Linux IPsec Summit 2018 wishlist
Jump to navigation
Jump to search
A scratchpad for things we'd like to talk about during the ipsec meetup
- larval acquire saying "transport mode" - would be nice to not say mode at all
src 192.0.2.100 dst 192.1.2.23 proto esp spi 0xSPISPIXX reqid REQID mode transport replay-window 0 sel src 192.0.2.100/32 dst 192.1.2.23/32 proto icmp type 8 code 0 dev eth0
- add support for Populate-From-Packet flag. Cause acquires for each different policy hit
- some clarification or documentation for these:
FLAG := noecn | decap-dscp | nopmtudisc | wildrecv | icmp | af-unspec | align4 | esn EXTRA-FLAG-LIST := [ EXTRA-FLAG-LIST ] EXTRA-FLAG EXTRA-FLAG := dont-encap-dscp ip xfrm policy help shows: FLAG := localok | icmp XFRM-PROTO := esp | ah | comp | route2 | hao MODE := transport | tunnel | beet | ro | in_trigger LEVEL := required | use
- some clarification or documentation for these:
/proc/sys/net/core/xfrm_acq_expires /proc/sys/net/core/xfrm_aevent_etime /proc/sys/net/core/xfrm_aevent_rseqth /proc/sys/net/core/xfrm_larval_drop