[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: issues from the bakeoff
> Well-known CPI is not very friendly with PFKEY interface (RFC2367).
> RFC2367 expects unique SPI per peer (which can embed CPI in lower
> 2 bytes), but for well-known CPI we can't.
Why is this an issue?
You can treat the well-known CPI as a pre-added compression association,
which, if you use SADB_GET, would reveal a match. If you tried to
ADD/UPDATE, you'd just get EEXIST.
> What kind of userland API do you expect to see? I'm now using dummy
> SPI (= CPI) to designate the SA database entry for compression,
> and add a flag to force the use of well-known CPI on the packet.
The user app would ask for compression (or not complain if it showed up) on a
per-socket basis.
I don't see the problem here.
Dan
Follow-Ups:
References: