| To: | diego.beltrami@xxxxxxx |
|---|---|
| Subject: | Re: [Infrahip] Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux |
| From: | Pekka Nikander <pekka.nikander@xxxxxxxxxxxxxx> |
| Date: | Fri, 29 Jul 2005 17:45:24 +0200 |
| Cc: | herbert@xxxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, infrahip@xxxxxxx |
| In-reply-to: | <1122651216.25842.67.camel@odysse> |
| References: | <E1Dy6gb-00044G-00@gondolin.me.apana.org.au> <1122651216.25842.67.camel@odysse> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
Surely BEET will work also for AH with minor changes, even though we only tried the ESP encapsulation. I wouldn't be so sure. IIRC, tunnel mode is not specified for AH but for ESP only. Consequently, defining BEET mode for AH might be pretty tricky. OTOH, I don't know the linux IPsec implementation so that it might be possible to make BEET to "work" for AH, for some value of "work", but it probably would require some careful thinking to define the exact semantics, like what addresses (inner or outer) are covered by the AH integrity protection, what does the integrity protection really assert, etc. --Pekka |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux, Diego Beltrami |
|---|---|
| Next by Date: | RE: [PATCH 2.6.12.1 5/12] S2io: Performance improvements, Ravinandan Arakali |
| Previous by Thread: | Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux, Diego Beltrami |
| Next by Thread: | Re: [Infrahip] Re: [hipl-users] Re: [PATCH 2.6.12.2] XFRM: BEET IPsec mode for Linux, Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |