[Swan-dev] a better unified proposal matcher
andrew.cagney at gmail.com
Fri Feb 27 07:43:09 EET 2015
On 26 February 2015 at 16:08, Paul Wouters <paul at nohats.ca> wrote:
> On Thu, 26 Feb 2015, D. Hugh Redelmeier wrote:
>> Then I read what your parenthetcal remark. Why would you want to
>> match ESP with DH? How could they ever match? I'm pretty sure that
>> I'm missing something.
> I think he means an ESP proposal protected by PFS (eg an additioal DH
> with KE) in the CREATE_CHIKD_SA ?
Match an ESP proposal that includes [with] a DH transform.
In ikev2_spdb_struct.c both parent (IKE) and child (ESP,?H) have
redundant code, and no need to be dealing with v1 structures.
> similar to ikev1, where a modp on the ike line meant for Main Mode, and
> an modp on the esp line meant for additional Quick Mode's.
More information about the Swan-dev