Linux IPsec Summit 2018 wishlist: Difference between revisions
Jump to navigation
Jump to search
Paul Wouters (talk | contribs) (Created page with " A scratchpad for things we'd like to talk about during the ipsec meetup * larval acquire saying "transport mode" - would be nice to not say mode at all <pre> src 192.0.2.1...") |
Paul Wouters (talk | contribs) No edit summary |
||
| Line 13: | Line 13: | ||
* add support for Populate-From-Packet flag. Cause acquires for each different policy hit | * add support for Populate-From-Packet flag. Cause acquires for each different policy hit | ||
* some clarification or documentation for these: | |||
<pre> | |||
FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | af-unspec | align4 | esn | |||
EXTRA-FLAG-LIST := [ EXTRA-FLAG-LIST ] EXTRA-FLAG | |||
EXTRA-FLAG := dont-encap-dscp | |||
ip xfrm policy help shows: | |||
FLAG := localok | icmp | |||
XFRM-PROTO := esp | ah | comp | route2 | hao | |||
MODE := transport | tunnel | beet | ro | in_trigger | |||
LEVEL := required | use | |||
</pre> | |||
Revision as of 18:37, 19 January 2018
A scratchpad for things we'd like to talk about during the ipsec meetup
- larval acquire saying "transport mode" - would be nice to not say mode at all
src 192.0.2.100 dst 192.1.2.23 proto esp spi 0xSPISPIXX reqid REQID mode transport replay-window 0 sel src 192.0.2.100/32 dst 192.1.2.23/32 proto icmp type 8 code 0 dev eth0
- add support for Populate-From-Packet flag. Cause acquires for each different policy hit
- some clarification or documentation for these:
FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | af-unspec | align4 | esn EXTRA-FLAG-LIST := [ EXTRA-FLAG-LIST ] EXTRA-FLAG EXTRA-FLAG := dont-encap-dscp ip xfrm policy help shows: FLAG := localok | icmp XFRM-PROTO := esp | ah | comp | route2 | hao MODE := transport | tunnel | beet | ro | in_trigger LEVEL := required | use