[Openswan dev] [PATCH 0/2] ESP_NULL support for openswan-2.4.6

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "JuanJo" == JuanJo Ciarlante <jjo-ipsec at mendoza.gov.ar> writes:
    JuanJo> It's been a looong time... nice to actually have something to
    JuanJo> contribute again :-)

    JuanJo> I made this patch for a coleague with the following scenario:
    JuanJo> 1) VoIP streams inside VPN (asterisks with private addressing)
    JuanJo> 2) Deployment migrating from openswan-1.x to openswan-2.x
    JuanJo> They were tunneling voip streams over esp=null-md5 SAs with
    JuanJo> BW usage between ~44-48kbps.

  While I'm not a fan of the non-standard nature of IAX2, I do
understand the need for trunking.  May I ask if this was SIP or IAX2?

    JuanJo> This is the main reason for ESP_NULL; with any current CBC cipher
    JuanJo> the ~12bytes space added (8 for IV + 4 statistically for padding)
    JuanJo> happens to be quite relevant for the ~90bytes VoIP datagram.

  I can understand this... I will accept your patches, if you'll write
the test cases for them.  

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRRgK/4CLcPvd0N1lAQKG5AgAiKlt7OuSuhdR0/rMbbzyXLlfeHHPz88/
0gfRlddeIRpDpBaJEAQXl9ofl7WXyuCGhyIdJv/7Chw5HNELVvDs0h4boe4uRHrN
pYjnNmXOuv9dIhYL6f3RaAtSPcdzUVc3Vp2KT6n4XSxlv2T4OtWsBM5yjA7MkX1b
RJsHC0q8Oc5evDD4WFtkKGBFHLC2WMT9LnnzRQDMf5OtgMMUdorYHnLlNclU9nZA
VzKnFmzAv+jTImrnDUTpalMj0ddjoHJshjKoz8bOj9AnylEWLb09G6wPpbyHYqTV
K50IQiXL92E1KaMn5guFUH9F7g4zVK/amHd/9tdVoAeRkhwnLFsghw==
=dwfo
-----END PGP SIGNATURE-----