On Jul 27, 2020, at 05:28, Steffen Klassert <steffen.klass...@secunet.com> wrote: > > >> >> This patch changes that behavior, so that only properly-formed non-ESP >> messages are passed to userspace. Messages of 8 bytes or less that >> don't contain a full non-ESP prefix followed by some data (at least >> one byte) will be dropped and counted as XfrmInHdrError. > > I'm ok with that change. But it affects userspace, so the *swan > people have to tell if that's ok for them.
Libreswan is okay with this, we actually discussed this with Sabrina as a result of the TCP work where she noticed the difference. Paul
