= Сообщение: 2874 из 10763 ===================================== RU.UNIX.BSD = От : Victor Sudakov 2:5005/49 27 Apr 15 17:34:54 Кому : Serguei E. Leontiev 27 Apr 15 17:34:54 Тема : setkey FGHI : area://RU.UNIX.BSD?msgid=2:5005/49+553e1f02 На : area://RU.UNIX.BSD?msgid=<1187500685@lnfm1.sai.msu.ru>+bfc634d6 = Кодировка сообщения определена как: CP866 ================================== ============================================================================== Dear Serguei,
18 Apr 15 01:12, you wrote to me:
SL> The SPD is an ordered database, consistent with the use of Access SL> Control Lists (ACLs) or packet filters in firewalls, routers, etc. SL> The ordering requirement arises because entries often will overlap SL> due to the presence of (non-trivial) ranges as values for SL> selectors. SL> Thus, a user or administrator MUST be able to order the entries to SL> express a desired access control policy. There is no way to impose SL> a SL> general, canonical order on SPD entries, because of the allowed use SL> of wildcards for selector values and because the different types of SL> selectors are not hierarchically related.
SL> Вряд ли реализация отличается от стандарта, т.к. наличие политик SL> discard/none/ipsec, селектора протокола верхнего уровня и порта делает SL> невозможным однозначный выбор "наиболее специфичного правила".