>>>>> "itojun" == itojun <[EMAIL PROTECTED]> writes:
>>> We do not remove the trailing authentication data before doing the
>>> next header/pad processing. The result is garbage.
>> I thought I fixed this (if we're talking about the same thing) in
>> late August, at least for IPv4. I guess I'd better go double-check
>> if I ever committed it.
itojun> I don't think you can fix it, unless you know that there's
itojun> authentication data (or there's no authentication data), before you
itojun> start looking at the packet. authentication data may or may
itojun> not be
I encoded this into the cipher algo's name.
-hmac96 to indicate 96 bits of cipher data.
Providing the authentication key along with the cipher key is doable in the
code, but isn't done.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
