Hello!
> Problem #1: AH/ESP Tunnel mode input [IP-outer][AH][ESP][IP-inner]
>
> When processing the input in xfrm4_rcv in xfrm_input.c, a check
> is made after processing the AH header to determine if the policy
> specified tunnel mode. If tunnel mode was specified, then a
> check is made to see if the next header is an IP header. If it
> is not an IP header then the packet is dropped. However, if
> ESP tunnel mode has also been applied to the packet the next
> header will be the ESP header which must first be decrypted.
If you make this you want to get:
AH - IPIP - ESP - IPIP.
> Problem #2: AH/ESP Tunnel mode output [IP-outer][AH][ESP][IP-inner]
>
> When creating the output for an AH header in ah_output of ah.c,
> a check is made to see if the policy specified tunnel mode. If
> tunnel mode is specified, then an IPIP header is added after the AH
> header.
The same as above.
> Problem #3: RFC 2401 order of AH and ESP headers
>
> According to RFC 2401, if both AH and ESP headers are to be
> applied in transport mode,
It is not kernel problem and even not a problem of setkey, we allow to apply
arbitrary transformations in arbitrary order.
Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Feb 23 2003 - 22:00:19 EST