RE: port bound SAs

(off-list ancestor, not in this archive)
port bound SAs · Paul Moore <hidden> · 2009-01-26
Re: port bound SAs · David Miller <davem@davemloft.net> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · David Miller <davem@davemloft.net> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-27
RE: port bound SAs · Paul Moore <hidden> · 2009-01-28
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-28
RE: port bound SAs · Paul Moore <hidden> · 2009-01-28
Re: port bound SAs · Patrick McHardy <hidden> · 2009-01-28
RE: port bound SAs · Paul Moore <hidden> · 2009-01-28
Re: port bound SAs · Herbert Xu <herbert@gondor.apana.org.au> · 2009-01-30
xfrm selector generating IKE · Paul Moore <hidden> · 2009-02-24
Re: xfrm selector generating IKE · Herbert Xu <herbert@gondor.apana.org.au> · 2009-02-24
RE: xfrm selector generating IKE · Paul Moore <hidden> · 2009-02-24
Re: xfrm selector generating IKE · Herbert Xu <herbert@gondor.apana.org.au> · 2009-02-25
RE: xfrm selector generating IKE · Paul Moore <hidden> · 2009-02-25
Re: xfrm selector generating IKE · Herbert Xu <herbert@gondor.apana.org.au> · 2009-02-25
RE: xfrm selector generating IKE · Paul Moore <hidden> · 2009-02-25
Re: xfrm selector generating IKE · Herbert Xu <herbert@gondor.apana.org.au> · 2009-02-25
RE: port bound SAs · Paul Moore <hidden> · 2009-01-29
RE: port bound SAs · Paul Moore <hidden> · 2009-01-27

From: Paul Moore <hidden>
Date: 2009-01-27 17:38:23

OK I misunderstood. Sorry

You are saying that the port number should be dropped by the pfkey /
xfrm interface - OK
This is actually what happens. (BTW this is fortunate - in a few cases
racoon accidentally passes down 500)

I meant that the consensus was that the wire behavior is wrong. 




-----Original Message-----
From: Patrick McHardy [mailto:kaber@trash.net] 
Sent: Tuesday, January 27, 2009 9:29 AM
To: Paul Moore
Cc: David Miller; netdev@vger.kernel.org
Subject: Re: port bound SAs

Paul Moore wrote:

quoted

I believe thats intentional, RFC2367 specifies to ignore port

numbers except for larval states.

the ietf ipsec list thinks thats not the case. The consensus there is
that the port owns the SA (and thats what Windows, and solaris

actually

do)

What does "think thats not the case" mean? Its clearly stated in
2.3.3. Address Extension:

...
    The
    zeroing of ports (e.g. sin_port and sin6_port) MUST be done for all
    messages except for originating SADB_ACQUIRE messages, which SHOULD
    fill them in with ports from the relevant TCP or UDP session which
    generates the ACQUIRE message.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help