Bug ID: 4014
Summary: Separate IP ID allocation for transport and tunnel
mode SAs may cause duplicate IDs.
Product: OpenDataPlane - linux- generic reference
Component: General ODP
Target Milestone: ---
Separate IP ID allocation for transport and tunnel mode SAs may cause duplicate
The IPsec implementation allocates IPv4 IDs for tunnel mode packets but copies
the ID from the plain text packet in transport mode.
This can violate the IP ID uniquenes requirement when there are both transport
mode and tunnel mode SAs between the same endpoints.
The ODP API does not explicitly say how IPv4 IDs are generated in transport
mode. If the unstated intent of the API is to have ODP implementation generate
the IP ID in all cases, then this problem should be fixed as a bug in the
current implementation and maybe also the API text should be clarified.
Alternatively, this can be seen as a change request to the API and then
corresponding implementation change (i.e. not a bug).
I am filing this as a bug now based on my interpretation of the discussion in
the architecture meeting this Monday.
You are receiving this mail because:
You are on the CC list for the bug.