SADB_X_SPDFLUSH message handling for latest version of IPsec
- From: blue <susan.lan@xxxxxxxxxxxx>
- Date: Thu, 26 Jul 2007 11:13:53 +0800
Hi, all:
Recently I found the behavior for the command "setkey -FP" is quite different for the latest version IPsec (known as FAST_IPSEC before). Before the command would erase all the existed SP entries; currently the command would not. After digging the codes, I found the state of the SP entries will be set as IPSEC_SPSTATE_DEAD, but the entries will not be unlink from the SPD. Why needs to keep the entry in SPD? Is there any special purpose? Without the removal, it's hard to tell whether the SP entry still takes effect since "setkey -PD" will not show its status. On the other hand, SA is like usual, once the "setkey -F" is typed in, the SA entries will be erased right away.
Thanks.
BR,
blue
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Prev by Date: Re: Ipsec - PF_KEY and set_policy
- Next by Date: Re: MPD and fragmentation
- Previous by thread: 3com 3c905c-tx Fast Etherlink Xl
- Next by thread: Re: SADB_X_SPDFLUSH message handling for latest version of IPsec
- Index(es):
Relevant Pages
- Re: I want my money back! (and lower taxes)
... Add a new entry to the list of sectors in src/lib/global/sect.c (can ... do
I have to modify a total number of entries in some other ... of "comm" command,
... any other commodities. ... (rec.games.empire) - Re: table with double entries using
owcolors from xcolor
... >j> all entries are multirows. ... >j> But if I use the \rowcolors
command from the xcolor package I ... >j> absolutely need to have each double entry
placed in one single row. ... (comp.text.tex) - Re: register SLP in WINS
... There is a command for adding a static entry to an NT 4.0 based WINS server.
... It is mentioned on page 532 of the CPDG. ... I have not had complete success
with the entries that I added using this ... (microsoft.public.sms.setup) - Re: SADB_X_SPDFLUSH message handling for latest version of IPsec
... different for the latest version IPsec. ... Before the command would
erase all the existed SP entries; ... entry still takes effect since "setkey -PD"
will not show its status. ... (freebsd-net) - bcp problem
... The file has entries like ... When I use command ... Error = String
data, right truncation ... on every entry. ... (microsoft.public.sqlserver.tools)
