 27 May 2011 16:34:07 +0530." <00b101cc1c5d$cc86bbe0$659433a0$@bm@globaledgesoft.com> <201105271138.p4RBcaVf095610@fire.js.berklix.net> In-Reply-To: <201105271138.p4RBcaVf095610@fire.js.berklix.net> Date: Fri, 27 May 2011 17:25:54 +0530 Message-ID: <00ce01cc1c65$086b5bf0$194213d0$@bm@globaledgesoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcwcYyZ92TyVd8jSSXixrdF6uC4G8AAAUTzg Content-Language: en-us Cc: 'venkatgiri' Subject: Kernel(2.6.23.1-42.fc8) is not identifying the SADB_ACQUIRE(PF_KEY) message to indicate key management failure X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 May 2011 12:13:38 -0000 Hi all, I'm receiving the SADB_ACQUIRE message from the kernel to establish the required SA, as i have registered my pfkey socket with the kernel. The Key management in my application is failing to get the require key information from the server, so I'm sending the same SADB_ACQUIRE message to the kernel with same sequence number which have received in the SADB_ACQUIRE message with errno set to ENOENT to indicate the Key management has failed. Here i'm constructing only the base header (struct sadb_msg) as described in the RFC 2367. As per the RFC 2367 it has to return me the SADB_ACQUIRE message with the same errno set. The problem here I'm facing is, the kernel is dropping the message which i have sent to the kernel to indicate the Key management has failed. The Kernel is sending the same (last SADB_ACQUIRE for which key management is failed) SADB_ACQUIRE message with errno set to ZERO. The OS i'm using is Fedora core 8 (2.6.23.1-42.fc8). Is this handled in the above mentioned Linux Kernel version ? can any please let me know what is wrong i'm doing here. It will be very helpful for me. This is code snippet which i'm sending to kernel. /* * send error against acquire message to kenrel. */ int send_acquire_msg_fail(struct acquire *acquire) { struct sadb_msg *newmsg; int len; len = sizeof(struct sadb_msg); newmsg = calloc(1, len); if (newmsg == NULL) { ERROR_RETURN("failed to get buffer to send acquire.\n"); return -1; } memset(newmsg, 0, len); newmsg->sadb_msg_version = PF_KEY_V2; newmsg->sadb_msg_type = SADB_ACQUIRE; newmsg->sadb_msg_errno = ENOENT; newmsg->sadb_msg_satype = SADB_SATYPE_ESP; newmsg->sadb_msg_len = (len/8); newmsg->sadb_msg_reserved = 0; newmsg->sadb_msg_seq = acquire->seq; newmsg->sadb_msg_pid = (u_int32_t)getpid(); /* send message */ if (len != write(pfkey_socket, (void*)msg, len)) { ERROR_RETURN (("SORRY, failed to write the SADB_ACQUIRE message to the kernel\n")); } free(newmsg); return 0; } -- Regards, Ram