I was trying to follow the example for IPsec transport mode at http://www.ipsec-howto.org/x304.html with a 4.1 kernel, and I find that using 3des_cbc does not work - packets get dropped at the receiver after decryption: e.g., for a ping, the decrypted packet has a mangled icmp header, and is dropped for a bad checksum in icmp_rcv. Odd thing here is that the icmp payload was never mangled on my watch, and esp_input does correctly figure out the ULP of the payload after decrypt, so there is some pattern to this. Using blowfish instead of 3des works on 4.1, so I suspect the bug is specific to the encrypt/decrypt method. FWIW I tried the 3des instructions from ipsec-howto.org with 2.6.39 kernels, and it still fails (but so did blowfish, so something got better along the way). Has anyone else noticed this behavior for 3des? --Sowmini -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
