Date: Mon, 21 Apr 2003 08:43:11 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: cjclark@alum.mit.edu Cc: Lars Eggert <larse@ISI.EDU> Subject: Re: Single IP host and IPsec tunnel mode experience Message-ID: <20030421134311.GD61593@madman.celabo.org> In-Reply-To: <20030421010025.GB99917@blossom.cjclark.org> References: <20030410161511.GA25681@madman.celabo.org> <20030416052335.GA2519@blossom.cjclark.org> <20030416123621.GC72501@madman.celabo.org> <20030420165538.GA31101@madman.celabo.org> <3EA2D6F5.4060209@isi.edu> <20030420232614.GA41554@madman.celabo.org> <20030421010025.GB99917@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 20, 2003 at 06:00:25PM -0700, Crist J. Clark wrote: > It's easy to see what's going on in ESP when you define the encryption > algorithm as the NULL algorithm. Ah, good idea. Why didn't I think of that? :-) > Although I admit it took me a while > to figure out that NULL encryption in the setkey(8) syntax is the > "simple" algorithm. > > In fact, would anyone object to, > > Index: setkey.8 > =================================================================== > RCS file: /export/freebsd/ncvs/src/usr.sbin/setkey/setkey.8,v > retrieving revision 1.24 > diff -u -r1.24 setkey.8 > --- setkey.8 1 Jan 2003 18:49:03 -0000 1.24 > +++ setkey.8 21 Apr 2003 00:41:50 -0000 > @@ -563,7 +563,7 @@ > algorithm keylen (bits) comment > des-cbc 64 esp-old: rfc1829, esp: rfc2405 > 3des-cbc 192 rfc2451 > -simple 0 to 2048 rfc2410 > +null-enc 0 to 2048 rfc2410 > blowfish-cbc 40 to 448 rfc2451 > cast128-cbc 40 to 128 rfc2451 > des-deriv 64 ipsec-ciph-des-derived-01 (expired) > Index: token.l > =================================================================== > RCS file: /export/freebsd/ncvs/src/usr.sbin/setkey/token.l,v > retrieving revision 1.5 > diff -u -r1.5 token.l > --- token.l 11 Jun 2001 12:39:28 -0000 1.5 > +++ token.l 21 Apr 2003 00:39:41 -0000 > @@ -176,6 +176,7 @@ > {hyphen}E { PREPROC; return(F_ENC); } > des-cbc { PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC); } > 3des-cbc { PREPROC; yylval.num = SADB_EALG_3DESCBC; return(ALG_ENC); } > +null-enc { PREPROC; yylval.num = SADB_EALG_NULL; return(ALG_ENC); } > simple { PREPROC; yylval.num = SADB_EALG_NULL; return(ALG_ENC); } > blowfish-cbc { PREPROC; yylval.num = SADB_X_EALG_BLOWFISHCBC; return(ALG_ENC); } > cast128-cbc { PREPROC; yylval.num = SADB_X_EALG_CAST128CBC; return(ALG_ENC); } > > The KAME stuff isn't on a vendor branch, not in a contrib/, and not > listed in MAINTAINERS. I guess it's OK to make minor changes/bug fixes > locally? I did file a PR with KAME for this too. Well I wouldn't mind. FWIW, racoon calls it `null_enc' (rather than `simple'). ume & sumikawa appear to be the best folks to treat as maintainers of setkey(8), if anyone. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030421134311.GD61593>