Is the behavior documented anywhere?
Thanks,
Jafar
On 10/5/2017 11:24 AM, Jafar Al-Gharaibeh wrote:
Hi,
I know that the most specific rule is applied a given traffic if
multiple overlapping rules exist. But How is the priority determined
when rules are specific in different ways Like the cases below. Not
sure if this is a strongSwan question or a OS Kernel question as it
seems this is more of how the Linux kernel handles it for example,
but I hope someone here can shed some light on this subject.
Example 1:
Connection 1 :
rightsubnet=10.0.0.1/32
Connection 2 :
rightsubnet=10.0.0.0/24[udp]
If a udp packet is going to 10.0.0.1, which connection config will be
use? Does the priority starts with subnet where the most specific
subnet takes precedence before moving to protocols/ports?
What is the priority between the protocols and ports themselves?
Example 2:
Connection 1 :
leftsubnet=10.0.0.1/32
rightsubnet=192.168.0.0/24
Connection 2 :
leftsubnet=10.0.0.0/24
rightsubnet=192.168.0.1/32
For a packet going from 10.0.0.1 to 192.168.0.1, based on the source
connection 1 has higher priority, but based on the destination
connection 2 has a higher priority. How is this handled?
Regards,
Jafar
