<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <br>
    Is the behavior documented anywhere?<br>
    <br>
    Thanks,<br>
    Jafar<br>
    <br>
    <div class="moz-cite-prefix">On 10/5/2017 11:24 AM, Jafar
      Al-Gharaibeh wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:4fba1d91-3ecd-cb43-b356-bf3d20d3a956@atcorp.com">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      Hi,<br>
      <br>
          I know that the most specific rule is applied a given traffic
      if multiple overlapping rules exist. But How is the priority
      determined when rules are specific in different ways Like the
      cases below. Not sure if this is a strongSwan question or a OS
      Kernel question  as it seems this is more of how the Linux  kernel
      handles it for example, but I hope someone here can shed some
      light on this subject.<br>
      <p class="MsoListParagraphCxSpMiddle"
        style="margin-left:1.5in;mso-add-space:
        auto;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l0
        level3 lfo1"><span
          style="mso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin"><span
            style="mso-list:Ignore">Example 1: <br>
          </span></span></p>
      Connection 1 :<br>
                          rightsubnet=10.0.0.1/32<br>
      <br>
      Connection 2 :<br>
                           rightsubnet=10.0.0.0/24[udp]
      <p class="MsoListParagraphCxSpMiddle"
        style="margin-left:1.5in;mso-add-space:
        auto;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l0
        level3 lfo1">If a udp packet is going to 10.0.0.1, which
        connection config will be use? Does the priority starts with
        subnet where the most specific subnet takes precedence before
        moving to protocols/ports?</p>
      <p class="MsoListParagraphCxSpMiddle"
        style="margin-left:1.5in;mso-add-space:
        auto;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l0
        level3 lfo1">What is the priority between the protocols and
        ports themselves? <br>
      </p>
      <p class="MsoListParagraphCxSpMiddle"
        style="margin-left:1.5in;mso-add-space:
        auto;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l0
        level3 lfo1"><br>
      </p>
      <p class="MsoListParagraphCxSpMiddle"
        style="margin-left:1.5in;mso-add-space:
        auto;text-indent:-1.5in;mso-text-indent-alt:-9.0pt;mso-list:l0
        level3 lfo1">Example 2:</p>
      Connection 1 :   <br>
                          leftsubnet=10.0.0.1/32<br>
                          rightsubnet=192.168.0.0/24<br>
       <br>
      Connection 2 :     <br>
                          leftsubnet=10.0.0.0/24<br>
                          rightsubnet=192.168.0.1/32<br>
      <br>
      For a packet going from 10.0.0.1 to 192.168.0.1,  based on the
      source connection 1 has higher priority, but based on the
      destination connection 2 has a higher priority. How is this
      handled?<br>
      <br>
      Regards,<br>
      Jafar<br>
       <br>
      <br>
    </blockquote>
    <br>
  </body>
</html>