Re: How are Initiator's Proposals checked by Responder?

[Pravin Kantak <pravin@intotoinc.com>]

dong,

         one conceptual model in the responder case could be: SPD entries 
with wild-carded selectors are stored at application level and managed by 
another daemon like KMd, say SPDd. when the ph-2 proposals are received 
from peer, KMd can find the matching application level wild-carded SPD by 
talking to SPDd. then do SADB_GETSPI to create larval inbound SA(s), and 
send the matched ph-2 proposal to peer.

         after completing ph-2 successfully, KMd can do SADB_UPDATE for the 
created larval inbound SA(s), and SADB_ADD for the outbound SA(s).

         hope this helps.

- pravin


At 10:04 AM 9/13/01 +0800, dxh wrote:
>         I want to know if rfc2367 has defined the behavior of the 
> responder in SA negotiation!
>         I only see the initiator's behavior is defined in 5.1 of rfc2367. 
> The proposals are passed from kernel to KMd using Message SADB_ACQUIRE. 
> When responder's KMd gets the proposals, how it communicates with kernel 
> to determine  which proposal is proper?
>
>
>                                                         Dong Xiaohu
>                                                 sleepy-cat@263.net



*********************************************************************
Pravin Kantak,                          http://www.intotoinc.com
Intoto Inc.                             voice : (408)844-0480 Ext 318
3160, De La Cruz Blvd, #100,            fax   : (408)844-0488
Santa Clara, CA - 95054
*********************************************************************

---

Follow-Ups:

• Re: How are Initiator's Proposals checked by Responder?
• From: "Jari Arkko" <jari.arkko@kolumbus.fi>

References:

• How are Initiator's Proposals checked by Responder?
• From: dxh <sleepy-cat@263.net>

---

• Prev by Date: Re: How many spd recrds ?
• Next by Date: ESP and AH questions
• Next by thread: Re: inbound vs outbound?
• Index(es):
  • Main
  • Thread