[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: issues from the bakeoff




>>	- Is it valid to pass a SPI (actually a CPI in PCP) of zero? 
>Currently, no, as the value 0 is defined to be RESERVED.
>> Is this the "well known CPI"?
>Yes, 0 is in the "well known" range.
>RFC2393 specifies the range 0-63 as pre-defined (3.3) but points 
>the reader to RFC2407 "The Internet IP Security Domain of 
>Interpretation for ISAKMP" for the defined values. There (4.4.5), 
>as with so many other instances in that RFC, 0 is defined to be 
>RESERVED.

	Well-known CPI is not very friendly with PFKEY interface (RFC2367).
	RFC2367 expects unique SPI per peer (which can embed CPI in lower
	2 bytes), but for well-known CPI we can't.

	What kind of userland API do you expect to see?  I'm now using dummy
	SPI (= CPI) to designate the SA database entry for compression,
	and add a flag to force the use of well-known CPI on the packet.

itojun


Follow-Ups: References: