Thor Lancelot Simon wrote:
ESP requires a random-number generator with cryptographic quality. I'm not sure we can provide that in the limited environment of the kernel debugger.IPKDB used a custom MD5-based packet hash for "security". I actually think it would probably be very easy to support a single IPsec ESP security association instead. The hair with IPsec is all with key negotiation. Don't bother, and don't do some things like replay protection, and ESP is a very simple, compact little shim layer on IP.
-- Jordan Gordeev