On Thu, 31 Aug 2017, Sowmini Varadhan wrote:
I'd like to set up both esp and auth to NULL to test some kernel code (for perf, so want to eliminate the cost of crypto).with older swan packages, I was able to use the syntax "esp=null-null" for this, but with libreswan-3.15-7.3.0.1.el6.x86_64, the only syntax that is accepted in my tunnel .conf file is "esp=null", and this leaves me with the following in the output of "ip x s" : proto esp spi 0x53b065c6 reqid 16389 mode transport replay-window 32 auth-trunc hmac(md5) 0xd374a491490abf161152bef3108816c8 96 enc ecb(cipher_null) : is there some way I can set the auth-trunc to null too?
Not currently. I would also not want to support this in regular operation, so if we want to support this, it should go via a pluto --impair-XXX option so that no one can do this in production by accident. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
