RE: port bound SAs

(off-list ancestor, not in this archive)
port bound SAs · Paul Moore <hidden> · 2009-01-26
Re: port bound SAs · David Miller <davem@davemloft.net> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · David Miller <davem@davemloft.net> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-28
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-28
RE: port bound SAs · Paul Moore <hidden> · 2009-01-28
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-28
RE: port bound SAs · Paul Moore <hidden> · 2009-01-28
Re: port bound SAs · Herbert Xu <herbert@gondor.apana.org.au> · 2009-01-30
xfrm selector generating IKE · Paul Moore <hidden> · 2009-02-24
Re: xfrm selector generating IKE · Herbert Xu <herbert@gondor.apana.org.au> · 2009-02-24
RE: xfrm selector generating IKE · Paul Moore <hidden> · 2009-02-24
Re: xfrm selector generating IKE · Herbert Xu <herbert@gondor.apana.org.au> · 2009-02-25
RE: xfrm selector generating IKE · Paul Moore <hidden> · 2009-02-25
Re: xfrm selector generating IKE · Herbert Xu <herbert@gondor.apana.org.au> · 2009-02-25
RE: xfrm selector generating IKE · Paul Moore <hidden> · 2009-02-25
Re: xfrm selector generating IKE · Herbert Xu <herbert@gondor.apana.org.au> · 2009-02-25
RE: port bound SAs · Paul Moore <hidden> · 2009-01-29
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27

From: Paul Moore <hidden>
Date: 2009-01-27 17:24:21

quoted

I believe thats intentional, RFC2367 specifies to ignore port

numbers except for larval states.

the ietf ipsec list thinks thats not the case. The consensus there is
that the port owns the SA (and thats what Windows, and solaris actually
do)

-----Original Message-----
From: Patrick McHardy [mailto:kaber@trash.net] 
Sent: Tuesday, January 27, 2009 9:22 AM
To: Paul Moore
Cc: David Miller; netdev@vger.kernel.org
Subject: Re: port bound SAs

Paul Moore wrote:

the pfkey / xfrm interface throws them away

I misparsed that statement, I thought you meant both. Yes, you
seem to be right, pfkey ignores them.

i fixed racoon to send the port numbers and they were ignored

I believe thats intentional, RFC2367 specifies to ignore port
numbers except for larval states.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help