[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 02703) Re: problem with retransmit packet
Hi.
At 13:23 03/12/16 +0900, you wrote:
Hi,
Have this occurred another cipher algorithm (e.g., AES)?
Now I only tried to IPsec using 3DES-CBC-SHA1 cipher algorithm.
We'd like to know more additional information (.config, pfkey
settings...)
kernel (usagi stable 4.1)configuration is following..
-------------------------------------------------------------------------
Code maturity level options
[*] Prompt for development and/or incomplete code/drivers
Networking Optiions
[*] The IPv6 protocol
*I checked all option.
Cryptography Support
[*] Crypto API Support
*I checked all option.
-------------------------------------------------------------------------
pfkey setting is following..
-------------------------------------------------------------------------
pfkey -A sa -s 'Src Address' -d 'Dst Address' -T esp -S 0x600 -p any --auth
hmac-sha1 \
--authkey 0x54686973206973206120536563726574204b6579 --esp 3des-cbc
\
--espkey 0x54686973206973206120536563726574204b657920212121
pfkey -A sp -s 'Src Address' -d 'Dst Address' -T esp -S 0x600 -p any
pfkey -A sa -d 'Src Address' -s 'Dst Address' -T esp -S 0x601 -p any --auth
hmac-sha1 \
--authkey 0x54686973206973206120536563726574204b6579 --esp 3des-cbc
\
--espkey 0x54686973206973206120536563726574204b657920212121
pfkey -A sp -d 'Src Address' -s 'Dst Address' -T esp -S 0x601 -p any
-------------------------------------------------------------------------
I communicated between USAGI and another OS using IPsec.
My test is like this.
Another OS intentionally drop IPsec packet from USAGI, because I want USAGI
kernel
to send TCP retransmit packet.
And also Could you try to test another version of USAGI kit?
(e.g., "snap-shot-20030721"
or cvs tag name "bHISTORIC-IPSEC-MIP6-20030804" is the latest/fixed
USAGI 2.4 IPsec version.)
I tried to run "snap-shot-20030721 kernel", but Red Hat Linux freezed.
So I couldn't check above problem.
Please tell me how to make "snap-shot-20030721 kernel".
Regards,
-mk
At Sun, 14 Dec 2003 13:57:36 +0900,
Kazutaka Tachibana <Kazutaka.Tachibana@xxxxxxxxxxx> wrote:
>
> Hi.
>
> I'm facing problem with TCP retransmit packet has
> incorrcet cheksum when using IPsec( not Authenticate,
> only Cipher ).
>
> I expect Usagi Kernel encrypted plain text and made cipher
> text, then already plain text had disappeared.
> so, when sent retransmit TCP packet, encrypted cipher
> text. after all, encrypted two times.
>
> In fact、dumping packet appleyed IPsec( Using block cipher,
> for example 3DES-CBC), and compared first packet with
> retransmit packet, I found top of about 20byte(maybe TCP header,
> always kernel made)were the same with first packet,
> but except 20byte(maybe data)were not the same.
>
> This is Usagi's bug? or my mistake?
>
> I'm runnig usagi stable 4.1 on RedHat9.0.
>
=======================================================
ソニーLSIデザイン(株)
第一LSI設計部門 通信技術部 2課
立花一峰(Kazutaka.Tachibana@xxxxxxxxxxx)
TEL :9-259-3223 (外線 011-281-3223)
FAX :9-259-3993 (外線 011-281-3993)
=======================================================