Dan McDonald writes:
> On Mon, Jul 28, 2008 at 06:43:49PM -0400, Girish Moodalbail wrote:
> > #define SADB_AALG_MD5 1
> >
> > The openbsd header file for instance has it defined to be
> >
> > #define SADB_AALG_MD5 249
> >
> > (http://fxr.watson.org/fxr/source/net/pfkeyv2.h?v=OPENBSD#L275)
> 
> I numbered our net/pfkeyv2.h to match AH transforms for the auth algorithms.
> According to RFC2407:
> 
>        Transform ID                        Value
>        ------------                        -----
>        RESERVED                            0-1
>        AH_MD5                              2
>        AH_SHA                              3
>        AH_DES                              4
> 
> so '1' is fine for your purposes.  I will warn you, though, that if PF_KEYv3
> ever comes into existence the values will be renumbered to be more consistent
> with those in the RFC 430x series.
> 
> So for now, don't worry, and for later, let whomever is doing the 430x work
> worry.

Why not use something in the 249-255 range?  The 'isakmp-registry'
IANA document (which seems to be the one documenting these values)
lists 249-255 for "private use."

(I'd imagine that's where OpenBSD came up with 249.)

-- 
James Carlson, Solaris Networking              <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive        71.232W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.496N   Fax +1 781 442 1677

Reply via email to