From: Andrew Morton <akpm@osdl.org>
To: netdev@vger.kernel.org
Cc: klimes@centrum.cz,
"bugme-daemon@kernel-bugs.osdl.org"
<bugme-daemon@bugzilla.kernel.org>
Subject: Fw: [Bugme-new] [Bug 6791] New: ports in SA should not be zeroed when protocol is specified
Date: Tue, 4 Jul 2006 15:41:42 -0700 [thread overview]
Message-ID: <20060704154142.b7eddfe7.akpm@osdl.org> (raw)
Begin forwarded message:
Date: Tue, 4 Jul 2006 06:54:01 -0700
From: bugme-daemon@bugzilla.kernel.org
To: bugme-new@lists.osdl.org
Subject: [Bugme-new] [Bug 6791] New: ports in SA should not be zeroed when protocol is specified
http://bugzilla.kernel.org/show_bug.cgi?id=6791
Summary: ports in SA should not be zeroed when protocol is
specified
Kernel Version: 2.6.17 and all previous
Status: NEW
Severity: normal
Owner: shemminger@osdl.org
Submitter: klimes@centrum.cz
Problem Description:
Security assotiations manipulation is defined by RFC2367 - PFKEY API.
However this specification has some drawbacks and unnecessary limitations.
(Maybe RFC2367 would deserve updating as it is rather old.)
Specifically there is a need for an IPsec SA which supports simultaneously TCP
and UDP. Such behaviour can be required by many applications and is e.g.
neccessary for authenticating in 3G according to 3GPP TS 33.203.
Current implementation of PFkey in linux (af_key.c) nethertheless doesn't
support usage of ports as SA selectors and moreover, if a protocol is specified,
the ports are zeroed.
I have found that a bug on this issue has been reported against solaris and has
been corrected - see bugID 6258318
(http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6258318)
So, I would appreciate to have similar behaviour in linux as well to be competitive.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
reply other threads:[~2006-07-04 22:41 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060704154142.b7eddfe7.akpm@osdl.org \
--to=akpm@osdl.org \
--cc=bugme-daemon@bugzilla.kernel.org \
--cc=klimes@centrum.cz \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).