[Openswan dev] [PATCH 0/2] ESP_NULL support for openswan-2.4.6
jjo-ipsec at mendoza.gov.ar
Wed Sep 27 17:03:02 EDT 2006
On Mon, Sep 25, 2006 at 12:59:50PM -0400, Michael Richardson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> >>>>> "JuanJo" == JuanJo Ciarlante <jjo-ipsec at mendoza.gov.ar> writes:
> JuanJo> It's been a looong time... nice to actually have something to
> JuanJo> contribute again :-)
> JuanJo> I made this patch for a coleague with the following scenario:
> JuanJo> 1) VoIP streams inside VPN (asterisks with private addressing)
> JuanJo> 2) Deployment migrating from openswan-1.x to openswan-2.x
> JuanJo> They were tunneling voip streams over esp=null-md5 SAs with
> JuanJo> BW usage between ~44-48kbps.
> While I'm not a fan of the non-standard nature of IAX2, I do
> understand the need for trunking. May I ask if this was SIP or IAX2?
np, I'll ask him and let you know.
> JuanJo> This is the main reason for ESP_NULL; with any current CBC cipher
> JuanJo> the ~12bytes space added (8 for IV + 4 statistically for padding)
> JuanJo> happens to be quite relevant for the ~90bytes VoIP datagram.
> I can understand this... I will accept your patches, if you'll write
> the test cases for them.
ughh... I miss that good'ol'times of nonQA devel :-S
I'll dig into testing/ and learn... the path starts there and under
docs/HACKING, right? (tips&tricks for the task pretty welcome ;)
# Juan Jose Ciarlante (JuanJo) jjo ;at; mendoza.gov.ar #
# GnuPG Public Key: gpg --keyserver wwwkeys.eu.pgp.net --recv-key 66727177 #
# Key fingerprint: 0D2F 3E5D 8B5C 729E 0560 F453 A3F7 E249 6672 7177 #
More information about the Dev