On Mon, Jun 23, 2003 at 10:06:36PM +0400, kuznet@ms2.inr.ac.ru wrote: > > But this is _not_ right at all. Ports in SADB_ACQUIRE are logical nonsense. > I hope I understand what is purpose of this: it is to trigger policy > resolution rather than SA resoltution, right? It does not look > as a good idea neither from viewpoint of compatibility nor from viewpoint > of plain logic. Addresses in SADB_ACQUIRE are addresses of envelope > (f.e. tunnel addresses), they __cannot__ have any ports by definition. This does make sense for if you KM has policies defined which only differ by port numbers. It may also be needed for dynamic policies if the peer only accepts the most restricted selector. This works with SuperFreeSWAN which has support for policies with port numbers. -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
