From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 21 06:43:14 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E726C37B401 for ; Mon, 21 Apr 2003 06:43:13 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCCEE43FB1 for ; Mon, 21 Apr 2003 06:43:12 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.nectar.cc (Postfix) with ESMTP id 520894D; Mon, 21 Apr 2003 08:43:12 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id A499C78C66; Mon, 21 Apr 2003 08:43:11 -0500 (CDT) Date: Mon, 21 Apr 2003 08:43:11 -0500 From: "Jacques A. Vidrine" To: cjclark@alum.mit.edu Message-ID: <20030421134311.GD61593@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , cjclark@alum.mit.edu, Lars Eggert , freebsd-hackers@FreeBSD.org References: <20030410161511.GA25681@madman.celabo.org> <20030416052335.GA2519@blossom.cjclark.org> <20030416123621.GC72501@madman.celabo.org> <20030420165538.GA31101@madman.celabo.org> <3EA2D6F5.4060209@isi.edu> <20030420232614.GA41554@madman.celabo.org> <20030421010025.GB99917@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030421010025.GB99917@blossom.cjclark.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 cc: freebsd-hackers@FreeBSD.org cc: Lars Eggert Subject: Re: Single IP host and IPsec tunnel mode experience X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2003 13:43:14 -0000 On Sun, Apr 20, 2003 at 06:00:25PM -0700, Crist J. Clark wrote: > It's easy to see what's going on in ESP when you define the encryption > algorithm as the NULL algorithm. Ah, good idea. Why didn't I think of that? :-) > Although I admit it took me a while > to figure out that NULL encryption in the setkey(8) syntax is the > "simple" algorithm. > > In fact, would anyone object to, > > Index: setkey.8 > =================================================================== > RCS file: /export/freebsd/ncvs/src/usr.sbin/setkey/setkey.8,v > retrieving revision 1.24 > diff -u -r1.24 setkey.8 > --- setkey.8 1 Jan 2003 18:49:03 -0000 1.24 > +++ setkey.8 21 Apr 2003 00:41:50 -0000 > @@ -563,7 +563,7 @@ > algorithm keylen (bits) comment > des-cbc 64 esp-old: rfc1829, esp: rfc2405 > 3des-cbc 192 rfc2451 > -simple 0 to 2048 rfc2410 > +null-enc 0 to 2048 rfc2410 > blowfish-cbc 40 to 448 rfc2451 > cast128-cbc 40 to 128 rfc2451 > des-deriv 64 ipsec-ciph-des-derived-01 (expired) > Index: token.l > =================================================================== > RCS file: /export/freebsd/ncvs/src/usr.sbin/setkey/token.l,v > retrieving revision 1.5 > diff -u -r1.5 token.l > --- token.l 11 Jun 2001 12:39:28 -0000 1.5 > +++ token.l 21 Apr 2003 00:39:41 -0000 > @@ -176,6 +176,7 @@ > {hyphen}E { PREPROC; return(F_ENC); } > des-cbc { PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC); } > 3des-cbc { PREPROC; yylval.num = SADB_EALG_3DESCBC; return(ALG_ENC); } > +null-enc { PREPROC; yylval.num = SADB_EALG_NULL; return(ALG_ENC); } > simple { PREPROC; yylval.num = SADB_EALG_NULL; return(ALG_ENC); } > blowfish-cbc { PREPROC; yylval.num = SADB_X_EALG_BLOWFISHCBC; return(ALG_ENC); } > cast128-cbc { PREPROC; yylval.num = SADB_X_EALG_CAST128CBC; return(ALG_ENC); } > > The KAME stuff isn't on a vendor branch, not in a contrib/, and not > listed in MAINTAINERS. I guess it's OK to make minor changes/bug fixes > locally? I did file a PR with KAME for this too. Well I wouldn't mind. FWIW, racoon calls it `null_enc' (rather than `simple'). ume & sumikawa appear to be the best folks to treat as maintainers of setkey(8), if anyone. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se