David Miller wrote: > From: Timo_Teräs <[EMAIL PROTECTED]> > Date: Thu, 17 Jan 2008 08:27:14 +0200 > >> I don't know about netlink. But pfkey works in *BSD too and it is RFC'd. >> So I'd say pfkey might be a bit more portable. Though netlink is definitely >> more robust and extensive. > > The RFCs say absolutely nothing about policy interfaces for AF_KEY, > everybody rolls their own in slightly incompatible ways. > > It is therefore anything but standardized.
Yes, there's non-standardized extensions. But the point was that there are other implementations of pfkey. And ipsec-tools racoon is an example of a widely used application that runs in Linux and *BSD using this API. So for the time being I'd consider having pfkey fixes as a good thing. This pfkey dumping problem seems to be affecting many users. - Timo -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
