lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 May 2007 18:03:30 +0900 From: Fernando Luis Vázquez Cao <fernando@....ntt.co.jp> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: netdev@...r.kernel.org, davem@...emloft.net Subject: Re: [IPv6] UDP Encapsulation of IPsec ESP Packets On Thu, 2007-05-24 at 18:34 +1000, Herbert Xu wrote: > Fernando Luis V??zquez Cao <fernando@....ntt.co.jp> wrote: > > I noticed that IPv4-over-IPv6 made into 2.6.21 (thank you!) and that > > prompted to check the progress with the implementation of rfc3948 (UDP > > Encapsulation of IPsec ESP Packets) in Linux. For IPv4 the code is > > already there, but that does not seem to be the case for IPv6. I have > > checked the usagi kernels and Dave S. Miller's net git tree and could > > not find anything. > > > > Is anyone working on this? I would appreciate any information on the > > status of this work. > > If we don't have NAT on IPv6 why would you need UDP encapsulation? Hi Herbert, Thank you for your feedback. Depending on the filtering rules it is possible that a gateway/firewall does not accept incoming ESP packets. When the filter rules of the firewall cannot be changed (because one is not the administrator) the only way of traversing the firewall is using some sort of encapsulation, such as UDP encapsulation. Is there any other way to circumvent this issue? (By the way, the premise is that network is a pure ipv6 environment) - Fernando - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists