[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: issues from the bakeoff
>> - Is it valid to pass a SPI (actually a CPI in PCP) of zero?
>Currently, no, as the value 0 is defined to be RESERVED.
>> Is this the "well known CPI"?
>Yes, 0 is in the "well known" range.
>RFC2393 specifies the range 0-63 as pre-defined (3.3) but points
>the reader to RFC2407 "The Internet IP Security Domain of
>Interpretation for ISAKMP" for the defined values. There (4.4.5),
>as with so many other instances in that RFC, 0 is defined to be
>RESERVED.
Well-known CPI is not very friendly with PFKEY interface (RFC2367).
RFC2367 expects unique SPI per peer (which can embed CPI in lower
2 bytes), but for well-known CPI we can't.
What kind of userland API do you expect to see? I'm now using dummy
SPI (= CPI) to designate the SA database entry for compression,
and add a flag to force the use of well-known CPI on the packet.
itojun
Follow-Ups:
References: