Hello,
I have the following question:
How can I get the port information about the "session" that triggered a xfrm acquire, without using ports in policies?
An example:
I'm using the Host Identity Protocol for signaling and securing communication between two hosts. What it does is set up a policy for the HIP Address Prefix (2001:10::/28). ip xfrm monitor:
Code:
src 2001:10::/28 dst 2001:10::/28
dir in priority 0
tmpl src :: dst ::
proto 0 reqid 0 mode transport
src 2001:10::/28 dst 2001:10::/28
dir out priority 0
tmpl src :: dst ::
proto 0 reqid 0 mode transport
Now, when I trigger a new connection between the two hosts the acquire message looks like this (I'm using ssh for this example, therefore destination port 22). ip xfrm monitor dumps:
Code:
acquire proto 0
sel src 2001:16:2895:e713:474d:2e1c:42e3:81b1/128 dst 2001:11:eb2c:9bcf:7908:b80a:c16c:dfa/128 proto tcp sport 0 dport 22
policy src 2001:10::/28 dst 2001:10::/28
dir out priority 0
tmpl src :: dst ::
proto 0 reqid 0 mode transport
What I'm interested in are the source and destination ports. As you can see, the destination port is set correctly, yet the source port is not? Why is that? Is there any way to get the source port, too?
Any suggestions?
Thanks!