ipsec encryption support in linux: SADB_EALG_NONE vs SADB_EALG_NULL

Question

In linux/pfkeyv2.h I can see following values:

#define SADB_EALG_NONE          0
...
#define SADB_EALG_NULL          11

Anyone can explain what is the difference between those values and how specifying those values in sadb_sa.sadb_sa_encrypt would affect ipsec encryption?

score 2 · Accepted Answer · edited Oct 07 '21 at 11:02

2

SADB_EALG_NONE is used to indicate that no encryption applies for an SA, while SADB_EALG_NULL signifies the NULL encryption algorithm as specified in RFC 2410. As stated in RFC 2367, section 3.5 the former must only be used if no encryption can apply for an SA (e.g. for AH), the latter may be used for ESP SAs and can be negotiated via IKE.

edited Oct 07 '21 at 11:02

Community

1
1

answered Dec 27 '17 at 09:29

ecdsa

542
3
12

what would be null encryption for windows then? as per [this page](https://msdn.microsoft.com/en-us/library/windows/desktop/aa366296(v=vs.85).aspx) it does not provide null cipher – miradham Dec 28 '17 at 02:25

ipsec encryption support in linux: SADB_EALG_NONE vs SADB_EALG_NULL

1 Answers1