Hosting Provided By

Re: linux-ipsec: transport mode failures under manual

From: Henry Spencer <henry(at)spsystems.net>
Date: Tue Nov 24 1998 - 23:20:14 EST

Responding (finally) to bugs RGB found a week ago...

> > + ipsec spi --edst 192.168.2.100 --spi 0x1001 --proto esp --esp 3des --iv 0x11b46020_97a895cf --authkey --enckey 0x2fa6b951_6f0a35c5_968e4c07_fbd87e95_4c6b5e5e_3ecdf987

This is the bug I fixed a day or two ago (with some help!), in which there really shouldn't be an authkey at all in that SA.

> and the following error from left:
> > + ipsec spigrp 192.168.2.110 0x1000 tun 192.168.2.110 0x1002 ah

Because the programmer -- whose name we won't mention :-) -- who wrote the protocol-type fixes for ipsec_manual made some unwarranted assumptions about the type of the SAs at each step, and I missed this when I incorporated his changes. Note that it's getting the SPI right; the problem is that the protocol-type code needs to vary with the type of connection, rather than being hardwired. I *think* I've fixed this now. (The logic there is a bit messy, and I haven't tested every possible case.)

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

Received on Tue Nov 24 23:50:35 1998

This message: [ Message body ]
Next message: D. Hugh Redelmeier: "Re: Linux and Ipsec"
Previous message: Henry Spencer: "Re: linux-ipsec: Bug in ipsec manual with transport setups"
In reply to Richard Guy Briggs: "linux-ipsec: transport mode failures under manual"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:07 EDT