[Swan-dev] break down of 5.0's potential blockers
Bill Atwood
williamatwood41 at gmail.com
Tue Dec 26 21:02:26 EET 2023
Done. Issue #1498.
On 12/26/2023 10:07 AM, Andrew Cagney wrote:
> On Tue, 19 Dec 2023 at 09:32, Bill Atwood <williamatwood41 at gmail.com> wrote:
>>
>> Paul, Brady,
>>
>> On 12/18/2023 9:42 PM, Paul Wouters wrote:
>>> * 4a936b2aad - The XFRM address scope must be global (12 hours ago)
>>> <Brady Johnson>
>>
>> While this constraint must be true for the current XFRM (it does not
>> understand that Link-Local addresses must have an interface associated
>> with them), the enforcement of the constraint should be removed when
>> XFRM is updated and this problem is fixed. IPsec tunnels with LL
>> endpoints are *required* by the ANIMA RFCs (specifically RFC 8994,
>> Section 6.8.3.1). Perhaps what is needed here is a configuration option.
>
> Here hardwired to 50. For IPv6, the kernel ignored that and set it to
> global anyway.
> Can you file a bug about RFC 8994 needing a way to specify if the
> address is local or global.
>
> Andrew
More information about the Swan-dev
mailing list