Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 02 Dec 2008 10:32:06 +0800
From:      wang_jiabo <jiabwang@redhat.com>
To:        freebsd-net@freebsd.org
Subject:   [ipsec] aes-ctr question
Message-ID:  <49349E26.30002@redhat.com>
next in thread | raw e-mail | index | archive | help 
Hello, all:
following is my setkey configration. I can get SAD and SPD. but when I 
run " ping6 -I rl0 3ffe:501:ffff:103:20a:ebff:fe85:9e56 " on FreeBSD
FreeBSD report:  kernel: esp_aesctr_decrypt aes-ctr:payload length must 
be multiple of 16
                           kernel: decrypt fail in IPv6 ESP input : 
SA(SPI 8192 src=3ffe:0501:ffff:0103:020a:ebff:fe85:9e56  
dst=3ffe:0501:ffff:0104:021d:0fff:fe19:59fc)
but when I  use "ping6  -I rl0  -s 11(or 12 or 13 or 14)  
3ffe:501:ffff:103:20a:ebff:fe85:9e56"
that the ping pass. I read RFC, did not find the explain. could you give 
me a explain?
Thanks







flush;
spdflush;
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 
3ffe:501:ffff:104:21d:fff:fe19:59fc  esp 0x1000 -m tunnel -E aes-ctr 
"ipv6readylogoaes2to1" -A hmac-sha1 "ipv6readylogsha12to1";

 spdadd  3ffe:501:ffff:103:20a:ebff:fe85:9e56 
3ffe:501:ffff:104:21d:fff:fe19:59fc any -P in ipsec 
esp/tunnel/3ffe:501:ffff:103:20a:ebff:fe85:9e56-3ffe:501:ffff:104:21d:fff:fe19:59fc/require;

 add  3ffe:501:ffff:104:21d:fff:fe19:59fc 
3ffe:501:ffff:103:20a:ebff:fe85:9e56  esp 0x2000 -m tunnel -E aes-ctr 
"ipv6readylogoaes1to2" -A hmac-sha1 "ipv6readylogsha11to2";

 spdadd   3ffe:501:ffff:104:21d:fff:fe19:59fc 
3ffe:501:ffff:103:20a:ebff:fe85:9e56 any -P out  ipsec 
esp/tunnel/3ffe:501:ffff:104:21d:fff:fe19:59fc-3ffe:501:ffff:103:20a:ebff:fe85:9e56/require;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49349E26.30002>