I believe that good documentation will also be required then. If it is
being decided that the user must enter the ipsec protocols in the proper
order using the setkey spdadd operation, then the user will need to know
what order in which to specify the arguments to setkey. Given that the
spdadd operation:
spdadd src-ip dst-ip any -P out ipsec ah/transport//require
esp/transport//require;
would result in improper ordering of the AH and ESP headers and therefore
interoperability problems, while
spdadd src-ip dst-ip any -P out ipsec esp/transport//require
ah/transport//require;
results in the proper order.
No where have I been able to find any user level documentation that says
what order the ipsec protocols need to be specified on the spdadd
operation. Without good documentation I believe support centers, both a
customer's own and/or a distributor's, may be getting a lot of unnecessary
calls.
Tom
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Feb 23 2003 - 22:00:29 EST