Re: [NAT-T] NON-IKE encapsulation

[NAT-T] NON-IKE encapsulation · Herbert Xu <herbert@gondor.apana.org.au> · 2004-06-24
Re: [NAT-T] NON-IKE encapsulation · David S. Miller <hidden> · 2004-06-24
Re: [NAT-T] NON-IKE encapsulation · Herbert Xu <herbert@gondor.apana.org.au> · 2004-06-24
Re: [NAT-T] NON-IKE encapsulation · David S. Miller <hidden> · 2004-06-25
Re: [NAT-T] NON-IKE encapsulation · Herbert Xu <herbert@gondor.apana.org.au> · 2004-06-25
Re: [NAT-T] NON-IKE encapsulation · David S. Miller <hidden> · 2004-06-25
Re: [NAT-T] NON-IKE encapsulation · Andreas Gruenbacher <hidden> · 2004-06-25
Re: [NAT-T] NON-IKE encapsulation · David S. Miller <hidden> · 2004-06-25
Re: [NAT-T] NON-IKE encapsulation · Andreas Gruenbacher <hidden> · 2004-06-25
Re: [NAT-T] NON-IKE encapsulation · Herbert Xu <herbert@gondor.apana.org.au> · 2004-06-26

From: David S. Miller <hidden>
Date: 2004-06-25 17:12:31

On Thu, 24 Jun 2004 22:36:03 +1000
Herbert Xu [off-list ref] wrote:

I'm having trouble understanding why we need to increase alen by
two bytes for NON-IKE.  As far as I can see it's adding two bytes
of random data to the end of the packet.  Is there something
obvious that I'm missing?

I now think it's trying to account for the udpdata32[] header area.
But that's not 2 bytes, it's (2 * sizeof(u32)) or 8 bytes.

The ESP added headers amount to esp->auth.icv_trunc_len + 8 in
this case, so changing the "alen += 2;" into "alen += 8;" seems
more appropriate.

What do you think Herbert?  Does it make sense now?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help