Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 02 Dec 2008 10:21:07 +0800
From:      wang_jiabo <jiabwang@redhat.com>
To:        freebsd-net@freebsd.org
Subject:   [ipsec]could you help me explain where problem is for aes-ctr of ESP
Message-ID:  <49349B93.40208@redhat.com>
next in thread | raw e-mail | index | archive | help 
Hello, all:
following is my setkey configration. I can get SAD and SPD. but when I 
run " ping6 -I rl0 3ffe:501:ffff:103:20a:ebff:fe85:9e56 " on FreeBSD
FreeBSD report:  kernel: esp_aesctr_decrypt aes-ctr:payload length must 
be multiple of 16
                            kernel: decrypt fail in IPv6 ESP input : 
SA(SPI 8192 src=3ffe:0501:ffff:0103:020a:ebff:fe85:9e56  
dst=3ffe:0501:ffff:0104:021d:0fff:fe19:59fc)
but when I  use "ping6  -I rl0  -s 4(or 6 or 20)  
3ffe:501:ffff:103:20a:ebff:fe85:9e56"
that the report  disappear. I read RFC, did not find the explain. could 
you give me a explain?
Thanks



on RedHat (ipsec-tools 0.6.5)
#!/sbin/setkey -f
flush;
spdflush;
add 3ffe:501:ffff:104:21d:fff:fe19:59fc 
3ffe:501:ffff:103:20a:ebff:fe85:9e56 esp 0x1000 -m transport -E aes-ctr 
"ipv6readylogoaes2to1" -A hmac-sha1 "ipv6readylogsha12to1";
spdadd 3ffe:501:ffff:104:21d:fff:fe19:59fc 
3ffe:501:ffff:103:20a:ebff:fe85:9e56 any -P in ipsec 
esp/transport//require;
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56  
3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E aes-ctr 
"ipv6readylogoaes1to2" -A hmac-sha1 "ipv6readylogsha11to2";
spdadd 3ffe:501:ffff:103:20a:ebff:fe85:9e56  
3ffe:501:ffff:104:21d:fff:fe19:59fc any -P out ipsec 
esp/transport//require;
                     on FreeBSD6.3(ipsec-tools 0.7, using 0.6.6, problem 
keep still )
flush;
spdflush;
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 
3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E aes-ctr 
"ipv6readylogoaes1to2" -A hmac-sha1 "ipv6readylogsha11to2";
spdadd 3ffe:501:ffff:103:20a:ebff:fe85:9e56 
3ffe:501:ffff:104:21d:fff:fe19:59fc any -P in ipsec esp/transport//require;
add 3ffe:501:ffff:104:21d:fff:fe19:59fc 
3ffe:501:ffff:103:20a:ebff:fe85:9e56 esp 0x1000 -m transport -E aes-ctr 
"ipv6readylogoaes2to1" -A hmac-sha1 "ipv6readylogsha12to1";
spdadd 3ffe:501:ffff:104:21d:fff:fe19:59fc 
3ffe:501:ffff:103:20a:ebff:fe85:9e56 any -P out ipsec 
esp/transport//require;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49349B93.40208>