[Swan] using esp=null, auth=null for testing/devel..
Paul Wouters
paul at nohats.ca
Fri Sep 1 14:32:20 UTC 2017
On Thu, 31 Aug 2017, Sowmini Varadhan wrote:
> I'd like to set up both esp and auth to NULL to test some kernel
> code (for perf, so want to eliminate the cost of crypto).
>
> with older swan packages, I was able to use the syntax "esp=null-null"
> for this, but with libreswan-3.15-7.3.0.1.el6.x86_64, the only syntax
> that is accepted in my tunnel .conf file is "esp=null", and this
> leaves me with the following in the output of "ip x s"
> :
> proto esp spi 0x53b065c6 reqid 16389 mode transport
> replay-window 32
> auth-trunc hmac(md5) 0xd374a491490abf161152bef3108816c8 96
> enc ecb(cipher_null)
> :
>
> is there some way I can set the auth-trunc to null too?
Not currently. I would also not want to support this in regular
operation, so if we want to support this, it should go via a
pluto --impair-XXX option so that no one can do this in production
by accident.
Paul
More information about the Swan
mailing list