Thank you for your help. I tested the branch and it works fine. I have a small remark though. You pass "&request" to memwipe calls. It works but maybe "request" or "&request[0]" would be more legible.
Thank you. De: "Tobias Brunner" <[email protected]> À: "jean-francois hren" <[email protected]>, "dev" <[email protected]> Envoyé: Jeudi 23 Septembre 2021 15:33:43 Objet: Re: [strongSwan-dev] PFKey plugin and memwipe Hi Jean-Francois, > In the PFKey plugin for handling SP and SA > (src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c), no memwipe is > done after an SA add, query or update on the request and/or out buffers > as it is done in the Netlink plugin > (src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c). > Is there any technical reason it is not done ? No, I don't think there is. I pushed a fix to the pfkey-memwipe branch. Regards, Tobias
