On Mon, 05 Jul 2004 10:17:00 +0900 Ueki Kohei <ueki.kohei@jp.fujitsu.com> wrote: > I found the bug in IPv6 of linux kernel2.6.7. > > The ESP ICV length for HMAC-SHA2-256 algorithm should not be 96 bits, > but should be 128 bits. > As a result, the payload of the IPv6 packet which contains an ESP-header > of the HMAC-SHA2-256 algorithm becomes a wrong content. It should be 96 bits and this matches every other implementation including SuperFreeS/WAN and FreeBSD. Please see this posting: http://marc.theaimsgroup.com/?l=linux-netdev&m=107363842632237&w=2 The file revision history for net/xfrm/xfrm_algo.c also shows that the value 96 is intentional. In fact, the most recent change to that file was to change it from 128 to 96. This fix was made by Michal Ludvig (CC:'d) - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
