Reg: 16 unknown bytes in ESp packet(IPSEC)

kernelnewbies.kernelnewbies.org archive mirror
 help / color / mirror / Atom feed

* Reg: 16 unknown bytes in ESp packet(IPSEC)
@ 2012-04-26 17:26 Mukesh Yadav
  0 siblings, 0 replies; only message in thread
From: Mukesh Yadav @ 2012-04-26 17:26 UTC (permalink / raw)
  To: kernelnewbies

Hi,

Not able to understand 16 byetes in ESP packet present after sequence no
and before Original IP header while doing tunnel mode Ipsec with ESP.
Details are as below.

I am trying to achieve Ipsec functionality using fast-path application
which will do encryption/decryption using some hardware(Cavium) specific
API.
This application will by-pass the IP layer of kernel..
Keys for start-up are pre-shared.

Communication is done between two machine A and B.
On Machine A running i386 linux, SA/SP database are updated using setkey
utility and packets is encrypted/decrypted using kernel Ipsec.
On Machine B Cavium h/w, keys are pre-shared to application performing
Ipsec functionlity...

Example:
M/c A configuration:
add 50.50.50.51 50.50.50.53 esp 15701 -E aes-cbc "0123456789abcdef";
spdadd 10.10.10.20 10.10.10.21 any -P out ipsec
           esp/tunnel/50.50.50.51 50.50.50.53/require

I am able to decrypt received packets on machine B send by M/c A and send
encrypted packet to M/c A.
Issue:
1. Not able to find what are 16 bytes present after sequence no in ESP
header and before original IP header representing...

Decrypted  Packet on machine B is like below
Ethernet header  14 bytes
Outer Ip header   20 bytes
ESP header    SPI 4 bytes      Seq no 4 bytes
Some data         16 bytes       ???????
Original IP header  20 bytes
UDP header
Payload data
Padding
Pad lenght
Next Ip header

2. Packets send from machine B are encrypted and received as ESP packet on
machine A..
    Not sure if decryption is happening fine...Seems packets are dropped at
IP layer.. Is there way to confirm if packet are decrypted fine by kernel
IPSEC...
    Encrypted packet send by Machine B is having encrypted payload(of
original IP header plus data) after Sequence number of ESP header...
    Seems 16 bytes mentioned above play role for successful decryption at
machine A running Linux IPSEC
Any Inputs for same will be appreciated for same

Cheers
Mukesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120426/5db0e83c/attachment.html 

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2012-04-26 17:26 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-04-26 17:26 Reg: 16 unknown bytes in ESp packet(IPSEC) Mukesh Yadav

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).