[Swan-dev] break down of 5.0's potential blockers
Andrew Cagney
andrew.cagney at gmail.com
Tue Dec 26 17:07:30 EET 2023
On Tue, 19 Dec 2023 at 09:32, Bill Atwood <williamatwood41 at gmail.com> wrote:
>
> Paul, Brady,
>
> On 12/18/2023 9:42 PM, Paul Wouters wrote:
> > * 4a936b2aad - The XFRM address scope must be global (12 hours ago)
> > <Brady Johnson>
>
> While this constraint must be true for the current XFRM (it does not
> understand that Link-Local addresses must have an interface associated
> with them), the enforcement of the constraint should be removed when
> XFRM is updated and this problem is fixed. IPsec tunnels with LL
> endpoints are *required* by the ANIMA RFCs (specifically RFC 8994,
> Section 6.8.3.1). Perhaps what is needed here is a configuration option.
Here hardwired to 50. For IPv6, the kernel ignored that and set it to
global anyway.
Can you file a bug about RFC 8994 needing a way to specify if the
address is local or global.
Andrew
More information about the Swan-dev
mailing list