Hi All, I am very new to Linux and open source forums, I hope my question is appropriate to this forum, if not please forgive my ignorance and if possible point me in the right direction.
Once again, I have just started to explore and please do forgive my ignorance. Earlier today,on my debain-linux machine I was exploring ipsec using "ip xfrm". I found one small mismatch in the behavior of linux ipsec and ipsec RFC. It most likely looks like I am missing something. According to ipsec RFC, During SA lookup Destination address is not required to match whereas in linux only if I configure an SA with proper destination address it is working else packet is getting dropped. The configuration in which packets dropped: ip xfrm state add proto ah auth md5 "1234567890123456" mode transport The configuration in which lookup was successful: ip xfrm state add dst <destination ip> proto ah auth md5 "1234567890123456" mode transport I was really not able to find a linux network administrator forum, that why using this. I further looked into linux xfrm code and it looks like their lookup depends on the destination address, but i strongly belive that i am missing something. Once again my sincere apology for my ignorance. Regards, Manimuthu
