On Wed, Jun 15, 2016 at 12:44:54AM +, Blair Steven wrote:
> The restoration is happening - but being actioned on the wrong location.
>
> The destination IP address is being saved and restored, and the SPI
> being written directly after the destination IP address. From my
> understanding thou
The restoration is happening - but being actioned on the wrong location.
The destination IP address is being saved and restored, and the SPI
being written directly after the destination IP address. From my
understanding though, the ESN shuffling should have saved and restored
the UDP source / d
On Mon, Jun 13, 2016 at 11:48:13AM +1200, Blair Steven wrote:
>
> During testing we have discovered an issue with IPsec NAT-T where the SPI
> is over writing the source and dest ports of the UDP header.
The headers should be restored after the crypto operation in
esp_restore_header(). Does this
During testing we have discovered an issue with IPsec NAT-T where the SPI
is over writing the source and dest ports of the UDP header. I'm not
super familiar with this code, but I've found a solution that seems
to work in my setup.
I'd like some feedback on this please, if it's the right thing to
