[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How are Initiator's Proposals checked by Responder?
dong,
one conceptual model in the responder case could be: SPD entries
with wild-carded selectors are stored at application level and managed by
another daemon like KMd, say SPDd. when the ph-2 proposals are received
from peer, KMd can find the matching application level wild-carded SPD by
talking to SPDd. then do SADB_GETSPI to create larval inbound SA(s), and
send the matched ph-2 proposal to peer.
after completing ph-2 successfully, KMd can do SADB_UPDATE for the
created larval inbound SA(s), and SADB_ADD for the outbound SA(s).
hope this helps.
- pravin
At 10:04 AM 9/13/01 +0800, dxh wrote:
> I want to know if rfc2367 has defined the behavior of the
> responder in SA negotiation!
> I only see the initiator's behavior is defined in 5.1 of rfc2367.
> The proposals are passed from kernel to KMd using Message SADB_ACQUIRE.
> When responder's KMd gets the proposals, how it communicates with kernel
> to determine which proposal is proper?
>
>
> Dong Xiaohu
> sleepy-cat@263.net
*********************************************************************
Pravin Kantak, http://www.intotoinc.com
Intoto Inc. voice : (408)844-0480 Ext 318
3160, De La Cruz Blvd, #100, fax : (408)844-0488
Santa Clara, CA - 95054
*********************************************************************
Follow-Ups:
References: