lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Wed, 18 Jan 2012 17:30:49 +1100
From:	Herbert Xu <>
To:	Prashant Batra prbatra <>
Subject: Re: ipsec tunnel with different inner and outer ip families

Prashant Batra prbatra <> wrote:
> Hello,
> Does linux 2.6.* support an IPSec tunnel with different family of inner and outer addresses , like v4 in v6 or v6 in v4.
> After trying ip xfrm * from user space, the utility doesn't seem to accept two different families in a single command.
> #ip xfrm policy add dir out src dst tmpl src 2001:db8:0:242::36/128 dst 2001:db8:0:242::37/128 proto esp  mode tunnel
> Error: an inet prefix is expected rather than "2001:db8:0:242::36/128".
> So, I tried sending a NETLINK SPD add message) from user space with, selector as v4 addresses and tmpl as v6 address.
> Policy got added but kernel doesn't seem to be interpreting the addresses correctly.
> src dst
>         dir out priority 1024
>         tmpl    src dst   /* I gave ipv6 addresses here*/
>                 proto esp spi 0x00000000 reqid 0 mode tunnel
> Can someone help me with this?

The kernel is certainly supposed to support inter-family SAs
and policies.  However, I wouldn't be surprised if it's buggy
as very few people use it.

Email: Herbert Xu <>
Home Page:
PGP Key:
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists