* using 3des with ipsec transport mode
@ 2015-07-02 13:53 Sowmini Varadhan
0 siblings, 0 replies; only message in thread
From: Sowmini Varadhan @ 2015-07-02 13:53 UTC (permalink / raw)
To: linux-crypto
I was trying to follow the example for IPsec transport mode at
http://www.ipsec-howto.org/x304.html with a 4.1 kernel,
and I find that using 3des_cbc does not work - packets get dropped
at the receiver after decryption: e.g., for a ping, the decrypted
packet has a mangled icmp header, and is dropped for a bad checksum
in icmp_rcv.
Odd thing here is that the icmp payload was never mangled
on my watch, and esp_input does correctly figure out the ULP of
the payload after decrypt, so there is some pattern to this.
Using blowfish instead of 3des works on 4.1, so I suspect the bug
is specific to the encrypt/decrypt method.
FWIW I tried the 3des instructions from ipsec-howto.org with
2.6.39 kernels, and it still fails (but so did blowfish, so
something got better along the way).
Has anyone else noticed this behavior for 3des?
--Sowmini
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-07-02 13:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-02 13:53 using 3des with ipsec transport mode Sowmini Varadhan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).