netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [NAT-T] NON-IKE encapsulation

from [Herbert Xu] [Permanent Link][Original]
To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: Re: [NAT-T] NON-IKE encapsulation
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 25 Jun 2004 07:41:37 +1000
Cc: agruen@xxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20040624124654.36b31815.davem@redhat.com>
References: <20040624123603.GA1241@gondor.apana.org.au> <20040624124654.36b31815.davem@redhat.com>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i 
On Thu, Jun 24, 2004 at 12:46:54PM -0700, David S. Miller wrote:
> 
> > I'm having trouble understanding why we need to increase alen by
> > two bytes for NON-IKE.  As far as I can see it's adding two bytes
> > of random data to the end of the packet.  Is there something
> > obvious that I'm missing?
> 
> It is intentional as far as I remember.  If it's any other length,
> then the other side implementing this non-IKE encap stuff won't
> accept the packet, it must be that length.

Which impelementation does that? The implementation in FreeS/WAN
certainly doesn't and it has talked to many commercial NAT-T
software using NON-IKE.

There is also nothing like this in the draft for NON-IKE.

Even if we do need this, we should fill those two bytes with some
data.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [no subject], mxrucwjlcmiw
Next by Date:  Re: [RFC] How to implement wccp over gre tunnel ?, Henrik Nordstrom
Previous by Thread:  Re: [NAT-T] NON-IKE encapsulation, David S. Miller
Next by Thread:  Re: [NAT-T] NON-IKE encapsulation, David S. Miller
Indexes:  [Date] [Thread] [Top] [All Lists]