From owner-freebsd-net@FreeBSD.ORG  Tue Dec  2 02:31:23 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D39571065670
	for <freebsd-net@freebsd.org>; Tue,  2 Dec 2008 02:31:23 +0000 (UTC)
	(envelope-from jiabwang@redhat.com)
Received: from mx2.redhat.com (mx2.redhat.com [66.187.237.31])
	by mx1.freebsd.org (Postfix) with ESMTP id C5BAD8FC12
	for <freebsd-net@freebsd.org>; Tue,  2 Dec 2008 02:31:23 +0000 (UTC)
	(envelope-from jiabwang@redhat.com)
Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26])
	by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id mB22VNP9018433
	for <freebsd-net@freebsd.org>; Mon, 1 Dec 2008 21:31:23 -0500
Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id mB22VMq7020215
	for <freebsd-net@freebsd.org>; Mon, 1 Dec 2008 21:31:22 -0500
Received: from [10.66.65.20] (dhcp-65-20.nay.redhat.com [10.66.65.20])
	by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id mB22VL1m011573
	for <freebsd-net@freebsd.org>; Mon, 1 Dec 2008 21:31:21 -0500
Message-ID: <49349E26.30002@redhat.com>
Date: Tue, 02 Dec 2008 10:32:06 +0800
From: wang_jiabo <jiabwang@redhat.com>
User-Agent: Thunderbird 2.0.0.14 (X11/20080515)
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26
Subject: [ipsec] aes-ctr question
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2008 02:31:23 -0000

Hello, all:
following is my setkey configration. I can get SAD and SPD. but when I 
run " ping6 -I rl0 3ffe:501:ffff:103:20a:ebff:fe85:9e56 " on FreeBSD
FreeBSD report:  kernel: esp_aesctr_decrypt aes-ctr:payload length must 
be multiple of 16
                           kernel: decrypt fail in IPv6 ESP input : 
SA(SPI 8192 src=3ffe:0501:ffff:0103:020a:ebff:fe85:9e56  
dst=3ffe:0501:ffff:0104:021d:0fff:fe19:59fc)
but when I  use "ping6  -I rl0  -s 11(or 12 or 13 or 14)  
3ffe:501:ffff:103:20a:ebff:fe85:9e56"
that the ping pass. I read RFC, did not find the explain. could you give 
me a explain?
Thanks







flush;
spdflush;
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 
3ffe:501:ffff:104:21d:fff:fe19:59fc  esp 0x1000 -m tunnel -E aes-ctr 
"ipv6readylogoaes2to1" -A hmac-sha1 "ipv6readylogsha12to1";

 spdadd  3ffe:501:ffff:103:20a:ebff:fe85:9e56 
3ffe:501:ffff:104:21d:fff:fe19:59fc any -P in ipsec 
esp/tunnel/3ffe:501:ffff:103:20a:ebff:fe85:9e56-3ffe:501:ffff:104:21d:fff:fe19:59fc/require;

 add  3ffe:501:ffff:104:21d:fff:fe19:59fc 
3ffe:501:ffff:103:20a:ebff:fe85:9e56  esp 0x2000 -m tunnel -E aes-ctr 
"ipv6readylogoaes1to2" -A hmac-sha1 "ipv6readylogsha11to2";

 spdadd   3ffe:501:ffff:104:21d:fff:fe19:59fc 
3ffe:501:ffff:103:20a:ebff:fe85:9e56 any -P out  ipsec 
esp/tunnel/3ffe:501:ffff:104:21d:fff:fe19:59fc-3ffe:501:ffff:103:20a:ebff:fe85:9e56/require;