| To: | kuznet@xxxxxxxxxxxxx |
|---|---|
| Subject: | Re: off by one error in 3des cbc keying |
| From: | bert hubert <ahu@xxxxxxx> |
| Date: | Mon, 11 Nov 2002 11:01:09 +0100 |
| Cc: | davem@xxxxxxxxxx, gem@xxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <200211110151.EAA26095@sex.inr.ac.ru> |
| Mail-followup-to: | bert hubert <ahu@xxxxxxx>, kuznet@xxxxxxxxxxxxx, davem@xxxxxxxxxx, gem@xxxxxxxxxxx, netdev@xxxxxxxxxxx |
| References: | <20021110111507.GA31188@outpost.ds9a.nl> <200211110151.EAA26095@sex.inr.ac.ru> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.3.28i |
[alexey's nameserver is off, cc to netdev@xxxxxxxxxxx, perhaps he sees it there] On Mon, Nov 11, 2002 at 04:51:36AM +0300, kuznet@xxxxxxxxxxxxx wrote: > Yes, connect() is broken... The patch is enclosed. Alternatively, you > could allow connections to remote isakmp ports via policy. Ok, with careful tuning, it will work now. But not for the general case. If a policy is setup that only applies to ICMP, IKE converges and works (as it works over UDP). I wonder, is 'incoming bypass' implemented yet? If there is an incoming policy, racoon does not see any traffic. Key refreshing/updating doesn't appear to work either, after they key has expired, all bets are off. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://lartc.org Linux Advanced Routing & Traffic Control HOWTO |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Net device queries., Ben Greear |
|---|---|
| Next by Date: | Re: off by one error in 3des cbc keying, bert hubert |
| Previous by Thread: | ioport.h fixed in 2.2.22, Paolo Pumilia |
| Next by Thread: | Re: off by one error in 3des cbc keying, bert hubert |
| Indexes: | [Date] [Thread] [Top] [All Lists] |