In the company, we have some very efficient C implementations. They are small and their developers knew every bitshifting feature of C. But here you have sometimes a set of a few lines that look like that they make no sense. Others write "optimized for reading" and I prefere that. Some programmers optimize for source(!!) size, and I think that decreases the relialability.
That may very well be and there are differences in the number of lines per error between different coders, of course. But for every one of them, the number of errors made increases with the number of lines they write, and be it merely due to simple typos. That's what the rule says. It does not compare one coder to another or one language to another.
Hum, why UDP? IPSec uses protocol 50,51 IIRC.
Why not use UDP? What is the advantage of dedicated IP protocols in this context? Note that I'm not against either one, which you choose to use depends on design considerations.
Yes, why not use UDP, and why not use anything other. I don't think that this make a big difference.
Exactly. Yet you'd asked.
Well, for me it's the same if you implement a protocol into UDP payload or in another IP protocol. Well, UDP offers ports and some things, but if you do not need them, why use UDP?
Because it's already there and it's easy to code client and server components. There are more people that have experience writing UDP-capable software than that using ESP or AH. And you can't just invent a new IP protocol all by yourself.. Even if you could, it'd probably not be a very good idea. I'm not saying UDP is a better choice than ESP/AH, but for many coders, it's the better choice because it's something they have (at least some) experience with.
Having said all that, I don't know if I'd agree that you shouldn't use TCP to build tunnels. No reasons are given, unfortunately.
When you have protocols that do not need any packet, for instance a real-time monitor, then it's often better to drop packets (since they are obsoleted by successors) than to repeat them over wire and drop them in the target application. Well, same for video or voice streams. Better a short quality reduction as very high latency.
Yes, I know when UDP is favourable over TCP generally, I meant the VPN situation specifically. In the meantime the original poster has given reasons that I can agree with. And since a VPN strives to offer a virtual IP connection, it makes sense to use a connectionless transport mechanism, as IP doesn't provide connections either. Cheers Tobias