netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ESP] Only one algorithm is required

from [Herbert Xu] [Permanent Link][Original]
To: James Morris <jmorris@xxxxxxxxxx>
Subject: Re: [ESP] Only one algorithm is required
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Sun, 15 Aug 2004 05:56:39 +1000
Cc: "David S. Miller" <davem@xxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <20040814192412.GA24399@gondor.apana.org.au>
References: <20040814105245.GA20646@gondor.apana.org.au> <Xine.LNX.4.44.0408141012510.26617-100000@dhcp83-76.boston.redhat.com> <20040814192412.GA24399@gondor.apana.org.au>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040523i 
On Sun, Aug 15, 2004 at 05:24:12AM +1000, herbert wrote:
>
> > This is userland level policy and I don't think the kernel should be
> > enforcing this.
> 
> We should remove the ealg check altogether then?

Please disregard the esp alg check patch altogether.  It's comletely
bogus.

The way to get null algorithms through is to attach a non-null algorithm
with the name set to cipher_null/digest_null.

However, we should fix IPv6 to allow null authentication algorithms.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Attachment: p
Description: Text document

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: cvs commit'ed, Luis R. Rodriguez
Next by Date:  [PATCH 0/4]: Scalable HFSC, Patrick McHardy
Previous by Thread:  Re: [ESP] Only one algorithm is required, Herbert Xu
Next by Thread:  Re: [ESP] Only one algorithm is required, David S. Miller
Indexes:  [Date] [Thread] [Top] [All Lists]