From: mukesh.fkd@gmail.com (Mukesh Yadav)
To: kernelnewbies@lists.kernelnewbies.org
Subject: Reg: 16 unknown bytes in ESp packet(IPSEC)
Date: Thu, 26 Apr 2012 22:56:45 +0530 [thread overview]
Message-ID: <CACPS-PvC7+w3UjXx8fpC5QeVY3-WhB=kacwYKcPyY6w6v0yHow@mail.gmail.com> (raw)
Hi,
Not able to understand 16 byetes in ESP packet present after sequence no
and before Original IP header while doing tunnel mode Ipsec with ESP.
Details are as below.
I am trying to achieve Ipsec functionality using fast-path application
which will do encryption/decryption using some hardware(Cavium) specific
API.
This application will by-pass the IP layer of kernel..
Keys for start-up are pre-shared.
Communication is done between two machine A and B.
On Machine A running i386 linux, SA/SP database are updated using setkey
utility and packets is encrypted/decrypted using kernel Ipsec.
On Machine B Cavium h/w, keys are pre-shared to application performing
Ipsec functionlity...
Example:
M/c A configuration:
add 50.50.50.51 50.50.50.53 esp 15701 -E aes-cbc "0123456789abcdef";
spdadd 10.10.10.20 10.10.10.21 any -P out ipsec
esp/tunnel/50.50.50.51 50.50.50.53/require
I am able to decrypt received packets on machine B send by M/c A and send
encrypted packet to M/c A.
Issue:
1. Not able to find what are 16 bytes present after sequence no in ESP
header and before original IP header representing...
Decrypted Packet on machine B is like below
Ethernet header 14 bytes
Outer Ip header 20 bytes
ESP header SPI 4 bytes Seq no 4 bytes
Some data 16 bytes ???????
Original IP header 20 bytes
UDP header
Payload data
Padding
Pad lenght
Next Ip header
2. Packets send from machine B are encrypted and received as ESP packet on
machine A..
Not sure if decryption is happening fine...Seems packets are dropped at
IP layer.. Is there way to confirm if packet are decrypted fine by kernel
IPSEC...
Encrypted packet send by Machine B is having encrypted payload(of
original IP header plus data) after Sequence number of ESP header...
Seems 16 bytes mentioned above play role for successful decryption at
machine A running Linux IPSEC
Any Inputs for same will be appreciated for same
Cheers
Mukesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120426/5db0e83c/attachment.html
reply other threads:[~2012-04-26 17:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACPS-PvC7+w3UjXx8fpC5QeVY3-WhB=kacwYKcPyY6w6v0yHow@mail.gmail.com' \
--to=mukesh.fkd@gmail.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).