[strongSwan] Reg: 16 unknown bytes in ESp packet(IPSEC)
write2mukesh84 at gmail.com
Thu Apr 26 19:29:34 CEST 2012
Not able to understand 16 byetes in ESP packet present after sequence
no and before Original IP header while doing tunnel mode Ipsec with
Details are as below.
I am trying to achieve Ipsec functionality using fast-path application
which will do encryption/decryption using some hardware(Cavium)
This application will by-pass the IP layer of kernel..
Keys for start-up are pre-shared.
Communication is done between two machine A and B.
On Machine A running i386 linux, SA/SP database are updated using
setkey utility and packets is encrypted/decrypted using kernel Ipsec.
On Machine B Cavium h/w, keys are pre-shared to application performing
M/c A configuration:
add 126.96.36.199 188.8.131.52 esp 15701 -E aes-cbc "0123456789abcdef";
spdadd 10.10.10.20 10.10.10.21 any -P out ipsec
I am able to decrypt received packets on machine B send by M/c A and
send encrypted packet to M/c A.
1. Not able to find what are 16 bytes present after sequence no in ESP
header and before original IP header representing...
Decrypted Packet on machine B is like below
Ethernet header 14 bytes
Outer Ip header 20 bytes
ESP header SPI 4 bytes Seq no 4 bytes
Some data 16 bytes ???????
Original IP header 20 bytes
Next Ip header
2. Packets send from machine B are encrypted and received as ESP
packet on machine A..
Not sure if decryption is happening fine...Seems packets are
dropped at IP layer.. Is there way to confirm if packet are decrypted
fine by kernel IPSEC...
Encrypted packet send by Machine B is having encrypted payload(of
original IP header plus data) after Sequence number of ESP header...
Seems 16 bytes mentioned above play role for successful decryption
at machine A running Linux IPSEC
Any Inputs for same will be appreciated for same
More information about the Users