miradham
Reputation: 2355
ipsec encryption support in linux: SADB_EALG_NONE vs SADB_EALG_NULL
In linux/pfkeyv2.h I can see following values:
#define SADB_EALG_NONE 0
...
#define SADB_EALG_NULL 11
Anyone can explain what is the difference between those values and how specifying those values in sadb_sa.sadb_sa_encrypt would affect ipsec encryption?
Upvotes: 1
Views: 80
Answers (1)
ecdsa
Reputation: 542
SADB_EALG_NONE is used to indicate that no encryption applies for an SA, while SADB_EALG_NULL signifies the NULL encryption algorithm as specified in RFC 2410. As stated in RFC 2367, section 3.5 the former must only be used if no encryption can apply for an SA (e.g. for AH), the latter may be used for ESP SAs and can be negotiated via IKE.
Upvotes: 2
Related Questions
- Ipsec (strongswan) vpn not working properly with ubuntu 19.04 as client?
- ipsec open source for linux
- IPSec tunnel between Cisco ASA and and Linux IPSec (racoon) stops working
- IPsec in practice in Java
- IPsec tunnel on CentOs
- Linux IPSec Transport Mode with just AH
- Android Encryption Supported Over IPSec
- OPENSSL vs IPSEC
- IPsec in Linux kernel - how to figure out what's going on
- Programming a VPN, Authontication stage - RFC not clear enough