Dan McDonald writes: > On Mon, Jul 28, 2008 at 06:43:49PM -0400, Girish Moodalbail wrote: > > #define SADB_AALG_MD5 1 > > > > The openbsd header file for instance has it defined to be > > > > #define SADB_AALG_MD5 249 > > > > (http://fxr.watson.org/fxr/source/net/pfkeyv2.h?v=OPENBSD#L275) > > I numbered our net/pfkeyv2.h to match AH transforms for the auth algorithms. > According to RFC2407: > > Transform ID Value > ------------ ----- > RESERVED 0-1 > AH_MD5 2 > AH_SHA 3 > AH_DES 4 > > so '1' is fine for your purposes. I will warn you, though, that if PF_KEYv3 > ever comes into existence the values will be renumbered to be more consistent > with those in the RFC 430x series. > > So for now, don't worry, and for later, let whomever is doing the 430x work > worry.
Why not use something in the 249-255 range? The 'isakmp-registry' IANA document (which seems to be the one documenting these values) lists 249-255 for "private use." (I'd imagine that's where OpenBSD came up with 249.) -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677