Project

General

Profile

Issue #2406

No mark value generated in inbound SA

Added by c c about 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.5.3
Resolution:
Duplicate

Description

When mark value is specified in ipsec.conf, there will be corresponding mark value in SP and SA.
In 5.5.3, mark value is correctly written in inbound and outbound SP, but only only written in outbound SA.
As in below. There is no such issue in 5.5.0

# ip x p
src 0.0.0.0/0 dst 0.0.0.0/0
        dir out priority 400000
        mark 0x6f/0xffffffff
        tmpl src 49.49.49.9 dst 49.49.11.3
                proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
        dir fwd priority 400000
        mark 0x6f/0xffffffff
        tmpl src 49.49.11.3 dst 49.49.49.9
                proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
        dir in priority 400000
        mark 0x6f/0xffffffff
        tmpl src 49.49.11.3 dst 49.49.49.9
                proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
        socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
        socket out priority 0
src ::/0 dst ::/0
        socket in priority 0
src ::/0 dst ::/0
        socket out priority 0
src ::/0 dst ::/0
        socket in priority 0
src ::/0 dst ::/0
        socket out priority 0
# ip x s
src 49.49.49.9 dst 49.49.11.3
        proto esp spi 0xcf41f21e reqid 1 mode tunnel
        replay-window 0 flag nopmtudisc af-unspec
        mark 0x6f/0xffffffff
        auth-trunc hmac(sha1) 0x5b85451f0d6b1aa03879773bc46e5f8acf1d1df2 96
        enc cbc(des3_ede) 0xf250763407d3c4014d9bbf3ad749eac2438c11f8153f0c01
        anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
src 49.49.11.3 dst 49.49.49.9
        proto esp spi 0xcd8aa0dd reqid 1 mode tunnel
        replay-window 0 flag nopmtudisc af-unspec
        auth-trunc hmac(sha1) 0xacb22e404ada457bfe6b9558aa72568483060dc4 96
        enc cbc(des3_ede) 0x2f4e90c7cd6bc2664820eeea7f6b7bb9b00e87e4112e02a7
        anti-replay esn context:
         seq-hi 0x0, seq 0x0, oseq-hi 0x0, oseq 0x0
         replay_window 256, bitmap-length 8
         00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

Related issues

Is duplicate of Issue #2404: No mark info in inbound SA infoClosed

History

#1 Updated by Tobias Brunner about 8 years ago

  • Status changed from New to Closed
  • Resolution set to Duplicate

#2 Updated by Tobias Brunner about 8 years ago

  • Is duplicate of Issue #2404: No mark info in inbound SA info added