[Openswan Users] how to associate sp with a specific sa?
kelvin
kanava88 at gmail.com
Sat Dec 23 03:46:25 EST 2006
this is entry in sad:
sitea:~ # setkey -D
172.16.1.102 172.16.1.101
esp mode=transport spi=2311113685(0x89c0cbd5)
reqid=16385(0x00004001)
E: aes-cbc 5bea7c79 e6341ada 2c43bae9 eae8a0f8
A: hmac-sha1 2bc7ccc3 455162fb 6b2bfee8 a529609b 846305da
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Dec 23 04:33:22 2006 current: Dec 23 09:49:56 2006
diff: 18994(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=15090 refcnt=0
172.16.1.101 172.16.1.102
esp mode=transport spi=1197392207(0x475ec14f)
reqid=16385(0x00004001)
E: aes-cbc c65f1b6a 31468378 212a78e5 8e39c5ff
A: hmac-sha1 519ba67c ec0ba420 398ea5a6 1ab50b63 f136b960
seq=0x00000000 replay=32 flags=0x00000000 state=mature
created: Dec 23 04:33:22 2006 current: Dec 23 09:49:56 2006
diff: 18994(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=15090 refcnt=0
and this is entry in spd:
sitea:~ # setkey -D -P
172.16.1.102[any] 172.16.1.101[any] any
in prio high + 1073739744 ipsec
esp/transport//unique#16385
created: Dec 21 22:33:04 2006 lastused: Dec 21 22:33:47 2006
lifetime: 0(s) validtime: 0(s)
spid=464 seq=9 pid=15105
refcnt=1
172.16.1.101[any] 172.16.1.102[any] any
out prio high + 1073739744 ipsec
esp/transport//unique#16385
created: Dec 23 04:33:22 2006 lastused:
lifetime: 0(s) validtime: 0(s)
spid=473 seq=8 pid=15105
refcnt=1
i want to know how did the kernel decide which sa to use when a packet
matched one of entry in spd if there are many sa.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061223/dea40c04/attachment.html
More information about the Users
mailing list