Henner Eisen wrote:
>
> >>>>> "Brian" == Brian 'brian' Medley <bmedley@engr.uark.edu> writes:
> Brian> This encryption takes place in a modified hard_start_xmit.
> Brian> In our modified function the data field is encrypted and
> Brian> then the original hard_start_xmit is called. We have it
> Brian> working with a simple XOR encryption, but this is kind of
> Brian> silly.
>
> Brian> We have run into a problem when the useful encryption
> Brian> routines increase the size of the data field in the sk_buff
> Brian> beyond the maximum allowed packet size. (BTW, what does sk
> Brian> stand for?) There are two methods we can think of to
> Brian> handle this:
> Brian> a) Limit the size of any sk_buffs created.
> Brian> b) Split the sk_buffs up.
You may want to look at the FreeS/WAN code which does IPSEC network
encryption for Linux:
and/or at the mailing list archive for it, which include extensive
discussion of various complications encountered in interactions
between adding encryption headers, changed packet sizes, path MTU
discovery, ICMP, packet filtering, ...
http://www.sandelman.ottawa.on.ca/linux-ipsec/
There are also half a dozen other projects doing more-or-less similar
things. Links to all the ones I know of are in FreeS/WAN docs:
http://www.freeswan.org/freeswan_trees/freeswan-1.3/doc/WWWref.html#alternatives
Send me a link for yours if it is far enough along.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Mar 15 2000 - 21:00:19 EST