[Openswan dev] Openswan support for RFC 4301

Patricia de Noriega pnoriega at it.uc3m.es
Thu Jan 13 06:20:30 EST 2011


Does openswan support RFC 4301? I'm interested specifically in how it search
in the SAD.

This RFC search as follows:

      1. Search the SAD for a match on the combination of SPI,
         destination address, and source address.  If an SAD entry
         matches, then process the inbound packet with that
         matching SAD entry.  Otherwise, proceed to step 2.

      2. Search the SAD for a match on both SPI and destination address.
         If the SAD entry matches, then process the inbound packet
         with that matching SAD entry.  Otherwise, proceed to step 3.

      3. Search the SAD for a match on only SPI if the receiver has
         chosen to maintain a single SPI space for AH and ESP, and on
         both SPI and protocol, otherwise.  If an SAD entry matches,
         then process the inbound packet with that matching SAD entry.
         Otherwise, discard the packet and log an auditable event.

Does openswan the same?

Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20110113/5a7294b2/attachment.html 


More information about the Dev mailing list