Re: [PATCH] IPSec protocol application order

Tom Lendacky (toml@us.ibm.com)
Thu, 20 Feb 2003 08:40:22 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Jones: "Re: Supermicro X5DL8-GG (ServerWorks Grandchampion LE chipset) slow"
Previous message: Dave Jones: "Re: Linux v2.5.62"
Maybe in reply to: Tom Lendacky: "[PATCH] IPSec protocol application order"

I believe that good documentation will also be required then. If it is
being decided that the user must enter the ipsec protocols in the proper
order using the setkey spdadd operation, then the user will need to know
what order in which to specify the arguments to setkey. Given that the
spdadd operation:

spdadd src-ip dst-ip any -P out ipsec ah/transport//require
esp/transport//require;

would result in improper ordering of the AH and ESP headers and therefore
interoperability problems, while

spdadd src-ip dst-ip any -P out ipsec esp/transport//require
ah/transport//require;

results in the proper order.

No where have I been able to find any user level documentation that says
what order the ipsec protocols need to be specified on the spdadd
operation. Without good documentation I believe support centers, both a
customer's own and/or a distributor's, may be getting a lot of unnecessary
calls.

Tom

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Jones: "Re: Supermicro X5DL8-GG (ServerWorks Grandchampion LE chipset) slow"
Previous message: Dave Jones: "Re: Linux v2.5.62"
Maybe in reply to: Tom Lendacky: "[PATCH] IPSec protocol application order"