I've updated the AES encryption patch on my web page: http://www.arnor.net/encryptingbridge/index.html
The code has been cleaned up a bit, with better error checking. This fixes crashes I found during testing. Also, it has been rediffed against 2.4.19-pre8. The modified version of brctl has not changed. Now, the RFC: One of the things that's tricky about this patch is that it actually makes the ethernet frames a little bigger as they go through the bridge. The data has to be padded to have a length which is a multiple of 16 bytes before encrypting with AES. This is almost always not a problem, as the sk_buff's are usually allocated with enough spare space at the end. But for some packets (only small ones in my testing) there is not enough room at the end to pad the packet. I'm still learning how this works, but I'm afraid it may depend on the allocation strategy used by the underlying network card driver. As a workaround for now, I just pass these "unpaddable" packets through unencrypted. That works for my app for now, but is obviously not a real solution. I haven't decided the best approach to a proper fix, I suspect that modifying the alloc_skb() and dev_alloc_skb() routines to always ensure there's at least 16 bytes extra at the end of the buffer is the best way to go. Suggestions welcome... Torrey _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
