Subject: Re: Bugs in PF_KEY marshalling, socket-buffer overflow
To: None <mcr@sandelman.ottawa.on.ca>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-net
Date: 05/21/2004 16:08:37
>     Jonathan> Its also ... trivial to trigger ACQUIREs to racoon at a
>     Jonathan> sufficiently high rate that (at least for my FAST_IPSEC
>     Jonathan> tree), racoon stats warnings about malformed ACQUIREs.
> 
>   This discussion is interesting...
>   Linux IPsec (FreeS/WAN, Openswan) has a similiar problem with ACQUIREs
> they are not reliable under memory exhaustion. To solve this problem,
> one must scan a /proc system, which has a 4k page problem.
>   The plan to fix things is to have the keying deamon send requests down
> to the kernel that would get returned with ACQUIRE's. If one can't
> allocate an available ACQUIRE, the packet that caused it would get
> dropped. 
> 
>   Basically, unreliable PF_KEY is a bad idea. 
>   The idea of making it routing-socket like (with the broadcast
> property) was a bad idea. Get rid of it.

	PF_KEY is unreliable, it is a feature not a bug.

itojun