lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Wed, 18 Jan 2012 17:30:49 +1100
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Prashant Batra prbatra <prbatra@...co.com>
Cc:	netdev@...r.kernel.org
Subject: Re: ipsec tunnel with different inner and outer ip families

Prashant Batra prbatra <prbatra@...co.com> wrote:
> Hello,
> 
> Does linux 2.6.* support an IPSec tunnel with different family of inner and outer addresses , like v4 in v6 or v6 in v4.
> After trying ip xfrm * from user space, the utility doesn't seem to accept two different families in a single command.
> 
> #ip xfrm policy add dir out src 172.168.68.1/32 dst 172.168.68.2/32 tmpl src 2001:db8:0:242::36/128 dst 2001:db8:0:242::37/128 proto esp  mode tunnel
> Error: an inet prefix is expected rather than "2001:db8:0:242::36/128".
> 
> So, I tried sending a NETLINK SPD add message) from user space with, selector as v4 addresses and tmpl as v6 address.
> Policy got added but kernel doesn't seem to be interpreting the addresses correctly.
> 
> src 172.16.80.1/32 dst 0.0.0.0/0
>         dir out priority 1024
>         tmpl    src 32.1.13.184 dst 32.1.13.184   /* I gave ipv6 addresses here*/
>                 proto esp spi 0x00000000 reqid 0 mode tunnel
> 
> Can someone help me with this?

The kernel is certainly supposed to support inter-family SAs
and policies.  However, I wouldn't be surprised if it's buggy
as very few people use it.

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists