[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec error codes

To: Dan McDonald <danmcd@Eng.Sun.Com>
Subject: Re: ipsec error codes
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Fri, 09 Apr 1999 10:01:40 -0700
CC: ipsec@lists.tislabs.com
Organization: RedCreek Communications
References: <199904091647.JAA31177@kebe.Eng.Sun.COM>
Sender: owner-ipsec@lists.tislabs.com

Dan McDonald wrote:
> 
> <SNIP!>
> > In this situation, standardized event codes would go a long way in terms of
> > diagnostics, accounting, etc.
> 
> I understand that such diagnostics are useful.  The other part of my question
> remains unanswered:
> 
> > > At first glance, I don't see what problem is being solved.  What
> > > on-the-wire entity would issue these codes and messages?
> 
> Are these extensions to IKE?  What entity issues such error codes?  Are we
> inventing a new protocol that does nothing but report errors?  Or is this
> merely a proposal of output from <something> that can be read?

Again, good question. I guess my assumption is that an ipsec
implementation either contains or has an API into an audit subsystem of
some type. In the case of a Unix kernel, this might be syslog, or it
might simply be a logfile. The ipsec implementation must somehow signal
the event to the audit subsystem. Depending upon the implementation, the
formatting may be done by the ipsec component (as might be the case with
syslog), or it might be done by the audit subsystem itself, as would be
the case with a simple logfile.

Scott

References:

Re: ipsec error codes

From: Dan McDonald <danmcd@Eng.Sun.Com>

Prev by Date: Re: ipsec error codes
Next by Date: DESX
Prev by thread: Re: ipsec error codes
Next by thread: Re: ipsec error codes
Index(es):
- Main
- Thread