On Thu, Oct 28, 2010 at 02:39:00AM -0700, Naveen surisetty wrote: > One of the UNH Requirement for Ipsecv3 compatibility specifies the following > > There should be a facility to configure different incoming and outgoing > SA?s > based on ICMPV6 Type and Code
Realistically, what real-world problem are you trying to solve by doing this? But to continue... > SA1-Incoming for Echo Request with 3DES/SHA1 > SA2-Incoming for Echo Reply with AES/SHA1 > SA3-Outgoing for Echo Request with 3DES/SHA256 > SA4-Outgoing for Echo Reply with AES/AESXXCBC You used ipsecconf(1M)'s code/type keywords, right? ECHO/ECHO-Reply is a bit special in our code, because we always reflect the reply's policy. This allows clearetext pings for diagnostic purposes. See here: http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/inet/ip/ip6.c#icmp_send_reply_v6 for the code. Dan _______________________________________________ networking-discuss mailing list networking-discuss@opensolaris.org
