Hosting Provided By

Re: linux-ipsec: Latest IPsec and connecting two IP networks.... :-(

From: Henry Spencer <henry(at)spsystems.net>
Date: Tue Sep 01 1998 - 15:58:47 EDT

> Sep 1 21:27:40 sydney kernel: ahhmacmd5_init: incorrect key size: 56 --

Okay, we found what's going on here. There was a bug in the spi command (a complicated expression that got bitten by C's precedence rules), which fouled up memory allocation and generally made a mess of things in --ah. Fixed; updated snapshot is on its way to xs4all as I write this.

As mentioned earlier, you probably just want to use ESP's authentication and forget AH... but we're glad you didn't, since it led us to find this!

There is at least one more bug in using AH and ESP together, but we're not sure yet where it is -- it may be a Pluto problem and not something you'd run into with hand-keying.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

Received on Tue Sep 1 16:00:21 1998

This message: [ Message body ]
Next message: Henry Spencer: "Re: linux-ipsec: Phase II PFS"
In reply to: David Sainty: "Re: linux-ipsec: Latest IPsec and connecting two IP networks.... :-("
In reply to Henry Spencer: "Re: linux-ipsec: Latest IPsec and connecting two IP networks.... :-("

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:26 EDT