Herbert Xu wrote: > On Thu, Jan 17, 2008 at 07:42:30AM -0500, jamal wrote: >> Looking at the pfkey RFC one more time, heres a funny quote: >> " >> The dump message is used for debugging >> purposes only and is not intended for production use. >> " > > In fact it goes much further: > > Support for the dump message MAY be discontinued in future versions > of PF_KEY. Key management applications MUST NOT depend on this > message for basic operation.
I guess the idea was that application should know about the SAs it created. Though a SA dump needs to be done if you want to check for existing entries (created by other processes, or if you are recovering from a crash). SPD dumping is still a must if you want to work nicely with kernel. As noted earlier pfkey is not really standardized. E.g. the SPD dumping message are not in the RFC as David noted. The above RFC comments and the fact that SPD stuff is unspecified made me think that making non-atomic dumps would be a lot better alternative then leaving the socket to bad state which would make the application completely unusable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
