RFC4303 (IPsec/ESP) auditing requirements
Paul Moore
paul.moore at hp.com
Wed Dec 5 20:46:13 UTC 2007
On Wednesday 05 December 2007 2:45:12 pm Paul Moore wrote:
> Hello all,
>
> I'm looking at RFC4303 at some of the auditing requirements and one of the
> gaps between what the specification requires and what we currently provide
> involves the SA's sequence number and the IPv6 flow ID. According the list
> of existing audit fields[1] there doesn't appear to any fields which are a
> good match. With that in mind I'd like to propose two new fields:
>
> * seqno - sequence number
> * flowid - flow id
Scratch the 'flowid' name, the more I look at things we should probably go
with 'flowlbl'.
> Any comments, objections, suggestions?
>
> [1] http://people.redhat.com/sgrubb/audit/audit-parse.txt
--
paul moore
linux security @ hp
More information about the Linux-audit
mailing list