[Openswan dev] Re: [Openswan Users]
Michael Richardson
mcr at xelerance.com
Wed Jan 4 15:15:57 CET 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
>> We set the UDP checksum to 0 on NAT-T packets. UDP checksum is a waste
>> of time, when we have the HMAC to authenticate the data.
Paul> but doesn't that make the packet 'invalid' to any router that
Paul> might check the checksum? What do the RFCs say? When should
Paul> you do checksum verification?
UDP.CHECKSUM=0 means don't do UDP checksums.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBQ7ws+YCLcPvd0N1lAQKKVggAgZkMlmArzwkpgPGw7xS0UJooNOlIdsf5
pinTVNe5DJoh56sFNNmJUyxFopqWusNHi4otsuGOUJc4KLkHbxqeoXxO/XzMuiF1
ndDQNJvwsqcG+vyrS36O+dcp75cUlKOOpsvSuzXrrqrIODC193CT7Z2en9JHI/lD
q3NQefRQhFnA4Syex4xr7iZUgEnbHwy6mryK1Ta2QNsMa3PWDHeTzDJYpM5NKMAz
WDDVSAIla+yy0If6i3PQoaPcRI0w4/7Q1DYSgrfWxGucGgOLXd98PrXlJLYaw7G+
rUHyR5utEaPJJGqf1DEil0NBWMccst4qmptwqixdjIOiV6JVJAspxg==
=x4RY
-----END PGP SIGNATURE-----
More information about the Dev
mailing list