Kernel(2.6.23.1-42.fc8) is not identifying the SADB_ACQUIRE(PF_KEY) message to indicate key management failure

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Kernel(2.6.23.1-42.fc8) is not identifying the SADB_ACQUIRE(PF_KEY) message to indicate key management failure

ramaswamy
Hi all,

 

I'm receiving the SADB_ACQUIRE message from the kernel to establish the
required SA, as i have registered my pfkey socket with the kernel.

The Key management in my application is failing to get the require key
information from the server, so I'm sending the same SADB_ACQUIRE message to
the kernel with same sequence number which have received in the SADB_ACQUIRE
message with errno set to ENOENT to indicate the Key management has failed.

 

Here i'm constructing only the base header (struct sadb_msg) as described in
the RFC 2367. As per the RFC 2367 it has to return me the SADB_ACQUIRE
message with the same errno set.

 

The problem here I'm facing is, the kernel is dropping the message which i
have sent to the kernel to indicate the Key management has failed. The
Kernel is sending the same (last SADB_ACQUIRE for which key management is
failed) SADB_ACQUIRE message with errno set to ZERO.  The OS i'm using is
Fedora core 8 (2.6.23.1-42.fc8).

 

Is this handled in the above mentioned Linux Kernel version ?

 

can any please let me know what is wrong i'm doing here. It will be very
helpful for me.

 

This is code snippet which i'm sending to kernel.

 

/*

 * send error against acquire message to kenrel.

 */

int

send_acquire_msg_fail(struct acquire *acquire)

{

    struct sadb_msg *newmsg;

    int len;

 

    len = sizeof(struct sadb_msg);

    newmsg = calloc(1, len);

    if (newmsg == NULL) {

        ERROR_RETURN("failed to get buffer to send acquire.\n");

        return -1;

    }

 

    memset(newmsg, 0, len);

    newmsg->sadb_msg_version = PF_KEY_V2;  

    newmsg->sadb_msg_type = SADB_ACQUIRE;

    newmsg->sadb_msg_errno = ENOENT;  

    newmsg->sadb_msg_satype = SADB_SATYPE_ESP;

    newmsg->sadb_msg_len = (len/8);

    newmsg->sadb_msg_reserved = 0;

    newmsg->sadb_msg_seq = acquire->seq;

    newmsg->sadb_msg_pid = (u_int32_t)getpid();

 

    /* send message */

    if (len != write(pfkey_socket, (void*)msg, len)) {

          ERROR_RETURN (("SORRY, failed to write the SADB_ACQUIRE message to
the kernel\n"));

     }

     free(newmsg);

     return 0;

}

 

--

Regards,

Ram

 

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-user-groups
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Kernel(2.6.23.1-42.fc8) is not identifying the SADB_ACQUIRE(PF_KEY) message to indicate key management failure

Julian H. Stacey-3
> Hi all,
> I'm receiving the SADB_ACQUIRE message from the kernel to establish the

Wrong List !
First run
        uname -r
then decide which of
        [hidden email]
        [hidden email]
        [hidden email]
you should repost to.

Cheers,
Julian
--
Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
 Mail plain text;  Not quoted-printable, Not HTML, Not base 64.
 Reply below text sections not at top, to avoid breaking cumulative context.
 UK: Some MPs assert some injunctions obstruct constituent communication &
     are contempt of parliament.  Parliament once sent a judge to the tower.
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-user-groups
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Kernel(2.6.23.1-42.fc8) is not identifying the SADB_ACQUIRE(PF_KEY) message to indicate key management failure

Jason Hellenthal
In reply to this post by ramaswamy

ramaswamy,

Sadly this is not a FreeBSD issue while this is a FreeBSD User Group.
Please check up with your linux user mailling list.

On Fri, May 27, 2011 at 04:34:07PM +0530, ramaswamy wrote:

> Hi all,
>
>  
>
> I'm receiving the SADB_ACQUIRE message from the kernel to establish the
> required SA, as i have registered my pfkey socket with the kernel.
>
> The Key management in my application is failing to get the require key
> information from the server, so I'm sending the same SADB_ACQUIRE message to
> the kernel with same sequence number which have received in the SADB_ACQUIRE
> message with errno set to ENOENT to indicate the Key management has failed.
>
>  
>
> Here i'm constructing only the base header (struct sadb_msg) as described in
> the RFC 2367. As per the RFC 2367 it has to return me the SADB_ACQUIRE
> message with the same errno set.
>
>  
>
> The problem here I'm facing is, the kernel is dropping the message which i
> have sent to the kernel to indicate the Key management has failed. The
> Kernel is sending the same (last SADB_ACQUIRE for which key management is
> failed) SADB_ACQUIRE message with errno set to ZERO.  The OS i'm using is
> Fedora core 8 (2.6.23.1-42.fc8).
>
>  
>
> Is this handled in the above mentioned Linux Kernel version ?
>
>  
>
> can any please let me know what is wrong i'm doing here. It will be very
> helpful for me.
>
>  
>
> This is code snippet which i'm sending to kernel.
>
>  
>
> /*
>
>  * send error against acquire message to kenrel.
>
>  */
>
> int
>
> send_acquire_msg_fail(struct acquire *acquire)
>
> {
>
>     struct sadb_msg *newmsg;
>
>     int len;
>
>  
>
>     len = sizeof(struct sadb_msg);
>
>     newmsg = calloc(1, len);
>
>     if (newmsg == NULL) {
>
>         ERROR_RETURN("failed to get buffer to send acquire.\n");
>
>         return -1;
>
>     }
>
>  
>
>     memset(newmsg, 0, len);
>
>     newmsg->sadb_msg_version = PF_KEY_V2;  
>
>     newmsg->sadb_msg_type = SADB_ACQUIRE;
>
>     newmsg->sadb_msg_errno = ENOENT;  
>
>     newmsg->sadb_msg_satype = SADB_SATYPE_ESP;
>
>     newmsg->sadb_msg_len = (len/8);
>
>     newmsg->sadb_msg_reserved = 0;
>
>     newmsg->sadb_msg_seq = acquire->seq;
>
>     newmsg->sadb_msg_pid = (u_int32_t)getpid();
>
>  
>
>     /* send message */
>
>     if (len != write(pfkey_socket, (void*)msg, len)) {
>
>           ERROR_RETURN (("SORRY, failed to write the SADB_ACQUIRE message to
> the kernel\n"));
>
>      }
>
>      free(newmsg);
>
>      return 0;
>
> }
>
>  
>
> --
>
> Regards,
>
> Ram
>
>  
>
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-user-groups
> To unsubscribe, send any mail to "[hidden email]"
--

"Unity can only be manifested by the Binary. Unity itself and the idea of Unity are already two." -- Buddha

 Regards, (jhell)
 Jason Hellenthal


attachment0 (534 bytes) Download Attachment