#41 setkey deleteall command non-functional

Neil Horman

the deleteall command in the setkey utility is
non-functional at the moment. The kernel code,
conforming to the RFC, only implements the SADB_DELETE
and SADB_FLUSH commands for removing SAD entries, which
deletes entries that match a specified source address,
destination address, protocol specification, and spi
specification. The deleteall command generates an
SADB_DELETE message for the kernel, but fails to:
1) include the SADB_EXT header in the message
2) generate multiple messages if there are multiple
entries matching the provided <src,dst> tuple with
differing spi values.

The attached patch cleans this up. With this patch,
when the deleteall command is issued, a SADB_DUMP
command is first sent down, and the results are
filtered to collect the required spi entries that match
the src,dst specification. For each collected spi, an
SADB delete command (complete with SADB_EXT header) is
created and sent to the kernel. I've tested this
locally here with successful results.

Thanks and regards


  • Neil Horman

    Neil Horman - 2005-11-17

    patch against CVS head to implement deleteall command in setkey utility

  • Timo Teras

    Timo Teras - 2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.

  • Timo Teras

    Timo Teras - 2009-01-16
    • status: open --> closed

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks