The man page for setkey (from ipsec-tools-0.2.2) says the following
regarding SPD entries:
upperspec
Upper-layer protocol to be used. You can use one of words in
/etc/protocols as upperspec. Or icmp6, ip4, and any can be
spec-
ified. any stands for "any protocol". Also you can use the
pro-
tocol number. You can specify a type and/or a code of ICMPv6
when Upper-layer protocol is ICMPv6. the specification can
be
placed after icmp6. A type is separated with a code by
single
comma. A code must be specified anytime. When a zero is
speci-
fied, the kernel deals with it as a wildcard. Note that the
ker-
nel can not distinguish a wildcard from that a type of
ICMPv6 is
zero. For example, the following means the policy doesn't
require IPsec for any inbound Neighbor Solicitation.
spdadd ::/0 ::/0 icmp6 135,0 -P in none;
Is this capability implemented in the 2.5 kernel IPSec?
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
This archive was generated by hypermail 2b29 : Fri May 23 2003 - 22:00:02 EST