LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page intended xfrm replay-window is not getting configured on kernel 4.9
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-17-2019, 05:23 AM   #1
suri.linux
LQ Newbie
 
Registered: Apr 2019
Posts: 1

Rep: Reputation: Disabled
intended xfrm replay-window is not getting configured on kernel 4.9

i am trying to configure replay-window 512 on kernel 4.9 for ipsec configuration , but still xfrm is configuring it as 0 . can some body help on this do we have any open BUG in the xfrm code on 4.9 linux kernel.
appreciate your comments on this
====
config:
ip xfrm state add src 3.1.1.33 dst 101.0.33.1 proto ah spi 0x210 reqid 2 mode tunnel replay-window 64 auth-trunc sha1 0x12345678bef217722ada4f77397bb90c08b62c01 96
ip xfrm state add src 101.0.33.1 dst 3.1.1.33 proto ah spi 0x310 reqid 1 mode tunnel replay-window 64 auth-trunc sha1 0x123456783f3c0a126429009b16e4abdcec2c8e7b 96

=================
src 101.0.33.1 dst 3.1.1.33
proto ah spi 0x00000310 reqid 1 mode tunnel
replay-window 0
auth-trunc hmac(sha1) 0x123456783f3c0a126429009b16e4abdcec2c8e7b 96
anti-replay esn context:
seq-hi 0x0, seq 0x0, oseq-hi 0x0, oseq 0x0
replay_window 64, bitmap-length 2
00000000 00000000
sel src 0.0.0.0/0 dst 0.0.0.0/0
src 3.1.1.33 dst 101.0.33.1
proto ah spi 0x00000210 reqid 2 mode tunnel
replay-window 0
auth-trunc hmac(sha1) 0x12345678bef217722ada4f77397bb90c08b62c01 96
anti-replay esn context:
seq-hi 0x0, seq 0x0, oseq-hi 0x0, oseq 0x0
replay_window 64, bitmap-length 2
00000000 00000000
sel src 0.0.0.0/0 dst 0.0.0.0/0
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to update SA using ip xfrm update,its not working!! samiran.linux Linux - Networking 1 05-05-2014 12:31 AM
[SOLVED] OpenVPN replay-window backtrack occurred [1330]? psycroptic Linux - Networking 5 01-30-2013 11:24 PM
Which is the difference between Netfilter and XFRM framework? chiodo Programming 0 06-08-2009 11:29 AM
XFRM structure LegolasV Linux - Kernel 0 06-20-2006 08:55 PM
xfrm in ipsec atul_mehrotra Linux - Security 1 05-28-2005 06:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:34 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration