Re: [NAT-T] NON-IKE encapsulation

netdev

Re: [NAT-T] NON-IKE encapsulation

To:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject:	Re: [NAT-T] NON-IKE encapsulation
From:	"David S. Miller" <davem@xxxxxxxxxx>
Date:	Fri, 25 Jun 2004 10:12:31 -0700
Cc:	agruen@xxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<20040624123603.GA1241@gondor.apana.org.au>
References:	<20040624123603.GA1241@gondor.apana.org.au>
Sender:	netdev-bounce@xxxxxxxxxxx

On Thu, 24 Jun 2004 22:36:03 +1000
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> I'm having trouble understanding why we need to increase alen by
> two bytes for NON-IKE.  As far as I can see it's adding two bytes
> of random data to the end of the packet.  Is there something
> obvious that I'm missing?

I now think it's trying to account for the udpdata32[] header area.
But that's not 2 bytes, it's (2 * sizeof(u32)) or 8 bytes.

The ESP added headers amount to esp->auth.icv_trunc_len + 8 in
this case, so changing the "alen += 2;" into "alen += 8;" seems
more appropriate.

What do you think Herbert?  Does it make sense now?

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[NAT-T] NON-IKE encapsulation, Herbert Xu Re: [NAT-T] NON-IKE encapsulation, David S. Miller Re: [NAT-T] NON-IKE encapsulation, Herbert Xu Re: [NAT-T] NON-IKE encapsulation, David S. Miller <= Re: [NAT-T] NON-IKE encapsulation, Herbert Xu Re: [NAT-T] NON-IKE encapsulation, David S. Miller Re: [NAT-T] NON-IKE encapsulation, Andreas Gruenbacher Re: [NAT-T] NON-IKE encapsulation, David S. Miller Re: [NAT-T] NON-IKE encapsulation, Andreas Gruenbacher Re: [NAT-T] NON-IKE encapsulation, Herbert Xu

Previous by Date:	Re: TCP congestion control article, David S. Miller
Next by Date:	Re: [UDP] Check encap_type at config time, David S. Miller
Previous by Thread:	Re: [NAT-T] NON-IKE encapsulation, Herbert Xu
Next by Thread:	Re: [NAT-T] NON-IKE encapsulation, Herbert Xu
Indexes:	[Date] [Thread] [Top] [All Lists]