-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Jonathan" == Jonathan Stone <jonathan@dsg.stanford.edu> writes:
    Jonathan> Its also ... trivial to trigger ACQUIREs to racoon at a
    Jonathan> sufficiently high rate that (at least for my FAST_IPSEC
    Jonathan> tree), racoon stats warnings about malformed ACQUIREs.

  This discussion is interesting...
  Linux IPsec (FreeS/WAN, Openswan) has a similiar problem with ACQUIREs
they are not reliable under memory exhaustion. To solve this problem,
one must scan a /proc system, which has a 4k page problem.
  The plan to fix things is to have the keying deamon send requests down
to the kernel that would get returned with ACQUIRE's. If one can't
allocate an available ACQUIRE, the packet that caused it would get
dropped. 

  Basically, unreliable PF_KEY is a bad idea. 
  The idea of making it routing-socket like (with the broadcast
property) was a bad idea. Get rid of it.

    Jonathan> than racoon can read the ACQUIRE and process IKE exchanges.
    Jonathan> Eventually the ACQUIREs overflow the socket queue, leading (in my
    Jonathan> tree, at least) to truncated or invalid messages.

  So, the acquires should get dropped as a unit, not part of them.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQKwOmIqHRg3pndX9AQGE5AP/bc2GcdSfkYdpcGP9Vsw0ZC9AyE99NsgW
wJtKkyh1z39rwUhKHoEd1ipalWFFQczDmQ+B8ZaAkQqXuThWJ8YDS7ExCfpYPEap
VNizkdIURLilKViYYOjPhVrLTECeSh8SRIsqfNmr6C2KLWl6EoKXrBfpkivXMf9s
N4mlo5Zo4ZY=
=pUyY
-----END PGP SIGNATURE-----