[redhat-lspp] Labeled IPsec localhost problems
Eric Paris
eparis at redhat.com
Wed Jan 31 23:00:04 UTC 2007
On Wed, 2007-01-31 at 15:33 -0600, Joy Latten wrote:
> As for sequence numbers, their use is optional and we can
> specify/document that when using loopback, we recommend you do not use
> them since loopback has guaranteed delivery. Because yes, packets can
> get dropped when using sequence numbers and window size.
I'm no ipsec expert, but my understanding was that the purpose of the
sequence number in ipsec was to prevent playback in the future. It's
not a delivery guarantee mechanism like the seq number in TCP. Not sure
if we care about loosing replay protection on loopback, but if it is the
only way....
-Eric
More information about the redhat-lspp
mailing list