[Openswan dev] Re: [Openswan Users]

Michael Richardson mcr at xelerance.com
Wed Jan 4 15:15:57 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
    >> We set the UDP checksum to 0 on NAT-T packets. UDP checksum is a waste
    >> of time, when we have the HMAC to authenticate the data.

    Paul> but doesn't that make the packet 'invalid' to any router that
    Paul> might check the checksum? What do the RFCs say? When should
    Paul> you do checksum verification? 

  UDP.CHECKSUM=0 means don't do UDP checksums.

- -- 
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBQ7ws+YCLcPvd0N1lAQKKVggAgZkMlmArzwkpgPGw7xS0UJooNOlIdsf5
pinTVNe5DJoh56sFNNmJUyxFopqWusNHi4otsuGOUJc4KLkHbxqeoXxO/XzMuiF1
ndDQNJvwsqcG+vyrS36O+dcp75cUlKOOpsvSuzXrrqrIODC193CT7Z2en9JHI/lD
q3NQefRQhFnA4Syex4xr7iZUgEnbHwy6mryK1Ta2QNsMa3PWDHeTzDJYpM5NKMAz
WDDVSAIla+yy0If6i3PQoaPcRI0w4/7Q1DYSgrfWxGucGgOLXd98PrXlJLYaw7G+
rUHyR5utEaPJJGqf1DEil0NBWMccst4qmptwqixdjIOiV6JVJAspxg==
=x4RY
-----END PGP SIGNATURE-----


More information about the Dev mailing list