| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Apr 2007 15:07:34 +0200 From: Patrick McHardy <kaber@...sh.net> To: DiegoB <diego.beltrami@...t.fi> CC: Kernel Netdev Mailing List <netdev@...r.kernel.org>, Herbert Xu <herbert@...dor.apana.org.au>, Miika Komu <miika@....fi> Subject: Re: [XFRM]: Optimize MTU calculation DiegoB wrote: > Patrick McHardy wrote: > >> I've updated my IPsec MTU optimization patch I've posted a couple >> of month ago to net-2.6.22 and added the further optimization >> suggested by Herbert to account for the space lost due to alignment >> in the room reserved for IP options in transport mode. >> >> Tested with IPv4 and IPv6 in tunnel and transport mode. Beet mode >> is untested since no keying daemon seems to support it. > > > Actually for BEET mode you can check the following: > > http://hipl.hiit.fi/ > http://www.openhip.org/ > http://www.hip4inter.net/ Thanks for the pointers, I'm using manual keying for testing now. It took me a while to properly set it up though since I wasn't expecting that I need to specify a selector for the inbound SA. Is there a reason for not using x->props.saddr/x->id.daddr during inbound processing as on the output side? draft-nikander-esp-beet-mode-06.txt states ".. MUST contain the outer source and destination addresses, as defined in the SA" for both inbound and outbound processing, so I think it would be easier to handle this symetrical. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists