From owner-ipsec-policy@mail.vpnc.org Sun May 16 17:09:53 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA21772 for ; Sun, 16 May 2004 17:09:53 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i4GKhYS9013398; Sun, 16 May 2004 13:43:34 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i4GKhYOB013397; Sun, 16 May 2004 13:43:34 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from noxmail.sandelman.ottawa.on.ca (oetest.freeswan.org [205.150.200.166]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i4GKhPUk013390 for ; Sun, 16 May 2004 13:43:34 -0700 (PDT) (envelope-from mcr@sandelman.ottawa.on.ca) Received: from sandelman.ottawa.on.ca (wlan237.sandelman.ca [205.150.200.237]) by noxmail.sandelman.ottawa.on.ca (8.11.6p3/8.11.6) with ESMTP id i4GKhLP02347 (using TLSv1/SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168 bits) verified OK) for ; Sun, 16 May 2004 16:43:22 -0400 (EDT) Received: from sandelman.ottawa.on.ca (marajade [127.0.0.1]) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian-6.6) with ESMTP id i4GKhLRK010519 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Sun, 16 May 2004 16:43:21 -0400 Received: from marajade.sandelman.ottawa.on.ca (mcr@localhost) by sandelman.ottawa.on.ca (8.12.3/8.12.3/Debian-6.6) with ESMTP id i4GKhKEp010516 for ; Sun, 16 May 2004 16:43:21 -0400 To: ipsec-policy@vpnc.org Subject: work on ipsec APIREQ X-Mailer: MH-E 7.4.2; nmh 1.0.4+dev; XEmacs 21.4 (patch 6) Date: Sun, 16 May 2004 16:43:20 -0400 Message-ID: <10515.1084740200@marajade.sandelman.ottawa.on.ca> From: Michael Richardson Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: -----BEGIN PGP SIGNED MESSAGE----- {draft-ietf-ipsp-ipsec-apireq-01 has expired. I am attempting to get it reposted. In the meantime, there is a copy at: http://www.sandelman.ottawa.on.ca/SSW/ietf/ipsp/pf_policy/ipsec_apireq-00.txt } Document TODO Flesh out Other Issues section. I would ask if there are many other issues that need to be included? Flesh out Informative References with references to existing IPsec-related API's I think that http://www.sandelman.ottawa.on.ca/SSW/ietf/ipsp/pf_policy/ lists many relevant current APIs. I am unaware of any API available on Win2K or WinXP. I hope to be corrected here. Improve security considerations section. Perhaps some guide can be provided as to what needs to be said in this section. As there is no specific proposal in this document, the considerations would be rather abstract. - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQKfSZ4qHRg3pndX9AQEdXwP+N/KDAeMKiNDJ4RWwOIBb0bxwJje8MGPu vDioOqpZq+oUBNzpx67iA5WfU6G4j0BOF3AcE2oiOe8OuuNvY8S8eV2+8Au5tXkI BT/07mAKQVpixJbXdKBhGOZ/SoGy5KMjwAlfiZ6AEbKC9uOyn/CCsmKkYM+TySET IhKN12olpI0= =DiRV -----END PGP SIGNATURE----- From owner-ipsec-policy@mail.vpnc.org Mon May 24 05:04:58 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA21355 for ; Mon, 24 May 2004 05:04:58 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i4O8YnNJ089774; Mon, 24 May 2004 01:34:49 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i4O8YnWm089773; Mon, 24 May 2004 01:34:49 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from smail3.alcatel.fr (smail3.alcatel.fr [194.133.58.56]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i4O8YmJT089763 for ; Mon, 24 May 2004 01:34:48 -0700 (PDT) (envelope-from yacine.el_mghazli@alcatel.fr) Received: from frmail30.netfr.alcatel.fr (frmail30.netfr.alcatel.fr [155.132.182.163]) by smail3.alcatel.fr (ALCANET/NETFR) with ESMTP id i4O8XCXA021053; Mon, 24 May 2004 10:33:12 +0200 Received: from alcatel.fr ([172.25.72.141]) by frmail30.netfr.alcatel.fr (Lotus Domino Release 5.0.9a) with ESMTP id 2004052410330983:2092 ; Mon, 24 May 2004 10:33:09 +0200 Message-ID: <40B1B345.6000208@alcatel.fr> Date: Mon, 24 May 2004 10:33:09 +0200 From: Yacine.El_Mghazli@alcatel.fr Organization: Alcatel R&I User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-gb, fr-fr, en, fr MIME-Version: 1.0 To: ipsec-policy@vpnc.org, baerm@tislabs.com, hardaker@tislabs.com, rs-snmp@revelstone.com, cliffwang2000@yahoo.com CC: rafa@dif.um.es Subject: SPD-MIB MAX-ACCESS question X-MIMETrack: Itemize by SMTP Server on FRMAIL30/FR/ALCATEL(Release 5.0.9a |January 7, 2002) at 05/24/2004 10:33:09, Serialize by Router on FRMAIL30/FR/ALCATEL(Release 5.0.9a |January 7, 2002) at 05/24/2004 10:33:13, Serialize complete at 05/24/2004 10:33:13 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii; format=flowed X-Alcanet-MTA-scanned-and-authorized: yes Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Content-Transfer-Encoding: 7bit dear SPD-MIB authors, my question is related to the IPSec conf MIB recently splitted into 3 modules. more precisely, it deals with the spdIpHeaderFilter table in the SPD MIB. we re-use it in draft-ietf-pana-snmp-00.txt for filtering purposes. we noticed the spdIpHeaderFilter table has a MAX-ACCESS = "not-accesible". then how to create such a filter row ? for example like in the example quoted from the SPD-MIB draft below: ------------------------------------------------------------------------ 4.1.2 Implementing an example SPD policy For our example, let us define and apply the following policy for all incoming traffic on a network interface: o Drop all packets from the host 10.6.6.6. o Accept all other packets. To do this, let us call the set of rules (as a group) "incoming" and apply them to the incoming traffic for the interface associated with the IPv4 address "10.0.0.1". For these rules, let us apply a policy that accepts all traffic except for packets that arrive from a host with an IPv4 address of "10.6.6.6". To achieve this policy, we would follow these steps: First, we need to create the rules to institute this policy. To accomplish this, first we have to create the filter for the host. We could do this using the following row insertion into the spdIpHeaderFilterTable table: SpdIpHeaderFilterEntry(spdIpHeadFiltName = "10.6.6.6") = (spdIpHeadFiltType = 0x80, -- sourceAddress spdIpHeadFiltIPVersion = 1, -- IPv4 spdIpHeadFiltSrcAddressBegin = 0x0a060606, spdIpHeadFiltSrcAddressEnd = 0x0a060606, spdIpHeadFiltRowStatus = 5) -- createAndGo ------------------------------------------------------------------------ can you elaborate on this ? thanks in advance, yacine -------- Original Message -------- Subject: PANA and SNMP doubt Date: Mon, 10 May 2004 18:50:29 +0200 From: Rafael Marin Lopez To: yacine.el_mghazli@alcatel.fr Hello Yacine... I have a doubt draft SNMP usage for PAA-2-EP interface I am reading it and in page 12 says: "For Ipv4/v6 address-based filters provisioning, the IPSec SPD-MIB provides means to filter the traffic based on the IP header information. SPD-MIB "spdIpHeaderFilter" table provides such facilities: one can define the various tests that are used when evaluating a given IP packet. The various tests definable in this table are as follows:" I have taken a look SPD-MIB and this table has a MAX-ACCESS = not-accesible ... then how could you add this tests text explains? Regards.. -- ------------------------------------------------------ Rafael Marin Lopez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain Telf: +34968367645 e-mail: rafa@dif.um.es ------------------------------------------------------ From owner-ipsec-policy@mail.vpnc.org Mon May 24 11:54:04 2004 Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA16081 for ; Mon, 24 May 2004 11:54:04 -0400 (EDT) Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i4OFP8UG068081; Mon, 24 May 2004 08:25:08 -0700 (PDT) (envelope-from owner-ipsec-policy@mail.vpnc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id i4OFP76L068080; Mon, 24 May 2004 08:25:07 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ipsec-policy@mail.vpnc.org using -f Received: from hosting.revelstone.com (sls-ce10p21.dca2.superb.net [66.36.242.103]) by above.proper.com (8.12.11/8.12.9) with ESMTP id i4OFP6TX068057 for ; Mon, 24 May 2004 08:25:07 -0700 (PDT) (envelope-from rstory@freesnmp.com) Received: from localhost ([127.0.0.1] helo=media) by hosting.revelstone.com with smtp (Exim 4.34) id 1BSHK1-000438-Da; Mon, 24 May 2004 11:25:01 -0400 Date: Mon, 24 May 2004 11:25:01 -0400 From: Robert Story To: Yacine.El_Mghazli@alcatel.fr Cc: ipsec-policy@vpnc.org, baerm@tislabs.com, hardaker@tislabs.com, cliffwang2000@yahoo.com, rafa@dif.um.es Subject: Re: SPD-MIB MAX-ACCESS question Message-Id: <20040524112501.7a4dd980@media> In-Reply-To: <40B1B345.6000208@alcatel.fr> References: <40B1B345.6000208@alcatel.fr> X-Mailer: Sylpheed version 0.9.8claws (GTK+ 1.2.10; i386-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - hosting.revelstone.com X-AntiAbuse: Original Domain - vpnc.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - freesnmp.com Sender: owner-ipsec-policy@mail.vpnc.org Precedence: bulk List-Archive: List-ID: List-Unsubscribe: Content-Transfer-Encoding: 7bit On Mon, 24 May 2004 10:33:09 +0200 Yacine.El_Mghazli@alcatel.fr wrote: YEF> we noticed the spdIpHeaderFilter table has a MAX-ACCESS = YEF> "not-accesible". then how to create such a filter row ? All Table OIDs are not-accessible, as are the corresponding Entry OIDs. You can't manipulate (SNMPGET/SNMPSET) a Table or Entry, you must manipulate the columns. The columns in the spdIpHeaderFilter are read-create. -- Robert Story; NET-SNMP Junkie You are lost in a twisty maze of little standards, all different. From rev_morgan@voila.fr Tue May 25 20:47:04 2004 Received: from abc191236.com ([195.166.237.40]) by ietf.org (8.9.1a/8.9.1a) with SMTP id UAA10512 for ; Tue, 25 May 2004 20:46:48 -0400 (EDT) Message-Id: <200405260046.UAA10512@ietf.org> From: "Rev James Morgan" Reply-To: rev_morgan01@yahoo.com Date: Wed, 26 May 2004 01:48:43 -0700 Subject: THIS IS VERY IMPORTANT !! X-Mailer: Microsoft Outlook Express 6.00.2600.0000 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Transfer-Encoding: quoted-printable Dear Friend=2C I am Rev=2E James Morgan 65 years old citizen of Florida=2E Presently=2C i am catholic Archbishop in South Africa=2E Ever since=2C i have been helping the Orphans in the Orphanage=2FMotherless homes across some few Africa countries=2E I have donated some money to Orphanage in Sudan=2C Mozambique=2C South Africa=2C and Liberia with the little God has given me=2E But it is sad to let you know that=2C i became ill recently from Cancer of the liver=2E Before i got ill=2C i had sent some money amounting to Four Million Two Hundred Thousand US Dollars =28$4=2E2M=29 to a security and financial company in Northern America =28CANADA=29 the fund is safe=2E I have been using the company for over Ten years now=2E I am presently in the hospital with little hope of survival=2E Please if you can stand as my Next of Kin to this funds=2C kindly reply me along with your details=3A Name=3A Address=3A Tel=3A to enable me forward a letter of nominee to the said security company where the funds is been kept for further disbursement=2E so that i can make you my next of Kin and furnish you with more details on how the funds will be claimed by you from the financial company=2EThereafter=2C i will also give you instruction on how the funds will be distributed among the Orphanage homes in your country=2E In return=2C i am offering you 15% of the total sum =28$4=2E2M=29=2C while extra 5% shall be set aside for all expenses incured by you during the process of claim=2E My Lord has already told me that=2C i will find a trustworthy person who can carry out this soul surviving transaction=2E May the Almighty God bless and protect your family=2E Thank you=2C Rev=2E James Morgan=2E