lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 27 Jan 2009 09:24:19 -0800
From:	"Paul Moore" <paul.moore@...trify.com>
To:	"Patrick McHardy" <kaber@...sh.net>
Cc:	"David Miller" <davem@...emloft.net>, <netdev@...r.kernel.org>
Subject: RE: port bound SAs

>>I believe thats intentional, RFC2367 specifies to ignore port
numbers except for larval states.

the ietf ipsec list thinks thats not the case. The consensus there is
that the port owns the SA (and thats what Windows, and solaris actually
do)

-----Original Message-----
From: Patrick McHardy [mailto:kaber@...sh.net] 
Sent: Tuesday, January 27, 2009 9:22 AM
To: Paul Moore
Cc: David Miller; netdev@...r.kernel.org
Subject: Re: port bound SAs

Paul Moore wrote:
> the pfkey / xfrm interface throws them away

I misparsed that statement, I thought you meant both. Yes, you
seem to be right, pfkey ignores them.

> i fixed racoon to send the port numbers and they were ignored

I believe thats intentional, RFC2367 specifies to ignore port
numbers except for larval states.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ