Date: Tue, 18 Oct 2005 10:50:24 +0300 From: Jan Mikael Melen <jan@melen.org> To: freebsd-hackers@freebsd.org, freebsd-net@freebsd.org Subject: Unique IPsec security policies Message-ID: <200510181050.27530.jan@melen.org>
index | next in thread | raw e-mail
Hi, Is there a reason why the policies that are defined as unique can't be updated through the pfkey interface? What I'm trying to do is that: 1. I create SP entry and let the kernel assign a request id for policy (reqid in the add is 0). This policy is a tunnel mode policy and I don't have the outer addresses set at this point. Only the inner addresses are set so I'll get the SADB_AQUIRE message with the inner addresses. 2. When my keying daemon get's the acquire from the kernel I run the key exchange and then I send update to the SP with previously gotten reqid and with outer addresses but it fails and kernel prints out: "key_msg2sp: reqid=16384 range violation, updated by kernel." This message comes from the sys/netkey/key.c:1488. It's obvious when I'm adding a new SP entry that this check is done but when updating the SP shouldn't it just check that the value given in update matches the one assigned earlier? Cheers, Janhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510181050.27530.jan>