On Wednesday 2012-08-08 14:25, Arif Hossain wrote: > >I've come across many "CRYPT" or similar target patches will encrypt UDP >or TCP traffic. And they are mostly pointless.. >1. A simple XOR target(-j XOR --key) >http://lists.netfilter.org/pipermail/netfilter-devel/2003-May/011532.html XOR is not really an encryption. >2. A more robust ENCRYPT/DECRYPT target which will use full crypto api >of linux kernel: >http://0pointer.de/lennart/projects/seppl/ >"IPSEC/FreeSwan is extremely complicated to use. Due to its strange routing >scheme it is nearly impossible to use together with routing daemons. IPSEC is >heavyweight." Complicated? No, not at all. http://inai.de/2008/02/24 Heavyweight? Neither. The RSS is ~5 MB, most of which is pretty much glibc anyway. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
